New York revises, delays new cyber rules after industry complaints

29 Dec, 2016 12:05 am

NEW YORK – New York’s financial regulator said on Wednesday it was revising proposed cyber security rules for banks and insurers doing business in the state to incorporate industry feedback, delaying implementation by two months to March 1.

The rules from the New York State Department of Financial Services are being closely watched by financial services firms around the United States because they would be the first of their kind imposed by any state or federal agency.

At a hearing last week before New York state lawmakers, banking and insurance industry representatives complained that the new rules did not distinguish between small and large financial institutions and might conflict with future US government regulations.

 The New York regulator has also received more than 150 comment letters from banks, insurers and others in response to its proposed cyber security plan.


The agency said in a statement that it had carefully considered incorporating some of the suggestions into the proposed regulations, which will be finalized following another 30-day review by the industry and public.

“New Yorkers must be confident that the banks, insurance companies and the other financial institutions that they rely on are securely handling and establishing necessary protocols that ensure the security and privacy of their sensitive personal information,” Financial Services Superintendent Maria Vullo said in the statement.

“This updated proposal allows an appropriate period of time for regulated entities to review the rule before it becomes final and make certain that their systems can effectively and efficiently meet the risks associated with cyber threats,” she said.

Reuters last week first reported on the agency’s plan to delay the regulations. –Reuters

Must Watch