"What Covered Financial Entities Need to Know About New York’s New Cybersecurity Regulations"

Below is an excerpt:

The New York State Department of Financial Services (NYDFS) announced final cybersecurity regulations (the Regulations), which recently took effect on March 1, 2017. Originally proposed on September 28, 2016, and slated to go into effect at the start of this year, the scope of the Regulations was narrowed to a degree after the NYDFS received numerous industry comments.

In response to a spate of recent data breaches at financial institutions and other hacking events at large corporations, the regulations will apply to financial institutions, insurance companies, and other financial services firms (Covered Entities) licensed by the State of New York (which includes state-chartered banks and foreign banks operating in the state) but not federally chartered institutions.