In 2017, the State of New York’s Department of Financial Services (“DFS”) adopted new requirements for financial services companies (“Covered Entities”) to create and maintain robust cybersecurity policies and programs in a continuing effort to thwart cybercrimes and large scale cyber-attacks, address system vulnerabilities, and mitigate the effects of events that could compromise the security of personally identifiable information of clients.
Author: Adam Stutz, Compliance Consultant; Editor: Tina Mitchell, Lead Sr. Compliance Consultant Core Compliance & Legal Services (“CCLS”). CCLS works extensively with investment advisers, broker-dealers, investment companies, hedge funds, private equity firms and banks on regulatory compliance issues.
This article is for information purposes and does not contain or convey legal or tax advice. The information herein should not be relied upon in regard to any particular facts or circumstances without first consulting with a lawyer and/or tax professional.
 The DFS defines a “Covered Entity” to mean: “any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law.”
 23 NYCRR Part 500. See http://www.dfs.ny.gov/legal/regulations/adoptions/dfsrf500txt.pdf