If you have a Life Insurance License in New York State, you are considered a “covered entity” by the New York Department of Financial Services (NYDFS). All covered entities are required to file an Annual Certification of Compliance with the NYDFS certifying, for 2022, you complied with the Cybersecurity requirements set forth in 200 NYCRR 500.

Things to keep in mind:

• You must file the Certification of Compliance every year by 4/15 for the prior year.

• If you filed for one of the limited exemptions, you do NOT need to refile it on an annual basis. It only needs refiled if you had a change in one of the areas of exemption.

• The exemptions are limited in nature, you still must meet and certify the nonexempted items.

These are the items needed for qualifying for a limited exemption:

• 500.19 (a) (1) Fewer than 10 employees working in NYS

• 500.19 (a) (2) Less than $5 million in gross annual revenue

• 500.19 (a) (3) Less than $10 million in year-end total assets

If you qualify for one of the above, you will receive a limited exemption from all the rules set forth in 200 NYCRR 500. Since this is a limited exemption, you still must satisfy and certify the following:

• 500.2- Cybersecurity Program

• 500.3- Cybersecurity Policy

• 500.7- Access Privileges

• 500.9- Risk Assessment

• 500.11- Third Party Service Provider

• Security Policy

• 500.13- Limitations on Data Retention

• 500.17- Notices to Superintendent

The above information is for cybersecurity educational purposes only and should not be construed as legal or compliance advice. Legal and Compliance questions should be directed to the appropriate professionals in those areas.

Source: NYDFS Website

Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.