COVID-19 Brings Deadline Extensions From NY Department Of Financial Services

COVID-19 Brings Deadline Extensions from NY Department of Financial Services

The New York State Department of Financial Services (NYDFS) has taken several steps in response to the COVID-19 pandemic. On March 12, NYDFS released a compliance order and a series of guidance letters extending certain deadlines and requesting that organizations submit their plans for managing the risks resulting from COVID-19.

The announcements regarding the extension of deadlines and requests for information are outlined below:

The compliance order from Superintendent Linda A. Lacewell provides the following:

  • DFS Regulated entities may conduct licensable activities from their personal residences so long as the organization can maintain appropriate safeguards and controls with respect to data protection and cybersecurity. However, entities may not conduct these same activities with members of the public from their personal residences.
  • The deadline for filing certifications of compliance with the cybersecurity requirements mandated by 23 NYCRR 500 17(b), as well as under transaction monitoring and filtering programs (under 3 NYCRR 504.4), are extended 45 days from the original due date. Several other deadlines were extended as well, but missing from the list of reprieves is the requirement that the superintendent of the NYDFS is notified within 72 hours of a cybersecurity event covered by 23 NYCRR 500.17 (a).

Additionally, DFS issued five letters requesting information from regulated institutions about their COVID-19-related risks and plans for responding to those risks. These were requested “as soon as possible, but in no event later than 30 days from March 10, 2020.”

Further guidance is below. Item (4) encourages regulated entities to support business customers in offering accommodations by deferring payments, waiving overdraft fees, easing credit terms, and other similar actions.

The other letters are generally aimed at the NYDFS’s desire to assess organizations’ operational preparedness, and to gain an assurance that organizations are minimizing risk and developing resilience plans that address all points of operation. These points include physical operations, employee protections, the preparedness of third-party service providers and suppliers, communication, testing, and governance and oversight plans. Requests for assurance of operational preparedness also generally require an organization to outline its plan for combatting cyberattacks and fraud.

The New York Department of Financial Services continues to issue announcements and guidance aimed at addressing issues that arise due to COVID-19 and the resulting unusual economic situation that the world is facing. Access all announcements here: https://www.dfs.ny.gov/industry/coronavirus

Joy Meason Intriago

Co-Founder of the Association of Certified Anti-Money Laundering Specialists (ACAMS) and other successful training and certification organizations. Building valuable professional communities focused on professional growth in emerging areas. Now the founding Managing Director and responsible for growing the Association for Data and Cyber Governance, a global association of governance, risk and compliance professionals.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top