1-Hour Program

See Credit Details Below

Overview

In March 2017, the New York State Department of Financial Services (NYDFS) issued its nation-leading cybersecurity regulation, 23 NYCRR 500 (Part 500), applicable to NYDFS regulated entities, including state-chartered banks and licensed insurance companies, non-depository firms, agents and brokers. On the heels of its issuance, with NYDFS’s strong advocacy, the National Association of Insurance Commissioners (NAIC) strengthened and approved its Model Cybersecurity Law, providing a uniform national standard for the insurance industry based on NYDFS Part 500. NYDFS also incorporated cybersecurity requirements into its regular examination procedures, furthering the goal of protecting New York’s vast financial services industry, and has reached agreements with a number of regulated companies in public consent orders containing civil monetary penalty and remediation provisions.

More than six years after its issuance, in November 2023, NYDFS issued amendments to Part 500, which include, among other things, additional cybersecurity program, governance and reporting requirements. According to NYDFS, the amendments are based on information gathered during investigations as well as technological advances. The finalized amendments followed shortly after the Federal Trade Commission amended its Safeguards Rule under the Gramm-Leach-Bliley Act, applicable to non-bank companies.

In this program, former NYDFS superintendent Maria T. Vullo, the author of the original Part 500, will provide insights into the Part 500 amendments, relevant cybersecurity enforcement actions, and best practices for compliance with the amendments.

Faculty will discuss:

  • The material changes to Part 500 set forth in the recent Amendments, with insights into probable reasons based on NYDFS responses to comments [25 minutes]
  • Analysis of the Amendments in light of NYDFS enforcement actions, the FTC’s recently amended Safeguards Rule, and other recent regulatory activities [20 minutes]
  • Best practices for compliance with the Part 500 Amendments [15 minutes]

 

 

Who Should Attend: In-house counsel, outside attorneys, consultants, banking, insurance, Fintech, Insurtech, cryptocurrency, compliance, technology and other allied professionals interested in learning more about the recent NYDFS Part 500 Amendments

Program Level: Update

Prerequisites: None

Advanced Preparation: None


Faculty:

Maria T. Vullo, Esq.

Vullo Advisory Services, PLLC

Topics
Banking and finance Information technology (Financial services) Cybersecurity and data protection Regulation and compliance (Cybersecurity and data protection) Regulation and compliance (Insurance)
Industries
Cybersecurity, Privacy, and Data Protection Insurance Technology Banking and Financial Services

Credit Details