23 NYCRR 500

23 NYCRR 500 Compliance Services

What is 23 NYCRR 500?

The 23 NYCRR 500 guidelines have been developed to ensure the protection of customer information and information systems of regulated New York financial institutions.

Effective Date: March 1, 2017

Enforcement Date: August 28, 2017

Does 23 NYCRR 500 apply to me?

23 NYCRR 500 applies to any organization or company that is regulated by the New York State Department of Financial Services unless one of the following applies:

  • Fewer than 10 employees, including independent contractors located in New York or responsible for business of the firm
  • Less than $5,000,000 gross annual revenue in each of the last three fiscal years
  • Less than $10,000,000 in year-end total assets

*If your firm meets an exemption qualification you must file that exemption with the Superintendent of Financial Services by September 27, 2017

How Sera-Brynn can help?

Compliance with 23 NYCRR 500 will be a process that each financial institution in the New York area will have to take on. Our audit and advisory teams focus on providing you with a comprehensive roadmap on how to reach compliance with 23 NYCRR 500. Using a third-party auditor such as Sera-Brynn will help your company properly mitigate and manage risk.

What is our Process?

  • Assessment: During this phase Sera-Brynn will assess what systems are in place and what policies are implemented in business processes.
  • Technical Compliance and Documentation Development: During this phase Sera-Brynn will firstly develop and conduct a tailored technical scan of your network. From this we will be able to develop a Cybersecurity Policy, Risk Assessment, and an Incident Response Plan customized for your company’s needs.
  • Final Assessment and Validation: During the final phase of the process Sera-Brynn will deliver a comprehensive Plan of Action and Milestones (POAM), Compliance Status Summary and a Compliance Assessment Completion Certificate.

Contact Us Today

    Relevant Deadlines:

    2017.03.01
    23 NYCRR Part 500 becomes effective

    23 NYCRR Part 500 goes into effect. FAQs provided by the NY Department of Financial Services.

    2017.08.28
    180 day transitional period ends

    Covered Entities are required to be in compliance with requirements of 23 NYCRR Part 500 unless otherwise specified.

    2017.09.27
    Initial 30 day period for filing Notices of Exemption under 23 NYCRR 500.19(e) ends

    Covered Entities that have determined that they qualify for a limited exemption under 23 NYCRR 500.19(a)-(d) as of August 28, 2017 are required to file a Notice of Exemption on or prior to this date.

    2018.02.15
    Submit certification

    Covered Entities are required to submit the first certification under 23 NYCRR 500.17(b) on or prior to this date.

    2018.03.01
    One year transitional period ends

    Covered Entities are required to be in compliance with the requirements of sections 500.04(b), 500.05, 500.09, 500.12 and 500.14(b) of 23 NYCRR Part 500.

    2018.09.03
    Eighteen month transitional period ends

    Covered Entities are required to be in compliance with the requirements of sections 500.06, 500.08, 500.13, 500.14(a) and 500.15 of 23 NYCRR Part 500.

    2019.03.01
    Two year transitional period ends

    Covered Entities are required to be in compliance with the requirements of 23 NYCRR 500.11.