Search Results for: NYDFS

NYDFS Issues Frontier AI Advisory and Guidance for Heightened Cyber Threat Environment

May 26, 2026 By Kim Peretti, Ashley Miller, Lance Taubin and Taylor Veracka

On May 21, 2026, the New York Department of Financial Services (“NYDFS”) issued two Industry Letters to the organizations it regulates (“Regulated Entities”): “Heightened Cybersecurity Risks Associated with Frontier AI Models” (the “Advisory”) and “Guidance on Measures Regulated Entities Should Consider in a Heightened Cybersecurity Threat Environment” (the “Guidance”) (collectively, the “Letters”). The Letters discuss […]

NYDFS Revises Prescriptive FAQs on Multifactor Authentication

March 5, 2026 By Kim Peretti, Lance Taubin and Ashley Miller

Two months after the New York Department of Financial Services (“NYDFS”) updated its Frequently Asked Questions (“FAQs”), which we wrote about here, NYDFS has released updated FAQs on multifactor authentication (“MFA”) that further clarify 23 NYCRR § 500.12. As we previously reported, the FAQs from December 2025 provided prescriptive guidance, including clarifications on technical requirements […]

NYDFS Releases New Prescriptive FAQs on MFA

December 22, 2025 By Kim Peretti and Lance Taubin

The New York Department of Financial Services (NYDFS) has released a new set of Frequently Asked Questions (FAQs 18–23) under 23 NYCRR Part 500, reinforcing its position that multifactor authentication (MFA) remains a critical component of a covered entity’s cybersecurity program. These FAQs provide highly prescriptive guidance, including clarifications on technical requirements for the “possession” […]

NYDFS Issues Guidance on Managing Risks Related to Third-Party Service Providers

October 27, 2025 By Lance Taubin and Privacy, Cyber & Data Strategy Team

On October 21, 2025, the New York Department of Financial Services (“NYDFS”) published an Industry Letter (the “Letter”) outlining guidance on managing risks related to third-party service providers (“TPSPs”). NYDFS recognizes that as covered entities become more reliant on TPSPs, managing TPSPs “remains a crucial element of a Covered Entity’s cybersecurity program.” The Letter outlines […]

NYDFS Issues Guidance on Heightened Cybersecurity and Sanctions Risk from Global Conflict

June 27, 2025 By Kim Peretti

Overview On June 23, 2025, the New York State Department of Financial Services (“NYDFS”) issued an industry letter encouraging all regulated entities to review their cybersecurity and sanctions compliance programs in light of heightened geopolitical tensions. The letter, titled “Impact of Global Conflict on Cybersecurity and Sanctions Risk,” emphasizes the elevated risk environment and reaffirms […]