New York State Cybersecurity Information

This page contains information pertaining to New York State Department of Financial Services 23 NYCRR 500


Vanguard Research & Title Services, Inc. has spent a considerable amount of time reviewing and researching New York’s regulation on CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES and hold the opinion that any party who is a licensed title insurance agent in the State of New York is subject to the regulation.

There are instances where certain parties may be exempt. We have included all exemption criteria below for your reference.*

NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES 23 NYCRR 500 CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES I, Maria T. Vullo, Superintendent of Financial Services, pursuant to the authority granted by sections 102, 201, 202, 301, 302 and 408 of the Financial Services Law, do hereby promulgate Part 500 of Title 23 of the Official Compilation of Codes, Rules and Regulations of the State of New York, to take effect March 1, 2017.

Section 500.01 Definitions.

(c) Covered Entity means any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law.

*Section 500.19 Exemptions.
Limited Exemption. Each Covered Entity with: (1) fewer than 10 employees, including any independent contractors, of the Covered Entity or its Affiliates located in New York or responsible for business of the Covered Entity, or

(2) less than $5,000,000 in gross annual revenue in each of the last three fiscal years from New York business operations of the Covered Entity and its Affiliates, or

(3) less than $10,000,000 in year-end total assets, calculated in accordance with generally accepted accounting principles, including assets of all Affiliates, shall be exempt from the requirements of sections 500.04, 500.05, 500.06, 500.08, 500.10, 500.12, 500.14, 500.15, and 500.16 of this Part.

(b) An employee, agent, representative or designee of a Covered Entity, who is itself a Covered Entity, is exempt from this Part and need not develop its own cybersecurity program to the extent that the employee, agent, representative or designee is covered by the cybersecurity program of the Covered Entity.

(c) A Covered Entity that does not directly or indirectly operate, maintain, utilize or control any Information Systems, and that does not, and is not required to, directly or indirectly control, own, access, generate, receive or possess Nonpublic Information shall be exempt from the requirements of sections 500.02, 500.03, 500.04, 500.05, 500.06, 500.07, 500.08, 500.10, 500.12, 500.14, 500.15, and 500.16 of this Part.

(d) A Covered Entity under Article 70 of the Insurance Law that does not and is not required to directly or indirectly control, own, access, generate, receive or possess Nonpublic Information other than information relating to its corporate parent company (or Affiliates) shall be exempt from the requirements of sections 500.02, 500.03, 500.04, 500.05, 500.06, 500.07, 500.08, 500.10, 500.12, 500.14, 500.15, and 500.16 of this Part.

(e) A Covered Entity that qualifies for any of the above exemptions pursuant to this section shall file a Notice of Exemption in the form set forth as Appendix B within 30 days of the determination that the Covered Entity is exempt.

(f) The following Persons are exempt from the requirements of this Part, provided such Persons do not otherwise qualify as a Covered Entity for purposes of this Part: Persons subject to Insurance Law section 1110; Persons subject to Insurance Law section 5904; and any accredited reinsurer or certified reinsurer that has been accredited or certified pursuant to 11 NYCRR 125.

(g) In the event that a Covered Entity, as of its most recent fiscal year end, ceases to qualify for an exemption, such Covered Entity shall have 180 days from such fiscal year end to comply with all applicable requirements of this Part.

NY Cybersecurity Implementation Timeline

For entities entitled to the limited exemption.


New York State Department of Financial Services 23 NYCRR 500

Cybersecurity Requirements For Financial Services Companies

Vanguard Research & Title Services, Inc.
Vanguard Research & Title Services, Inc. is a full-service research and title insurance provider offering comprehensive real property research, title insurance products, and services throughout the State of New York. If there is a service you require that we do not currently provide, please contact us about building a custom solution for you.
CORPORATE OFFICES:
499 South Warren Street, Syracuse, New York 13202
315-422-6031 | 800-294-3740
Privacy Policy | Rates & Fees | Blog | Newsletter | Contact Us
© 2012- Vanguard Research & Title Services, Inc. All rights reserved.
RESEARCH SERVICES
Abstracts of Title
Court Records
Corporate Services
Government Projects
More…
TITLE SERVICES
Commercial
Residential
Industrial
More…
Vanguard Research & Title Services, Inc. is a full-service research and title insurance provider offering comprehensive real property research, title insurance products, and services throughout the State of New York.
CORPORATE OFFICES:
499 South Warren Street, Syracuse, New York 13202
315-422-6031 | 800-294-3740
OFFICE LOCATIONS
Onondaga County | Oswego County
POLICY ISSUING AGENT FOR
Fidelity National Title Insurance Company
Chicago Title Insurance Company
Old Republic National Title Insurance Company
Commonwealth Land Title Insurance Company
WFG National Title Insurance Company
Licensed New York State Title Insurance Agent: TLA-1361055
© 2012- Vanguard Research & Title Services, Inc.
All rights reserved.
Privacy Policy | Rates & Fees | Blog | Newsletter | Contact Us

We use cookies to offer you a better browsing experience, analyze site traffic, personalize content, and serve targeted promotions. If you continue to use this site, you consent to our use of cookies. Click here to review our privacy policy.