Today, Reuters reported that the New York Department of Financial Services (“DFS”) will delay the effective date of its new cybersecurity regulation. According to a “person familiar with the matter,” the DFS will publish a new version of the cyber security regulation on December 28, 2016, and the effective date for the rule will now be March 1, 2017.
The DFS has not confirmed the delay.
The reported delay is not surprising. At a public hearing earlier this week, industry groups continued their assault on the rule, with financial and insurance institutions pressuring the DFS to delay implementation. Community banks have been especially vocal, complaining that the regulation was inflexible and will unfairly burden smaller intuitions.
If the effective date is not delayed, the regulation will become effective on January 1, 2017, as planned. Entities covered by the regulation would then have 180 days to comply with the regulation, and those companies would be required to submit a Certification of Compliance with the DFS by January 15, 2018.
We will continue to monitor and report on any changes to the DFS’s regulation or its effective date.