The New York Department of Financial Services (“DFS”) has recently issued guidance regarding the steps that regulated entities should take to prepare for an increased threat of cybersecurity attacks. The key highlights are as follows:
- Regulated entities should review their cybersecurity programs to ensure full compliance with the Department’s cybersecurity regulation (23 NYCRR Part 500).
- Regulated entities must report cybersecurity events that meet the criteria of 23 NYCRR § 500.17(a) as promptly as possible, and within 72 hours in any event, via the secure Department Portal, which can be accessed from the Cybersecurity Resource Center.
- U.S. persons (including, without limitation, banking organizations, virtual currency businesses, insurers and other financial institutions, as well as insurance producers and third-party administrators) are prohibited from engaging in any financial transactions with persons on the Specially Designated Nationals (“SDN”) List, unless the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”) has authorized otherwise, through licenses listed on the OFAC website, or by obtaining a separate license for a particular transaction.
- All orders and guidance on sanctions, including financial entities on the SDN List, are accessible on the U.S. Treasury Department’s website.
For any questions related to the above referenced guidance in New York, please contact Westmont Associates!