Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherJoin the NetworkGet StartedSubscribeSupport
Contact Us
Search
Close

Cybersecurity: NY Adopts Final Regulations for Banks, Insurance Businesses and Other Financial Services Institutions

By Rajesh De, Jeffrey P. Taft, David A. Simon, Lawrence R. Hamilton, Steven M. Kaplan, Stephen Lilley, David L. Beam, David A. Tallman & Matthew Bisanz on March 21, 2017
Email this postTweet this postLike this postShare this post on LinkedIn
On February 16, 2017, the New York State Department of Financial Services (“NYDFS”) finalized regulations that mandate cybersecurity standards for all institutions authorized by NYDFS to operate in New York, including many banks, insurance entities and insurance professionals doing business in New York. The final regulations, titled “Cybersecurity Requirements for Financial Services Companies,” implement a significantly revised version of the NYDFS’s September 13, 2016, proposal and became effective on March 1, 2017, with a phase-in period. In addition, the NYDFS issued frequently asked questions with corresponding answers on March 13, 2017 (the “FAQs”). This Legal Update (i) describes the relevant definitions and institutions affected by the final regulations, (ii) explains their substantive requirements and notes important points clarified in the FAQs and (iii) highlights some of the takeaways for the financial services industry.
Continue reading
Rajesh De

Raj De serves on Mayer Brown’s global Management Committee. He was previously the Managing Partner of Mayer Brown’s Washington DC office, which is comprised of more than two hundred lawyers. He leads the firm’s global Cybersecurity & Data Privacy practice, as well as…

Raj De serves on Mayer Brown’s global Management Committee. He was previously the Managing Partner of Mayer Brown’s Washington DC office, which is comprised of more than two hundred lawyers. He leads the firm’s global Cybersecurity & Data Privacy practice, as well as the firm’s National Security practice, and serves as a member of the firm’s Congressional Investigations & Crisis Management team. After nearly two decades in private practice and public service across all three branches of the United States government, Raj is one of the most trusted voices in Washington. He has held senior appointments in the White House, the Department of Justice (DOJ) and the Department of Defense (DOD). Raj returned to Mayer Brown in 2015 after serving as General Counsel at the United States National Security Agency (NSA). Since returning to the firm, Raj has received numerous recognitions, including by American Lawyer (“Lateral All-Star”), Washingtonian magazine (“Top Lawyer”), The National Law Journal (“Cybersecurity and Data Privacy Trailblazer”), and Cybersecurity Docket (“Incident Response 30”).

Raj focuses his practice on cutting-edge legal and policy issues at the nexus of technology, national security, law enforcement and privacy. He advises clients, including management teams and boards of directors, in connection with crisis management, government and internal investigations, high-stakes litigation, regulatory enforcement matters, and congressional inquiries. Raj provides clients with strategic counseling and practical legal advice, drawing upon a wealth of experience in government service and private practice.

Read Raj’s full bio.

Read more about Rajesh DeEmail
Show more Show less
Photo of Jeffrey P. Taft Jeffrey P. Taft

Jeffrey Taft is a partner in the Firm’s Financial Services Regulatory & Enforcement group and the Cybersecurity and Data Privacy practice. His practice focuses primarily on bank regulation, bank receivership and insolvency issues, payment systems, consumer financial services and cybersecurity/privacy issues. He has…

Jeffrey Taft is a partner in the Firm’s Financial Services Regulatory & Enforcement group and the Cybersecurity and Data Privacy practice. His practice focuses primarily on bank regulation, bank receivership and insolvency issues, payment systems, consumer financial services and cybersecurity/privacy issues. He has extensive experience counseling financial institutions, merchants, technology companies and other entities on various federal and state banking and consumer credit issues, including compliance with the Bank Holding Company Act, National Bank Act, International Banking Act, Consumer Financial Protection Act, Truth-in-Lending Act, the Fair Credit Reporting Act, the Electronic Fund Transfer Act, the Equal Credit Opportunity Act, the Fair Debt Collection Practices Act, the Real Estate Settlement Procedures Act, state unfair or deceptive acts or practices statutes, CFPB’s UDAAP authority and the development and implementation of privacy, cybersecurity and information security programs under the Gramm-Leach Bliley Act, the NYDFS cybersecurity regulation and industry standards, such as PCI DSS and NIST.

Read Jeff’s full bio.

