New York State Department of Financial Services (NYDFS)

The New York State Department of Financial Services (NYDFS) plays a critical role in regulating and supervising financial institutions operating within the state of New York. Established in 2011 through the merger of the New York State Banking Department and the New York State Insurance Department, NYDFS modernized regulation by consolidating oversight functions and increasing efficiency. The history of the NYDFS reflects the state’s commitment to addressing evolving risks in the financial sector, particularly around consumer protection and systemic risk management.

The primary purpose of NYDFS is to safeguard the financial services industry in New York, ensuring that financial institutions operate in a sound and responsible manner, while protecting consumers from fraudulent practices and encouraging economic growth. In 2017, NYDFS introduced the Cybersecurity Regulation (23 NYCRR Part 500), a pioneering framework designed to bolster the resilience of financial services against cyber threats. It was later amended in 2023 to address more current cyberthreats. The regulation mandates that institutions implement risk-based cybersecurity programs, conduct periodic risk assessments, and report cybersecurity events, among other requirements. It underscores NYDFS’s proactive approach to addressing the rapidly growing threat landscape in finance.

The regulation applies to covered entities, which include a broad range of financial services companies licensed or registered by NYDFS. These include banks, insurance companies, mortgage brokers, and other regulated entities. Covered entities are required to assess their specific risks and tailor their cybersecurity programs accordingly, including adopting policies for data governance, access controls, and incident response. Some smaller organizations may qualify for limited exemptions, but they are still subject to key components of the regulation, such as breach reporting.