FoxPointe Security Hub

Is Your Credit Union in Compliance with Updated Cybersecurity Requirements?


Is your Credit Union in the know about the recent cybersecurity requirements mandated by the New York State Department of Financial Services (DFS) that may affect operations? DFS has made significant amendments to its Cybersecurity Regulation, 23 NYCRR Part 500.  The rule is final and effective as of November 1, 2023, introducing new requirements and clarifications. One area that has raised questions and concerns among credit unions and other financial institutions is the revised definition of “covered entity” and its implications for affiliates and subsidiaries.

It’s imperative for credit unions operating in New York State, especially those with subsidiaries or affiliates, to thoroughly review the updated regulations to determine their compliance obligations. Even if your Credit Union is exempt from DFS regulation, if your subsidiary or affiliate is considered a covered entity, a written information security program must be in place. While the regulations aim to enhance cybersecurity measures across the financial sector, understanding how they apply to your specific organizational structure is crucial for ensuring compliance and avoiding potential penalties.

We strongly encourage you to:

Our experts are available to assist your Credit Union in providing clarification regarding the DFS cybersecurity requirements and the impact to your organization and affiliates, as well as answer your questions, and have a conversation regarding your compliance or information security program.

Please reach out to Christopher Salone Consulting Manager at FoxPointe Solutions, a Division of The Bonadio Group or Jeffrey Paille, Partner at The Bonadio Group for any assistance with this.