Reprinted with permission from the Payments & Fintech Lawyer.

The DFS issued proposed regulations in September 2016 that would require many covered financial institutions to establish and maintain cybersecurity programmes that meet specific minimum standards. These proposed regulations would apply to all financial institutions supervised by the DFS (‘Covered FIs’) and would be applied by Covered FIs contractually to their third party service providers and business partners. Given the range of
affected companies, there is a realistic possibility that any final regulations promulgated by the DFS could become the de facto standard for cybersecurity programmes and their governance when engaging in financial activities in the US. Other individual states may also choose to adopt similar regulations. More >





Related Practices