Although the rules go into effect on March 1, there will be a six-month transitional period for all banks to be in compliance, according to the first state-mandated “Cybersecurity Requirements for Financial Services Companies” that were finalized just one month ago.
Moving forward, all regulated financial institutions must have a cybersecurity program in place, appoint a chief information security officer, and continuously monitor the cybersecurity policies tied to their third-party business partners.
A majority of large banks may already be adhering to the new regulations, but the bigger question lies in the influence New York’s recent action will have in other states.