New York revises, delays new cyber rules after industry complaints

Reuters News
Posted: Dec 28, 2016 12:50 PM

By Jim Finkle

(Reuters) - New York's financial regulator said on Wednesday it was revising proposed cyber security rules for banks and insurers doing business in the state to incorporate industry feedback, delaying implementation by two months to March 1.

The rules from the New York State Department of Financial Services are being closely watched by financial services firms around the United States because they would be the first of their kind imposed by any state or federal agency.

At a hearing last week before New York state lawmakers, banking and insurance industry representatives complained that the new rules did not distinguish between small and large financial institutions and might conflict with future U.S. government regulations.

The New York regulator has also received more than 150 comment letters from banks, insurers and others in response to its proposed cyber security plan.

The agency said in a statement that it had carefully considered incorporating some of the suggestions into the proposed regulations, which will be finalized following another 30-day review by the industry and public.

"New Yorkers must be confident that the banks, insurance companies and the other financial institutions that they rely on are securely handling and establishing necessary protocols that ensure the security and privacy of their sensitive personal information," Financial Services Superintendent Maria Vullo said in the statement.

Nonsense About 'Crybaby' Conservatives and Hollywood
Brent Bozell and Tim Graham

"This updated proposal allows an appropriate period of time for regulated entities to review the rule before it becomes final and make certain that their systems can effectively and efficiently meet the risks associated with cyber threats," she said.

Reuters last week first reported on the agency's plan to delay the regulations.

(Reporting by Jim Finkle in Boston; Editing by Richard Chang)