Skip to main content

Legal Update

Cybersecurity: NY Adopts Final Regulations for Banks, Insurance Businesses and Other Financial Services Institutions

21 March 2017
Mayer Brown Legal Update
On February 16, 2017, the New York State Department of Financial Services (“NYDFS”) finalized regulations that mandate cybersecurity standards for all institutions authorized by NYDFS to operate in New York, including many banks, insurance entities and insurance professionals doing business in New York. The final regulations, titled “Cybersecurity Requirements for Financial Services Companies,” implement a significantly revised version of the NYDFS’s September 13, 2016, proposal and became effective on March 1, 2017, with a phase-in period. In addition, the NYDFS issued frequently asked questions with corresponding answers on March 13, 2017 (the “FAQs”). This Legal Update (i) describes the relevant definitions and institutions affected by the final regulations, (ii) explains their substantive requirements and notes important points clarified in the FAQs and (iii) highlights some of the takeaways for the financial services industry.


  • Rajesh De
    T +1 202 263 3366
  • Jeffrey P. Taft
    T +1 202 263 3293
  • David A. Simon
    T +1 202 263 3388
  • Lawrence R. Hamilton
    T +1 312 701 7055
  • Steven M. Kaplan
    T +1 202 263 3005
  • Thomas J. Delaney
    T +1 202 263 3216
  • Stephen Lilley
    T +1 202 263 3865
  • David L. Beam
    T +1 202 263 3375
  • David A. Tallman
    T +1 713 238 2696
  • Matthew Bisanz
    T +1 202 263 3434
The Build a Report feature requires the use of cookies to function properly. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently. If you do not accept cookies, this function will not work. For more information please see our Privacy Policy

You have no pages selected. Please select pages to email then resubmit.