Ask Reggi Your Question Now
Can you summarize 23 NYCRR 500.17?
Cybersecurity Requirements for Financial Services Companies > Notices to superintendent.
Short Summary
This legal document, part of the New York Codes, Rules and Regulations, specifically the Regulations of the Superintendent of Financial Services, establishes cybersecurity requirements for financial services companies. It mandates that covered entities must notify the superintendent within 72 hours of determining a cybersecurity event that either impacts the covered entity and requires notice to a government body, self-regulatory agency, or supervisory body, or has a reasonable likelihood of materially harming any material part of the covered entity’s normal operations. Additionally, covered entities must submit an annual written statement to the superintendent by April 15th, certifying compliance with the requirements. Records supporting this certificate must be maintained for five years and made available for inspection by the superintendent. The document also emphasizes the need for covered entities to document areas, systems, or processes that require improvement and the remedial efforts planned or underway to address them. The specific penalties for non-compliance or violation of the requirements are not specified in this document.
Whom does it apply to?
Covered entities
What does it govern?
Cybersecurity Requirements for Financial Services Companies
What are exemptions?
No exemptions are mentioned.
What are the Penalties?
Not specified.
Jurisdiction
New York