AFSA Takes Upclose Look at NYDFS Cybersecurity Regs

Today, AFSA’s State Government Affairs department released its September white paper on state cybersecurity regulations. Although the oversight of data security at a vast majority of financial institutions has typically been the responsibility of various federal agencies, recent activity in the states has marked an increase in state cybersecurity rules, starting with last year’s New York Department of Financial Services (NYDFS) cybersecurity proposal.

AFSA’s white paper outlines the timeline of the NYDFS cybersecurity regulations—including AFSA’s comment letters raising concerns with the proposal—the requirements in the final regulation, and the challenge financial institutions face complying with the new rules. The white paper also provides details on recent efforts in Colorado and Vermont to impose cybersecurity requirements on investment advisers and dealer-brokers; Connecticut’s cybersecurity strategy released in July 2017; and the National Governors Association (NGA) compact signed by 38 states to enhance state cybersecurity efforts. AFSA is committed to continuing to monitor this issue closely and will provide updates to members on proposed cybersecurity programs in new states and changes to existing requirements.

AFSA’s State Government Affairs team publishes white papers monthly, and members can find previous papers on AFSA’s website under the SGA Resources section.