New York
08 March 2017
Reporter: Becky Butcher

Captives ‘exempt’ from New York cyber rules


Captive insurance companies are ‘exempt’ from the new cyber security regulation that came into effect in New York on 1 March.

The new regulation requires financial institutions to implement robust controls to detect, prevent and report cyber incidents.

As well as captive insurance companies, other ​exempt entities include small covered entities, designees covered by another, and those that do not possess or handle non-public information.

​All exempt entities must still file a certificate of exemption with the New York State Department of Financial Services (NYDFS) within 30 days.

According to Romaine Marshall and Matt Sorensen of law firm Holland & Hart, the impact of the new regulation will be “felt far beyond the state of New York and will likely become the baseline standard for the industry”.

The new regulation requires banks, insurance companies, and other financial services institutions regulated by the NYDFS to establish and maintain cyber security programmes designed to protect consumers’ private data and ensure industry safety.

Requirements include conducting periodic risk assessments, maintaining a cyber security programme based on the risk assessment, complying with governance and staffing requirements, and providing regular cyber security awareness training.

Marshall and Sorensen suggested that although the regulation became effective on 1 March, there will be a transition period of between one and two years for most financial institutions to comply.

“Full compliance with such an expansive regulation will [still] be challenging,” they added.

More regulation news
The latest news from Captive Insurance Times
Join Our Newsletter

Sign up today and never
miss the latest news or an issue again

Subscribe now
CIC Services: IRS court case ruling ‘disappointing’
06 November 2017 | Tennessee | Reporter: Becky Butcher
CIC Services has said losing its court case to the Internal Revenue Service (IRS) was “disappointing”
PRA to improve Solvency II directive
25 October 2017 | London | Reporter: Becky Butcher
The Prudential Regulation Authority (PRA) has revealed it is to make improvements the Solvency II directive, less than two years after its implementation date
UK’s ILS legislation to be in place for January renewals
17 October 2017 | London | Reporter: Jenna Lomax
Malcolm Newman, CEO of Scor’s London hub and sponsor of the London Market Group’s (LMG) ILS Taskforce is “cognisant of the time pressures if ILS applications are to be made in time for 1 January renewals”
Tennessee updates captive legislation
03 October 2017 | Nashville | Reporter: Becky Butcher
New captive legislation is to set Tennessee apart from other US captive insurance domiciles, according to the state’s Department of Commerce and Insurance (TDCI).
US and EU sign covered agreement
22 September 2017 | Brussels | Reporter: Becky Butcher
The US and EU have signed the bilateral covered agreement on insurance and reinsurance
GFSC addresses Solvency II and IAIS capital standards project
20 September 2017 | St Peter Port | Reporter: Becky Butcher
The Guernsey Financial Services Commission (GFSC) has launched a discussion paper seeking the industry’s feedback on the evolution of the island’s global and European insurance capital standards
DARAG completes Ikano captive transaction
08 September 2017 | Jerusalem | Reporter: Katherine Brown
DARAG has completed an Israeli reinsurance transaction and received regulatory approval for the acquisition of Ikano Försäkring, the Stockholm-based Swedish captive owned by Ikano Group