New York Institutions: Exemption from Cybersecurity Regulations Sought by Bond Granted in Final Regulations Issued by Department of Financial Services

February 22, 2017

Last month, Bond, Schoeneck & King  sought  an exemption from cybersecurity regulations proposed by the New York State Department of Financial Services (DFS) for colleges, universities and other charitable organizations that would have been covered under the regulations solely because they operate charitable gift annuity programs.  Joined by the Commission on Independent Colleges and Universities, Bond submitted a letter to DFS urging adoption of the exemption noting, among other reasons, that the proposed regulations, designed for large financial institutions such as banks, would impose an exceptional financial and administrative burden on institutions and organizations unrelated to their mission, size, resources or operations. Moreover, as set forth in the letter, these organizations are already covered by other cybersecurity laws and regulations.

We are pleased to report that the Final Regulations, issued by DFS on February 16, 2017, granted this exemption. As a result, hundreds of institutions, ranging from some of the largest universities, museums, social service and religious organizations in the State to smaller social service and advocacy organizations, are exempt and need not comply with the regulations.