Now that the calendar has turned the page and left 2021 in the rearview mirror, the window is open for business entities regulated by the New York State Department of Financial Services to submit the annual certification of compliance with the
cybersecurity regulation. The requirements have not changed (other than a later deadline) since the regulation first took effect in 2017, but here's a reminder of what does and does not have to be done:
- Business entities (agencies, brokerages, insurers, banks, credit unions, etc.) must visit the
DFS cybersecurity portal and submit the certification on or before
April 15, 2022. DFS pushed that deadline back 45 days in
2020 because of the pandemic, but it reverted back to April 15 last year and remains that date.
- If you don't remember how to submit the certification, refer to these:
- The regulation does not require licensed employees of an agency or brokerage to submit the certification.
- The regulation does not require licensed employees to re-submit a
notice of exemption unless they have changed employers.
- DFS does not offer a way for the public to determine the exemption a specific licensed individual submitted.
- If you have a license in your personal name and want to find out what exemption you submitted, we suggest you write to firstname.lastname@example.org, provide your license number, and ask for details on your exemption.
Every resource we have on compliance with this regulation can be found at
www.biginy.org/cyber and in the
News section of this website.