Financial & Insurance


financial and insurance

Are you doing everything you can to protect your data? Mergers and acquisitions (M&A) activity, new technologies, and consumer demand for mobile technology all increase the risk to financial services.

As one of the most targeted industries, it makes sense to have a strategy that gets everyone can get behind – from the board to customer-facing employees.

Sera-Brynn helps you minimize risks and develop tailored security programs to meet GLBA and the Safeguards Rule, the NAIC Model Law, FFIEC, and 23 NYCRR 500.

Our Managed Compliance services, Fractional CISO, and assessments are designed to improve your cybersecurity and transform your risk profile.

Learn more about Sera Brynn’s compliance services for banks, insurance companies, and financial institutions with an initial consult.

GLBA and the Safeguards Rule

A lot has changed since The Gramm Leach Bliley Act was introduced in 1999. For financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – information-sharing and privacy practices are more complex than ever. A readiness assessment can minimize your risks and help you plan ahead for proposed upgrades to the Safeguards Rule, state-level privacy initiatives, GDPR, and more.

Read our blog post on upcoming changes to the Safeguards Rule.

23 NYCRR 500 and NAIC Model Law

23 NYCRR 500 sets a baseline for banks and insurance companies doing business in New York to protect information. The regulation includes core requirements like multi-factor authentication, training, incident response, and access controls. Notably, organizations must appoint a Chief Information Security Officer, or CISO.

The Insurance Data Security Model Law is based on 23 NYCRR 500 and applies to regulated insurance entities. While still only a guideline until adopted by each state in the U.S., South Carolina was the first state to adopt the law. Even in states where the model hasn’t been adopted, agents and insurers now have guidelines to use when planning risk initiatives and looking at ways to protect consumer data appropriately.