Better Late Than Never — Time to Get Those Cybersecurity Certifications of Compliance into NYDFS

If you are an individual or company regulated by the New York State Department of Financial Services (NYDFS), you may have received an email from NYDFS reminding you to submit your Certification of Compliance as soon as possible. New York’s relatively new cybersecurity regulation, 23 NYCRR 500 (the Regulation), requires all people and companies covered by the Regulation (Covered Entities) to file an annual statement by February 15 certifying that the entity was compliant (Certification of Compliance) with the Regulation as of December 31 of …

Continue Reading

New York Issues Final Cybersecurity Regulation

On February 13, 2017, the New York Department of Financial Services (NYDFS) adopted the final version of its first-of-its-kind cybersecurity regulation, “Cybersecurity Requirements For Financial Services Companies” (23 NYCRR 500). This regulation took effect on March 1, 2017. The final regulation reflects several of the comments offered during the final comment period that concluded on January 27, 2017. For a prior list of significant changes from the initial version to the second version, please see our blog post located here.

Most of …

Continue Reading

President Trump Takes Aim at Affordable Care Act; New York Governor Responds

Within hours of taking the Presidential oath of office, President Donald J. Trump issued his first executive order and it was directed at the Patient Protection and Affordable Care Act (ACA). The executive order formalized the Trump Administration’s policy to “seek the prompt repeal of the [“ACA”].” President Trump then directed executive department heads to “waive, defer, grant exemptions from, or delay the implementation of any provision or requirement” of the [ACA] that would impose a fiscal or regulatory burden on those affected in any …

Continue Reading

NYDFS Issues Updated Cybersecurity Regulation

The New York Department of Financial Services (NYDFS) recently issued an updated version of its proposed cybersecurity regulation, “Cybersecurity Requirements For Financial Services Companies” (23 NYCRR 500). The updated proposed regulation reflects several of the comments offered during the initial public notice and comment period that concluded on November 14, 2016. Some of the most noteworthy changes in the revision are as follows:

  • Section 500.04 — NYDFS clarified that while a Covered Entity must designate a qualified individual to perform the responsibilities
Continue Reading

Comments on NYSDFS Cybersecurity Regulation Begin Pouring In

On September 28, 2016, the New York State Department of Financial Services (DFS) released for comment a proposed new regulation entitled Cybersecurity Requirements for Financial Services Companies (23 N.Y.C.R.R. Part 500). Various industry groups have offered comments and expressed concerns about some of its requirements. These concerns include the costs of compliance and the scope of entities regulated by the proposed rule. Among the organizations offering comments are the Excess Lines Association of New York (ELANY) and the American Association of Managing General Agents (AAMGA).…

Continue Reading

NYDFS Issues Circular Letters Pertaining to Coverage for Women’s Health Issues

In the last four months, the New York State Department of Financial Services (NYDFS) has issued three letters relating to coverage issues associated with women’s health. First, on April 25, 2016, NYDFS issued Insurance Circular Letter No. 1 (2016) to remind insurers that federal law “requires group health plans and issuers offering group or individual health insurance coverage to provide, with no copayment, coinsurance or deductible, preventive services that have a rating of ‘A’ or ‘B’ in the current recommendations of the United States Preventive …

Continue Reading

New York Governor Andrew Cuomo Nominates New DFS Superintendent

Governor Andrew Cuomo has nominated Maria T. Vullo as the new Superintendent of the Department of Financial Services. If confirmed by the New York State Senate, she would replace Benjamin Lawsky who resigned as Superintendent in June 2015.

Ms. Vullo, an experienced litigator, is currently of counsel at Paul Weiss in its New York City office. She has over 25 years of litigation experience at the trial and appellate levels including at the United States Supreme Court and in U.S. Circuit Courts of Appeal around …

Continue Reading

NYDFS Has New Acting Superintendent

New York State Governor Andrew Cuomo recently named Shirin Emami as Acting Superintendent of the New York Department of Financial Services (NYDFS). She is the second acting superintendent since the resignation of Benjamin Lawsky, who left NYDFS in June 2015 for a private-sector position specializing in cyber security research and consulting. Ms. Emami replaces Anthony Albanese, who also left for the private sector.

Prior to her appointment, Ms. Emami served as both the Executive Deputy Superintendent and the General Counsel of the NYDFS Banking Division. …

Continue Reading

NYDFS Notifies Federal Regulators of New Potential Cyber Security Regulations

On November 9, 2015, the New York State Department of Financial Services (NYDFS) sent a memorandum entitled Potential New NYDFS Cyber Security Regulation Requirements to several federal and state financial services regulators, including banking, securities and insurance regulatory, administrative and supervisory  bodies.

These potential regulations are based on results of two sets of surveys of financial entities about their “cyber security programs, costs and future plans.” NYDFS surveyed 150 banks and 43 insurance companies. The results of the May 2014 banking industry survey are here

Continue Reading

NY Unfair Claims Settlement Practices Bill Dies With Close of Legislative Session

The 2015 Legislative Session in New York came to a close in the wee hours of June 26. Among the bills introduced this session was S-4049/A-0257 amending the New York Insurance Law with respect to unfair claims settlement practices. Specifically, the bill, if enacted, would have established “a civil private cause of action by a policyholder who has suffered unfair claim settlement practices by an insurer.” Current law allows policy holders with these grievances against their insurers to file a complaint with the …

Continue Reading