Dear Members,

Please note the following FINAL Draft on the amended Part 500 Cybersecurity Regulation for Mortgage Brokers released today by the NYSDFS.

Please save the date of December 12, 2023, 1:00pm- 2:00pm as NYAMB will be hosting a Live Webinar with Deputy Superintendent Rholda Ricketts and members of the DFS Cybersecurity Team where they will review ALL of the changes specific to mortgage brokers.

Registration for this event will be open soon at our website www.nyamb.org. Please watch for email announcement as well.

Released Date: November 1, 2023

To: All Entities Regulated by the New York State Department of Financial Services

Re: Notice on Amended Part 500 Cybersecurity Regulation

Today, the New York State Department of Financial Services (“Department” or “DFS”) adopted amendments to its Cybersecurity Regulation, 23 NYCRR Part 500. The amended regulation incorporates current best practices to better protect businesses and consumers from emerging cyber threats and further tailors the requirements based on businesses’ risks and resources.

DFS is committed to providing its regulated entities with time and assistance to help them successfully come into compliance with these rules to ensure they are better protected from cyber threats.

To enable businesses to prepare for compliance, the new requirements will take effect in phases. Initial updates to existing reporting requirements will go into effect on December 1, 2023, but changes to required policies and procedures will not begin to take effect until April 2024 and rolling thereafter.

Among the changes in the amended regulation are requirements for regulated entities to report cyber ransom payments, implement multifactor authentication technology to better safeguard sensitive data, and enhance cyber governance by adopting new policies and specifying responsibilities for boards and executive management to oversee and manage cyber programs specifically tailored to the risk profile of regulated entities.

In furtherance of the Department’s commitment to ensuring entities understand the new practices outlined in the amended regulation, DFS will host a series of webinars to provide an overview of the amended regulation. Each training session has limited availability, so attendees are encouraged to register in advance.

Webinar information and registration links are available on the Department’s website. A recorded session will be added to this webpage following the scheduled webinars.

Regulatory changes and an implementation timeline can be found on the Department’s Cybersecurity Resource Center. The Department will also send out regular email updates ahead of each of the implementation dates. 

For questions related to the amended regulation, please contact DFS’s Cybersecurity team via email at [email protected].

Connect with us so you never miss an update!! www.nyamb.org
#nyamb #nymortgagebrokers #nywholesalemortgage #nyambevents #nyambpartners
Facebook  Linkedin  Twitter  Instagram  Youtube  

"Together we can be greater than any one of us alone"