23 NYCRR 500 DFS Law – The 2023 Changes All Independent Insurance Agency Owners MUST Know To Be In Compliance

In November, the Department of Financial Services sent out an updated notification on their proposed amendments to their Cybersecurity Regulation: 23 NYCRR 500. These amendments will go into affect within the first quarter of 2023.

You can read our prior update on the amendments here.

23 NYCRR 500. These amendments will go into affect within the first quarter of 2023

You can read a brief summary of items you must comply with as a filing entity here.

As an Independent Insurance Agency, you are required to comply with DFS Law if you have 1 (one) NY based insured or connected firm/third-party company.

Among the new amendments, changes include the creation of “Class A Companies” for larger entities, with their own set of heightened regulations.

For regular covered entities, such as Independent Insurance Agencies, you must now ALSO have:

Regulated entities must file Certification of Compliance for calendar year 2022 by April 15th 2023 and must also file Compliance with new amendments within 30 days once active. 

Enhanced regulations include that if a covered entity fails to implement just 1 (ONE) part of the necessary compliance regulations, they are not counted as being within compliance and therefore failing to adhere to the law.  

When your agency falls victim to a hacker or a breach, this means you will face increased penalties for not being properly within compliance standards. 

Insurance Companies must take steps to ensure that their cyber programs are compliant with not only the current regulations but also with proposed changes in full.

Entities can only become LIMITED EXEMPT, which means any will still need to comply with most of the regulations regardless.

We at Motiva Networks can help prepare your company to be DFS Compliant. We are the only IT Firm that can assure compliance with both Insurance and State Department Cybersecurity Regulations. Our Compliance as a Service is a “Done For You” compliance assurance where we hit every bullet point the law requires, and we monitor your systems for cyberattacks 24/7/365. 

Claim your FREE Cybersecurity Risk Assessment today or schedule a quick 10 minute phone call so we can answer any questions directly: 646-374-1820.