Apr 28, 2017

PIA offers resources to help members comply with cybersecurity requirements

As PIA reported, the promulgation of Cybersecurity Requirements for Financial Services Companies, (23 NYCRR 500) took effect March 1. All insurance agents, brokers and companies licensed in New York are subject to the requirements of this regulation. This includes nonresident licensees.

The regulation requires each company to assess its specific risk profile and design a program that addresses its risks in a robust fashion. Covered entities have until Monday, Aug. 28, 2017, to become compliant. Additionally, there are phase-in transition periods for the regulation’s different provisions. The initial 30-day period for filing the required Notices of Exemption (for those entities qualifying for the "Limited Exemption") is on, or before, Wednesday, Sept. 27, 2017. The required first annual Certification of Compliance will be due to the New York State Department of Financial Services on or before Thursday, Feb. 15, 2018.

PIA has created a full rundown of how to comply with this regulation. The rundown includes information such as: the appropriate certification forms and paperwork needed to comply; how to fill out such forms; how to create and operationalize policies and procedures to mitigate cybersecurity risk; the areas that need to be addressed in an agency’s cybersecurity policy; and more.

PIA offers a stem-to-stern solution to the regulation with our partnership with TAG Solutions’ Compliance Plus program, to make sure even agencies that meet the limited exemption know they’ve hired experts to protect themselves. PIA and TAG Solutions also announced a Do-It-Yourself program for agencies that know they have to comply, but need to spend less.