The 23 NYCRR 500 is a set of regulation regulated by the NYDFS that places new cyber security requirements on all covered financial organizations. The guidelines were introduced on 16th February, 2017 after 2 rounds of feedback from industry & the public. These rules recognize the ever-increasing risk prompted to financial systems by cyber criminals, and are implemented to make sure businesses efficiently safeguard their clients’ confidential information and data from cyber threats. This encompasses doing frequent security risk appraisals, keeping audit trails of asset use, offering protective infrastructures, sustaining procedures and policies for cyber security, and making an incident response plan.

Who needs to comply with 23 NYCRR Part 500?

The 23 NYCRR 500 regulations apply to any registered firm offering financial services.

• State-chartered banks

• Licensed lenders

• Private bankers

• Foreign banks licensed to operate in NY

• Mortgage firms

• Insurance firms

• Service providers

However, entities that appoint less than ten personnel, produced less than five million dollars in gross annual revenue in each of the previous 3 years, or hold less than 10 million dollars in a year-end total asset are not needed to abide by the certain requirements of the regulation.

Charitable & foreign risk groups working in NY automatically obtain exclusion. However, the list of exclusion is quite short, and the majority of financial organizations in NY have to be in alignment with the requirements of 23 NYCRR 500.
 
What are the penalties for 23 NYCRR 500 non-compliance?
NY Banking law authorizes up to $2,500 per day during which an infringement persists, $15,000 per day in the case of any irresponsible practice, $75,000 per day in the event of an intentional and intractable violation.

If you are yet to be in Compliance with 23 NYCRR Part 500, feel free to get in touch with CompCiti. CompCti’s compliant experts will help you make sure you’re compliant by implementing a more productive, long-term cyber security protocol in the process. CompCiti can act as your Chief Information Security Officer (CISO) to take care of all the details to make sure 23 NYCRR Part 500 compliance. CompCiti also offer customers with CISA-certified IT auditing services to help them find out any cyber security concerns spotted during the audit. Get in touch with CompCiti now for a complimentary assessment and let the experts explain what do you require to meet the full DFS compliance and how they can assist you throughout the process.

Disclaimer:
This content is created and provided by a third-party online content writer on behalfof CompCiti, and is for commercial purposes only. CompCiti does not take anyresponsibility on the accuracy of this article.

Source: https://23nycrrpart500.wordpress.com/2020/06/20/are-you-yet-to-be-in-compliance-with-23-nycrr-part-500/