We have been informed by the Department of Financial Services that exemptions filed in 2017 and 2018 have expired. Any DFS regulated entity or licensed person that is currently entitled to an exemption must file an Initial Notice of Exemption prior to the February 15, 2019 due date for the annual Certification of Compliance. This is due to an upgrade with their systems, and it is anticipated that you will not have to re-file for the exemption in future years.
The Department is planning to send notice to all licensees who have currently filed for any exemption under the cybersecurity regulation advising them of the need to re-file.
DFS has made many changes to the online portal based on feedback and problems they experienced last year and they've created a new resource center to help licensees make the filing. The notice will provide information on how to make the filing. We will also share the new filing instructions when they are available.
DFS is also changing the portal so that there will be an option for initial filing, amendment, and termination. Originally licensees could file the limited exemption, but couldn't amend it. If a change was warranted they'd have to file a new exemption. The hope is that this new approach will eliminate the need to do a limited exemption filing each year.
Another change the DFS made was on how information is input. They changed the system so the first entry point is the producer license #. They are trying to avoid manual entry of producer name which resulted in a lot of mismatches last year. They are also collecting some additional information to ensure matches.
The DFS also improved the receipt for filing. It provides much more information and will enable each particular licensee to identify their particular receipt.
Be sure to carefully check your mail around the new year for the notice. For more information, see the DFS Cybersecurity webpage.