CONTRIBUTOR

ARTICLE

United States: You Just Received A "Failure To File Certification Of Compliance" From the Department Of Finance, What Do You Do?

09 March 2018

by Steven S. Rubin and Stephen Breidenbach

Moritt, Hock & Hamroff LLP

Your LinkedIn Connections
with the authors

To print this article, all you need is to be registered or login on Mondaq.com.

By February 15, 2018, all Covered Entities, as explained below, were required to submit a signed written statement ("Notice") to the Superintendent of Financial Services (the "Superintendent"), certifying that they were in compliance with the Cybersecurity Requirements for Financial Services Companies ("Regulations") for the prior calendar year. In March 2018, we are now starting to see the Superintendent looking to enforce the Regulations by contacting Covered Entities who did not timely submit their Notices.

As of March 1, 2017, the New York State Department of Finance's ("DFS") new Regulations apply to all entities authorized to operate under the New York Banking Law, Financial Services Law, or Insurance Law ("Covered Entities"). The Regulations require stringent procedures to protect sensitive data. As of August 28, 2017, most Covered Entities were required to:

Begin maintaining a cybersecurity program;
Implement and maintain a written cybersecurity policy;
Designate a Chief Information Security Officer ("CISO") and appropriately staff cybersecurity personnel; and
Establish a written incident response plan.

Further, as of March 1, 2018, many Covered Entities were further required to: " Have the Covered Entity's CISO issue an internal report related to the Covered Entity's cybersecurity program and material cybersecurity risks;

Implement continuous monitoring or periodic penetration testing and vulnerability assessments; and
Provide cybersecurity awareness training for all personnel.

If you were contacted by the Superintendent for failing to file a Certification of Compliance, you need to assess your requirements under the Regulations and file the required documentation. Please note, certain partial exemptions may apply to you. Qualified counsel should be consulted as filing (or not filing) documentation could have adverse legal implications.

If you are unsure as to why you were contacted by DFS, you may want to check your registrations under DFS's portal:

https://myportal.dfs.ny.gov/nylinxext/elsearch.alis

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

AUTHOR(S)

Steven S. Rubin

Moritt, Hock & Hamroff LLP

Stephen Breidenbach

Moritt, Hock & Hamroff LLP

ARTICLE TAGS

United States Corporate/Commercial Law Compliance Finance and Banking Financial Services Technology Security

POPULAR ARTICLES ON: Technology from United States

RELATED CONTENT

FREE News Alerts

Sign Up for our free News Alerts - All the latest articles on your chosen topics condensed into a free bi-weekly email.

Article Tags

United States Corporate/Commercial Law Compliance Finance and Banking Financial Services

More Tags

Similar Articles

Powered by mondaq AI

MATCH

45%

Compliance With Initial New York DFS Cybersecurity Rules Now Mandatory Cadwalader, Wickersham & Taft LLP

43%

NYDFS Issues New Cybersecurity Reporting Guidance Arnold & Porter

43%

Enforcement Of The NYDFS Cybersecurity Regulation Coming In The Near Future Squire Patton Boggs LLP

42%

New York Department Of Financial Services Issues Additional Cybersecurity FAQs Arnold & Porter

42%

New York State Cybersecurity Regulations: First Milestone In Sight, What Is Next On The Horizon? Shearman & Sterling LLP

Related Articles

Coinbase Effort To Dismiss SEC Suit Falls Short Duane Morris LLP

Coinbase's Defense Falters: Latest Developments In SEC Legal Battle Duane Morris LLP

Guidance On Addressing Compliance Challenges With The Newly Effective E.U. Digital Services Act Steptoe LLP

CIRCIA: Cyber Incident Reporting For Practically Everyone? Venable LLP

White House Issues Key Artificial Intelligence Actions Following Executive Order McDonald Hopkins

Mondaq Webinars

APR24

Mastering Mediation & Arbitration: Strategies for Navigating the Rising Tide of Privacy Class Action Lawsuits

APR25

Canadian Employment Law: Updates and Emerging Trends in Employment

McCarthy Tétrault LLP

Comparative Guides

Anti-Corruption & Bribery

Artificial Intelligence

Aviation Finance

Aviation Regulation

Banking Regulation

Mondaq Advice Centres

United States

Advertising and Marketing

United States

Telemarketing

United States

COVID-19

Global

Trademarks in SAARC Countries

United States

International Trade Law & Customs

Curated Content

Evolving Legal Norms For Artificial Intelligence In The European Union And The United States
Braumiller Law Group, PLLC

The Use Of AI In ADR: Balancing Potential And Pitfalls
JAMS

Assessing The Benefits And Challenges Of Tokenizing Real World Assets
Braumiller Law Group, PLLC

Knowing What's Ahead: Dispute Resolution Planning For Startups In The New Age Of Generative AI
JAMS

Can The U.S. Mitigate Digital Assets Fraud While Fostering Innovation?
Braumiller Law Group, PLLC

Upcoming Events

MAY09

Banking Cryptocurrency Companies After Crypto Winter

Crowell & Moring LLP

Panel New York United States

MAY16

ALI-CLE: Accountants' Liability 2024

Arnold & Porter

Conference Washington, DC United States

More filters

Mondaq Social Media

© Mondaq® Ltd 1994 - 2024. All Rights Reserved.

Please to Mondaq or for unlimited free access and a complimentary news alert

|

|

|

|