Read more about Jeffrey P. TaftEmail
Show more Show less
Photo of David A. Simon David A. Simon

David Simon is a partner in Mayer Brown’s Washington DC office and a leading member of the global Cybersecurity & Data Privacy practice. He is also a member of the firm’s National Security and Government Contracts practices. A former special counsel at the…

David Simon is a partner in Mayer Brown’s Washington DC office and a leading member of the global Cybersecurity & Data Privacy practice. He is also a member of the firm’s National Security and Government Contracts practices. A former special counsel at the US Department of Defense (DoD) and chief cyber counsel to the US Cyberspace Solarium Commission, David has deep experience advising victims of ransomware attacks and state-sponsored cyber activity. Named as a Cybersecurity Trailblazer by The National Law Journal, David has also been named to Cybersecurity Docket’s “Incident Response 40,” a collection of 40 of the “best and brightest” incident response attorneys in the country. David regularly supports clients as the lead investigator and crisis manager for cross-border cyber incidents, including data breaches involving personal data, nation-state threats targeting intellectual property, state-sponsored theft of sensitive U.S. government information, and destructive attacks. David has directed and advised on dozens of complex cyber incident and data breach investigations in the last few years alone. He has counseled companies on major cyber incidents and incident preparedness across virtually every sector of the economy. David represents financial institutions, automotive manufacturers and self-driving car companies, tech companies, telecommunications companies, healthcare companies, insurance companies, defense and aerospace companies, private equity firms and their portfolio companies.

Read David’s full bio.

Read more about David A. SimonEmailDavid's Linkedin Profile
Show more Show less
Photo of Steven M. Kaplan Steven M. Kaplan

Steven Kaplan is a partner in Mayer Brown’s Washington DC office and a member of the Consumer Financial Services group. He concentrates his practice on matters related to consumer financial products and represents clients in federal and state supervisory matters, investigations and enforcement…

Steven Kaplan is a partner in Mayer Brown’s Washington DC office and a member of the Consumer Financial Services group. He concentrates his practice on matters related to consumer financial products and represents clients in federal and state supervisory matters, investigations and enforcement proceedings. He also advises clients on compliance with federal and state laws governing licensing and practices of financial institutions, mortgage lenders, consumer finance companies, loan servicers, prepaid card issuers, payment system providers and secondary market participants. Steven acts as regulatory counsel in connection with investments or acquisitions related to consumer loans and other consumer financial products and performing regulatory compliance due diligence. Additionally, Steven assists with structuring operations and developing compliance management systems and due diligence programs and with litigation involving regulatory compliance matters.

Read Steve’s full bio.

Read more about Steven M. KaplanEmail
Show more Show less
Photo of Stephen Lilley Stephen Lilley

Stephen Lilley is a partner in the Washington DC office of Mayer Brown. He focuses his practice on helping clients navigate cutting-edge and interrelated litigation, regulatory, and policy challenges. A member of the firm’s Litigation and Cybersecurity & Data Privacy practices, Stephen develops…

Stephen Lilley is a partner in the Washington DC office of Mayer Brown. He focuses his practice on helping clients navigate cutting-edge and interrelated litigation, regulatory, and policy challenges. A member of the firm’s Litigation and Cybersecurity & Data Privacy practices, Stephen develops strategies to manage legal risks and to shape regulatory policy across a broad range of substantive areas.

Stephen has significant experience working with clients to identify, evaluate, and manage cybersecurity and data privacy risks; responding to cyber incidents and vulnerability disclosures; and defending businesses in related litigation. Stephen is regularly called upon to advise senior executives and board members on their most challenging cybersecurity risks, to help companies develop governance programs to mitigate those risks, and to lead training exercises to implement and refine those programs. Stephen has particular experience advising on cybersecurity and national security issues relating to the Internet of Things, including vehicles and medical devices, and to manufacturing, critical infrastructure, and other industrial systems. Widely recognized for his cybersecurity law and policy experience, Stephen previously served as Chief Counsel to the Senate Judiciary Committee’s Subcommittee on Crime and Terrorism, where he focused on cybersecurity issues.

Read Stephen’s full bio.

Read more about Stephen LilleyEmail
Show more Show less
Photo of David L. Beam David L. Beam

David Beam is a partner in Mayer Brown’s Washington DC office and a member of the Consumer Financial Services group. His practice encompasses a broad range of matters related to payments and credit regulation. He provides clients with regulatory compliance and related business…

David Beam is a partner in Mayer Brown’s Washington DC office and a member of the Consumer Financial Services group. His practice encompasses a broad range of matters related to payments and credit regulation. He provides clients with regulatory compliance and related business planning advice; conducts regulatory due diligences of investment and acquisition targets; structures joint ventures and other business arrangements; obtains approvals, licenses and regulatory guidance from US federal and state financial regulators; and prepares terms and conditions for financial products and services. Additionally, he defends companies in connection with federal and state governmental audits, investigations and enforcement proceedings and assists with litigation matters, including putative class action proceedings.

Read David’s full bio.

Read more about David L. BeamEmail
Show more Show less
Photo of David A. Tallman David A. Tallman
Read more about David A. TallmanEmail
  • Posted in:
    Privacy and Cybersecurity
  • Blog:
    Inside Cybersecurity & Privacy Law
  • Organization:
    Mayer Brown

Call us at 1-800-913-0988 or email sales@lexblog.com.

Facebook LinkedIn Twitter RSS
  • About LexBlog
  • The Field We Built
  • Our Beliefs
  • Our Team
  • Contact LexBlog
  • Disclaimer
  • Editorial Policy
  • Terms of Service
  • Get Started
  • Publishing Solutions
  • Compass
  • Submit a Request
  • Support Center
  • System Status
Copyright © 2026, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo