Guest | Contact Us | Print Page | Sign In
News Blog
Blog Home All Blogs
Search all posts for:   

 

View all (352) posts »
 

Correction to DFS Cyber FAQ
Posted By Robert Treuber, Monday, March 5, 2018
Updated: Monday, March 5, 2018

The DFS has updated the instructions regarding the cybersecurity notices.

 

The instructions for replying to a notice have been revised.

Key Questions About the Recent Cyber Regulation Notice

Why did I receive this notice?

All regulated entities and licensed persons of the Department of Financial Services (DFS) were required to file a cybersecurity regulation Certification of Compliance under 23 NYCRR 500 by February 15, 2018.  Our records indicate that to date you have not made such filings under the regulation. Please be aware that if you hold more than one license, then you need to file a separate Certification of Compliance for each license you hold.

 

What if I am late with my filing?

All Covered Entities that have failed to submit the Certification and that are in compliance with the regulation should do so via the DFS cybersecurity portal as soon as possible.  The DFS Certification of Compliance is a critical governance pillar for the cybersecurity program of DFS regulated entities, and DFS takes compliance with the regulation seriously.  The Department will consider a failure to submit a Certification of Compliance as an indicator that the cybersecurity program of the Covered Entity has a substantive deficiency.

 

What if I filed for an exemption from the cybersecurity regulations?

People who received the reminder are required to file the Certificate of Compliance even if you filed for an exemption under 23 NYCRR Part 500.19. These exemptions have been tailored to address particular circumstances and include requirements that the Department believes are necessary for exempted entities. Covered Entities are required to file a Certificate of Compliance to confirm that they are in compliance with those provisions of the regulation that apply to the Covered Entity.

 

I have a receipt showing I filed already?

Please look at the receipt.  If the receipt number you received begins with an “E” then it is a receipt for filing a Notice of Exemption and not a receipt for filing the required Certificate of Compliance.  Your exemption does not excuse the filing noticed below.  The Certification of Compliance is to cover the period as of December 31, 2017 for all requirements of the cybersecurity regulation in force by that date.  If the receipt number starts with a “C” email cyberregcomments@dfs.ny.gov with your name, license number and the receipt number from your cybersecurity Certificate of Compliance filing.

 

When will I receive a reply to my email?

DFS will reply to emails received in the above email box within 30 days.

 

Does this apply to me?

Section 500.01 (c) defines a Covered Entity for purposes of the Regulation as “any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law.”  You will need to determine the applicability of the regulation to your particular circumstances.

 

How do a file a Certification of Compliance?

Certifications of Compliance should be filed electronically via the DFS Web Portal https://myportal.dfs.ny.gov/web/cybersecurity/. Please click the big orange box on the right hand corner that says “Cybersecurity Filing”. The Covered Entity will first be prompted to create an account and log in to the DFS Web Portal, then directed to the filing interface. Filings made through the DFS Web Portal are preferred to alternative filing mechanisms because the DFS Web Portal provides a secure reporting tool to facilitate compliance with the filing requirements of 23 NYCRR Part 500.

 

Dates under New York's Cybersecurity Regulation (23 NYCRR Part 500)

  • March 1, 2017 - 23 NYCRR Part 500 becomes effective.
  • August 28, 2017 - 180 day transitional period ends. Covered Entities are required to be in compliance with requirements of 23 NYCRR Part 500 unless otherwise specified.
  • September 27, 2017 – Initial 30 day period for filing Notices of Exemption under 23 NYCRR 500.19(e) ends. Covered Entities that have determined that they qualify for a limited exemption under 23 NYCRR 500.19(a)-(d) as of August 28, 2017 are required to file a Notice of Exemption on or prior to this date.
  • February 15, 2018 - Covered Entities are required to submit the first certification under 23 NYCRR 500.17(b) on or prior to this date.
  • March 1, 2018 - One year transitional period ends. Covered Entities are required to be in compliance with the requirements of sections 500.04(b), 500.05, 500.09, 500.12 and 500.14(b) of 23 NYCRR Part 500.
  • September 3, 2018 - Eighteen month transitional period ends. Covered Entities are required to be in compliance with the requirements of sections 500.06, 500.08, 500.13, 500.14(a) and 500.15 of 23 NYCRR Part 500.
  • March 1, 2019 - Two year transitional period ends. Covered Entities are required to be in compliance with the requirements of 23 NYCRR 500.11.

Tags:  cybersecurity  DFS  Regulations 

Permalink | Comments (0)
 
Contact Us

120 Broadway, Suite 945
New York, NY 10271

212. 964. 3701

info@nyslta.org

Quick Links
Our Mission

The New York State Land Title Association, Inc. advances the common interests of all those engaged in the business of abstracting, examining, insuring titles, and otherwise facilitating real estate transactions. The Association promotes the business and general welfare of its Members and protects real property title holders’ ownership rights.