The NYDFS has announced that it has extended the deadline for compliance with certain cybersecurity requirements due to the coronavirus emergency.
The announcement from the Superintendent of Financial Services of the State of New York recognizes that COVID-19 may present compliance challenges for regulated entities and covered persons in meeting reporting obligations. The deadline for submission of the 2019 “Certifications of Compliance” and transaction monitoring and filtering programs is extended from the statutory deadline of April 15, 2020 to June 1, 2020. Under the regulations, covered entities are required to submit annual statements certifying their compliance with the Cybersecurity Regulation for the prior calendar year, and must maintain records supporting the certification for five years.
This announcement does not apply to any extension of the 72-hour notification of a cybersecurity event, therefore regulated entities and covered persons should ensure that security programs are in place and operational for “work-from-home” employees for the duration of this event. Also, this announcement does not apply to the requirement issued by NYDFS cryptocurrency firms to submit cybersecurity plans by April 9 as we discussed here.