New York
08 March 2017
Reporter: Becky Butcher

Captives ‘exempt’ from New York cyber rules


Captive insurance companies are ‘exempt’ from the new cyber security regulation that came into effect in New York on 1 March.

The new regulation requires financial institutions to implement robust controls to detect, prevent and report cyber incidents.

As well as captive insurance companies, other ​exempt entities include small covered entities, designees covered by another, and those that do not possess or handle non-public information.

​All exempt entities must still file a certificate of exemption with the New York State Department of Financial Services (NYDFS) within 30 days.

According to Romaine Marshall and Matt Sorensen of law firm Holland & Hart, the impact of the new regulation will be “felt far beyond the state of New York and will likely become the baseline standard for the industry”.

The new regulation requires banks, insurance companies, and other financial services institutions regulated by the NYDFS to establish and maintain cyber security programmes designed to protect consumers’ private data and ensure industry safety.

Requirements include conducting periodic risk assessments, maintaining a cyber security programme based on the risk assessment, complying with governance and staffing requirements, and providing regular cyber security awareness training.

Marshall and Sorensen suggested that although the regulation became effective on 1 March, there will be a transition period of between one and two years for most financial institutions to comply.

“Full compliance with such an expansive regulation will [still] be challenging,” they added.

More regulation news
The latest news from Captive Insurance Times
Join Our Newsletter

Sign up today and never
miss the latest news or an issue again

Subscribe now
PRA proposes Solvency II reporting amendments
15 January 2018 | London | Reporter: Ned Holmes
The PRA has proposed multiple changes to insurance reporting requirements under the Solvency II directive
AHPs rule could have future effect on captive market
12 January 2018 | New York | Reporter: Ned Holmes
The DOL proposed rules on AHPs could have a future impact on the medical stop-loss captive insurance market, according to Phillip Giles, vice president of sales and marketing at QBE North America
John Dies: Captives must be mindful of Trump’s tax reform
10 January 2018 | Houston | Reporter: Ned Holmes
Captives need to be mindful of the changes brought by Trump’s US tax reform plan, despite its positive effect on the insurance industry in general, according to John Dies, managing director of tax controversy at alliantgroup
UK’s ILS legislation approved
29 November 2017 | London | Reporter: Becky Butcher
A UK government cross-party committee has approved the UK’s Risk Transformation Regulations 2017 and the Risk Transformation (Tax) Regulations 2017, which make up the UK’s insurance linked-securities (ILS) legislation
Avrahami motion for reconsiderations denied
20 November 2017 | Washington DC | Reporter: Becky Butcher
Judge Mark Holmes has denied the Avrahamis’ motion for reconsideration concluding that at least one policy was so “ill-drafted” that it was both a claims-made and an occurrence policy
CIC Services: IRS court case ruling ‘disappointing’
06 November 2017 | Tennessee | Reporter: Becky Butcher
CIC Services has said losing its court case to the Internal Revenue Service (IRS) was “disappointing”
PRA to improve Solvency II directive
25 October 2017 | London | Reporter: Becky Butcher
The Prudential Regulation Authority (PRA) has revealed it is to make improvements the Solvency II directive, less than two years after its implementation date