Join PIA
PIA
Professional Insurance Agents
Members-only

Employees of PIA member agencies may log on below:

Remember me

Register for PIA website | Password help

News and publications

National Jan 15, 2018

Reminder: NYDFS cybersecurity certification of compliance forms must be filed between Jan. 1 and Feb. 15, 2018

The New York State Department of Financial Services recently updated its web page to indicate that any covered entity (i.e., agency, insurance agent or insurance broker) that already submitted their Certification of Compliance, needs to do so again after Jan. 1, 2018.

According to the NYDFS, "The Certification of Compliance certifies that a Covered Entity complied with 23 NYCRR 500 for the entire calendar year. As such, the department only expects to receive a Certification of Compliance between Jan. 1 and the Feb. 15 deadline for the previous calendar year. Unless a Covered Entity is ceasing department-authorized operations before that year-end, a Certification of Compliance before year-end will not satisfy the requirement that a Covered Entity certify its compliance as of year-end."

The NYDFS cybersecurity regulation (23 NYCRR 500) requires all New York-licensed insurance agencies, agents and brokers to file a certification of compliance, prior to Feb. 15, 2018, and annually thereafter (Section 500.17(b)). The certification confirms that the licensed entity has complied with the regulation to the extent required, which includes conducting a risk assessment and developing cybersecurity programs and policies based upon that risk assessment. The NYDFS has provided a number of FAQs on the cybersecurity regulation on its website. 

NOTE: Agency employees and representatives that filed exemptions under Section 500.19(b) are not required to file annual Certifications of Compliance:

(b) An employee, agent, representative or designee of a Covered Entity, who is itself a Covered Entity, is exempt from this Part and need not develop its own cybersecurity program to the extent that the employee, agent, representative or designee is covered by the cybersecurity program of the Covered Entity.

NYDFS Superintendent Maria Vullo issued a press release on Jan. 22, 2018, to remind all regulated entities and licensed persons covered by the regulation about the Feb. 15, 2018, deadline.

PIA has the resources (see your Privacy Compliance Central for access to a library of information on this regulation, including in-depth compliance information; the final regulation; and answers to commonly asked questions about it; QuickSource documents; as well as information on TAG Solutions’ Compliance Plus and Do-It-Yourself programs) to help you understand what is expected of you and your agency.

PIA can answer any questions you may have about this regulation: Contact PIA’s Industry Resource Center and the PIA technical staff will be able to walk you through the requirements.

We will continue to assist association members in understanding and complying with the requirements of this regulation.

NATIONAL CONNECTICUT NEW HAMPSHIRE NEW JERSEY NEW YORK Vermont PIA in the News