The New York State Department of Financial Services’ (“NYS-DFS”) New York State Law 23 NYCRR 500 Cybersecurity Requirements for Financial Services Companies (“23 NYCRR 500”) went into effect on March 1, 2017. 23 NYCRR 500 requires that firms meeting the regulation’s definition of “Covered Entity” have certain cybersecurity measures in place by the stipulated compliance dates. Among other requirements, firms will be required to self-certify their compliance with 23 NYCRR 500. The two-year transitional period ended on March 1, 2019.
