woman conducting cybersecurity monitoring Credit/Shutterstock

On Halloween, New York announced that it had finalized amendments to part 23 NYCRR 500. Why should I care, you ask? After all, my credit union isn’t in New York and my board plans to keep it that way. Besides, I hate the Yankees.

First, some background. When these regulations took effect in 2017, they were proclaimed by New York as “the first in the nation” with comprehensive cybersecurity regulations. They require state-chartered and licensed institutions subject to the Department of Financial Services’ oversight that meets certain thresholds, including insurance companies and state credit unions and banks, to adopt a comprehensive cybersecurity framework; this generally mandates institutions to conduct assessments of cybersecurity risks, implement protections to guard against vulnerabilities such as mandating the encryption of data in transit, and due diligence requirements for third-party vendors. Covered entities must certify that they are following these regulations, and the state has aggressively taken enforcement actions against violators.


© 2023 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.


Credit Union Times

Join Credit Union Times

Don’t miss crucial strategic and tactical information necessary to run your institution and better serve your members. Join Credit Union Times now!

  • Free unlimited access to Credit Union Times' trusted and independent team of experts for extensive industry news, conference coverage, people features, statistical analysis, and regulation and technology updates.
  • Exclusive discounts on ALM and Credit Union Times events.
  • Access to other award-winning ALM websites including TreasuryandRisk.com and Law.com.

Already have an account? Sign In Now
Join Credit Union Times

Copyright © 2023 ALM Global, LLC. All Rights Reserved.