New York Cybersecurity Requirements for Financial Services Companies (NY-CRFSC)
LAST REVISED: May 2019
The New York Cybersecurity Requirements for Financial Services Companies (NY-CRFSC) is a regulation promulgated by the New York Department of Financial Services (NY-DFS) after monitoring “the ever-growing threat posed to information and financial systems by nation-states, terrorist organizations and independent criminal actors” to establish certain regulatory minimum standards on cybersecurity. It was designed to promote the protection of customer information as well as the information technology systems of regulated entities.
See, 23 CRN-NY 500.0
Effective Day. NY-CRFSC went into force on Marcy 2017. Full compliance is expected for financial institutions covered. Consumer reporting agencies must come into compliance between November 1, 2018 and December 31, 2019 depending on the particular provisions of the regulations. See, 23 CRN-NY 500.21 and 23 CRR-NY 201.7
Who is regulated by NY-CRFSC (Territorial Scope)?
Certain financial institutions operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law is a…
