Feb 18, 2021

PIANY joins initiative to amend DFS cyber requirements

PIANY joined a coalition of industry associations requesting the New York State Department of Financial Services to address inactive licensees who don’t produce insurance business in the DFS’s New York’s cybersecurity frequently asked questions–producers. Specifically, the coalition wants the DFS to remove cyber compliance requirements for these licensees, because they don’t produce insurance business.

Currently, inactive licensees still must comply with certain parts of the insurance regulation, such as performing a risk assessment, establishing policies and procedures for the secure disposal of certain nonpublic information, and implementing a written third-party service. All of these are required even though these licensees are not maintaining any information system or storing any nonpublic information.

These licensees present no exposure to cyber incidents for insurance consumers or the licensee. However, complying with these requirements is a significant and confusing burden on them. According to PIANY, the cyber regulation requirements should not apply to inactive individual licensees and the association asks the DFS to clarify that these producers are exempt from the regulation in its FAQ.

PIANY will continue to advocate on behalf of its members to ensure these common-sense changes are implemented.