The financial industry is under siege regarding cyber crime. NYDFS is leading the way with stricter cybersecurity regulations to address the increasing instances of cyber attacks on the financial industries. NYDFS Cybersecurity Regulation (23 NYCRR 500) are regulations establishing cybersecurity requirements for financial services companies.

The NYDFS has supervisory power over banks, insurance companies, and other financial service companies. More specifically, they are: 

  • Credit Unions
  • Health Insurers
  • Investment Companies
  • Licensed Lenders
  • Private Bankers
  • Offices of Foreign Banks
  • Commercial Banks
  • Life Insurance Companies
  • Mortgage Brokers
  • Savings and Loans Associations

No Action Can Be Costly

Almost every covered entity is required to file a Certificate of Compliance with NYDFS by February 15, 2020.

NYDFS regulations can mean potential financial penalties equaling up to $500,000 in less than a week.

For example, these potentially hefty fines can add up quickly:

  • $2,500 per day during which a violation continues
  • $15,000 per day in the event of any reckless or unsound practices or pattern of misconduct
  • $75,000 per day in the event of a knowing and willful violation

Being NYDFS exempt does NOT mean you are EXCUSED

NYDFS made provisions for certain covered entities to be exempt from not having to meet certain 23 NYDFS 500 cybersecurity regulations. For more information about NYDFS exemption status click here.

Many entities with exemption status may not know they are still required to complete a risk assessment, revise policies and procedures, publish Third Party Provider Security Policy and document a cybersecurity program to avoid possible fines and penalties.

Third Rock has taken the confusion, frustration and labor intensive requirements for NYDFS compliance and made it simple, easy and affordable.

Utilizing Third Rock’s automated compliant software, CyberCompass™, you get a fast, effective and efficient solution to protect your business, clients and compliance by the February 15, 2020 deadline. We have solutions for EXEMPT and NON-EXEMPT entities.

Third Rock offers CyberCompass™ automated compliance software with built-in expertise that translates NYDFS government requirements into layman’s terms. It does most of the heavy lifting with the analysis and compliance documentation to streamline NYDFS compliance workflow so you can meet the February 15, 2020 deadline.

It is cloud-based, so it can be accessed anywhere with no software download. You don’t have to be a NYDFS or cybersecurity expert to use CyberCompass™.

Our automation can save your firm over 400 hours in twelve months on becoming and staying compliant.

  • Answer one set of simple yes/no questions that meets NYDFS & CIS-20
  • Flexibility to start and stop – CyberCompass™ saves your progress
  • Compliance gap report to gain visibility into your non-compliance
  • Built in step-by-step guide to fix issues and get compliant quickly
  • CyberCompass™ online vault to save your “body of evidence” in one place
  • Monitor your compliance for 12 months with dashboards and reporting

See our NYDFS and CyberCompass™ Frequently Asked Questions to learn more.

Discounted prices available until December 1, 2019