New York State Department of Financial Services Cybersecurity Regulation Compliance

Apr 12, 2024

ALBANY, NY | At The Towne Law Firm, we’re dedicated to keeping you informed about critical regulatory changes affecting your business. Recently, the New York State Department of Financial Services (DFS) rolled out significant updates to cybersecurity compliance requirements, impacting businesses like yours.

Back in 2017, DFS introduced cybersecurity regulations under 23 NYCRR Part 500, commonly referred to as “the Cybersecurity Regulation.” Since then, these regulations have evolved to address the ever-changing cybersecurity landscape.

Coverage: If your dealership operates under licenses or authorizations governed by the Banking Law, Insurance Law, or Financial Services Law, you fall under the category of “Covered Entities” and must comply with these regulations.

Resource Center: To facilitate compliance, DFS offers a comprehensive Resource Center with industry guidance, FAQs, and detailed instructions for cybersecurity-related filings. You can stay updated on regulatory guidance by subscribing to email alerts here: New York State Department of Financial Services (

Amended Regulation: DFS announced amendments to the Cybersecurity Regulation on November 1, 2023, aimed to strengthen cybersecurity governance and protections for New York businesses and consumers. Key changes include enhanced governance requirements, additional controls to prevent cyberattacks, more frequent risk assessments, updated notification rules (including reporting ransomware payments), and mandatory cybersecurity training programs. These regulations hold DFS-regulated businesses accountable for implementing appropriate cybersecurity measures and reflect New York’s commitment to leading the nation in cybersecurity policy. You can access final regulatory documents here: Regulatory Activity – Financial Services Law | Department of Financial Services (

Training Resources: To support your compliance efforts, DFS provides training materials such as presentations, videos, and checklists which can be found here: Cybersecurity Resource Center | Department of Financial Services (

Key Compliance Dates: The amended regulation introduces phased compliance requirements. Covered entities have 180 days from adoption to comply, or until April 29, 2024, with some provisions offering extended timelines.

Meet Our Team Leads

Attorney Marc

Attorney Marc Roman provides a variety of cybersecurity, data protection, privacy and information technology services to clients. He is skilled at creating and implementing preventative policies, processes and procedures that are tailored to minimize security risks and comply with applicable cybersecurity laws based upon each client’s specific needs. Marc is an Adjunct Professor at Albany Law School where he teaches courses covering cybersecurity laws, privacy laws, and their application to telecommunications, marketing, workplace and employment issues, as well as civil litigation and governmental law enforcement investigation matters.

Half body shot of Atty. JamesJim Towne has been an integral partner to scores of dealers throughout the Northeast, providing a broad range of legal services, strong business advice and counsel. He has worked at the request of both factory representatives and floor plan lenders to extricate a variety of dealers from the problems presented by a changing economic landscape over the past 40 + years.

Ensure your dealership is on track to meet compliance deadlines! Contact Us Today!

Already filed? Should the need for an audit ever arise, rest assured, we’re here to support you every step of the way, navigating the process with expertise and dedication to safeguard your interests.

The Towne Law Firm, P.C. attorneys are recognized authorities in automobile dealership legal issues, regulation and litigation in New York, Vermont, and across the Northeast.