With Cybersecurity Rule Looming, It’s About To Get Way More Expensive To Be A Traditional Lender In New York State

Coming soon to New York, any company required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the banking law, the insurance law or the financial services law, will need to implement a cybersecurity program.

“Senior management must take this issue seriously and be responsible for the organization’s cybersecurity program and file an annual certification confirming compliance with these regulations,” the NYDFS proposed rule states. That likely means hiring computer experts to comply. Actually, it definitely does because one of the requirements is to employ cybersecurity personnel sufficient to manage cybersecurity risks and to perform core cybersecurity functions. That includes training, monitoring, penetration testing, auditing, implementing multi-factor authentication, and encrypting non-public data, among other tasks.

Based on the language, MCA companies are likely exempt, as are companies that have fewer than 1,000 customers a year, are generating less than $5 million in revenue a year and have less than $10 million in assets.

In Leasing News, Barton, Klugman & Oetting attorney Tom McCurnin, argued the proposal will be a disaster for small banks with branch offices in New York.

The rule is slated to go into effect on January 1, 2017. And even if the rule doesn’t apply to you, it might be a good time to start bolstering your cybersecurity anyway, if for no other reason than to protect your customers and your company.