If a DFS exam letter
arrived tomorrow, would
your agency be ready?

Cybersecurity, IT, and 23 NYCRR 500 compliance built
for New York Insurance agencies. Your first call is with
our CEO, a DFS-approved instructor.

Book a 30 min NYCRR 500 readiness call

30 min - Confidential

No obligation

You speak with Walter directly

TRUSTED ACROSS NEW YORK’S INSURANCE COMMUNITY

WHAT IT LOOKS LIKE

This is what happens when DFS
comes knocking
We've helped agencies through the real thing. The documents
below are redacted versions of letters and questionnaires our
clients have received from the New York State Department of
Financial Services.
1
The letter arrives
An examiner sends a First Day Letter requesting documentation, evidence, and policies.
2
You have ~14 days
You must produce a written program, risk assessment, IR plan, training records, and vendor inventory.
3
Findings & consequences
Gaps lead to corrective action plans, fines, or in serious cases, license risk.

IN PLAIN ENGLISH

What DFS will expect you to
prove, not just claim.
Most agencies filed their certification. Few are prepared to prove it. These are
the controls DFS expects you to produce, document, and defend during an exam.
500.02
Written cybersecurity program
Documented policies, procedures, and controls covering your agency.
Drafted, maintained, renewed anually
500.04
CISO designation
A person responsible for overseeing the cybersecurity program.
We act as your CISO of record.
500.09
Risk assessment
Annual, documented review of risks to nonpublic information.
Annual, regulator-ready.
500.12
Multi-factor authentication
MFA on email, VPN, and privileged access.
Deployed and monitored.
500.15
Encryption of NPI
Data encrypted in transit and at rest, with key management.
Configured agency-wide.
500.16
Incident response plan
Written plan, tested, and ready to execute.
Tabletop drilled annually.
500.11
Third-party oversight
Vendor inventory, due diligence, and ongoing monitoring.
Vendor packets delivered.
500.14
Cyber awareness training
Periodic training for all personnel and management.
Our SAP with manager portal.
500.17
Annual certification
Filed each year with the Superintendent through the DFS portal.
We prep, you sign.

why motiva

Most IT firms know IT. We know
what DFS auditors actually ask for.
Three reasons NY agencies move from a generic MSP to Motiva.
DFS-approved
Walter is a DFS-approved instructor.
Few (if any) competing MSPs in New York can say this. Walter is approved by the Department of Financial Services to teach licensed insurance professionals.
Documented program
Policies, evidence, board reports. Not just controls.
We deliver the artifacts regulators ask to see: written cybersecurity program, risk assessment, board reports, audit cycles, and a multi-year maturity roadmap.
Audit-tested
100%
Audit pass rate across Motiva insurance and mortgage clients. Two-plus years. Zero fines. Zero violations.

Your first call is with Walter, not a sales rep.

For 25 years, Walter Contreras has helped New York insurance agencies, mortgage lenders, and financial firms strengthen cybersecurity, reduce operational risk, and meet 23 NYCRR 500, without confusion or overwhelm.

A graduate of Columbia Business School, a cybersecurity practitioner, and a DFS-approved instructor, Walter doesn't run sales calls. He runs working sessions.

Book a working session with Walter

WHAT YOU GET

What working with Motiva
actually looks like.

No hoops. No confusion. Just clear ways to
get what you need.

1
Managed IT & infrastructure
Reliable support, proactive maintenance, and predictable performance for producers, CSRs, and remote staff.
2
Cybersecurity protection
Endpoint security, identity, MFA, monitoring, and rapid response.
3
DFS compliance program
Written program, risk assessment, vendor management, IR, board reports, and annual certification.
4
Security Awareness Program
Manager portal, employee onboarding checklist, FAQ, phishing tests, built for non-technical staff.

Results you can measure.
Trusted by the best.

+100
98%
First contact resolution
2+ yrs
Perfect compliance track record
100%
Client audit pass rate
“Motiva stands out for its exceptional communication, deep technical expertise, and genuine commitment to client satisfaction. Their team takes the time to understand issues, explains solutions clearly, and follows through — something we’ve never experienced with other IT providers.”
Robert Stone
Managing Director - Stone Insurance
“Motiva is consistently available, proactive, and dependable. Their ability to support remote work without disruption during critical moments made a real difference for our team.”
Ellen Zuckerman
Interstate Home Loan Center, Inc.
“Walter’s cybersecurity reviews provide independent, expert insight that helps organizations identify weaknesses early and take proactive steps to prevent serious cyber events.”
Anthony DeFede
TCE Insurance Services, Inc.

THE RESULTS

What it's like to run an agency
that's already compliant.
1
Exam letters become forwards,
not fire drills.
You forward the email to Motiva. We assemble the response. You sign.
2
Carrier and partner audits
answered in days.
The evidence is already organized. Documentation is current. You don't lose a week.
3
Your team grows on systems that just work.
Producers, CSRs, and remote staff stop being IT's bottleneck. You focus on selling.

IN PLAIN ENGLISH

23 NYCRR 500, translated for
agency owners.
DFS lays out what your agency must have. We translate each
requirement into a one-line "what Motiva does for you."
Do I really fall under 23 NYCRR 500? +
Most NY-licensed insurance agencies do. We'll confirm your status (and whether a limited exemption applies) on the readiness call.
What if I already have an MSP? +
We work with agencies that have an existing MSP. In many cases we co-manage compliance and security while your current provider keeps day-to-day support.
How long does a typical engagement take? +
Initial readiness assessment: 2–3 weeks. Documented program in place: 60–90 days. Annual cycle: ongoing.
Will switching to Motiva disrupt my agency? +
No. We work alongside your current setup, document what's already in place, and close gaps with minimal user-facing change.
What does the Security Awareness Program look like for my staff? +
A short onboarding module, monthly micro-training, simulated phishing, and a manager portal that tracks completion. Built for non-technical staff.
What if I already submitted my annual DFS cybersecurity certification? +
Submitting your annual certification is only an attestation — not proof of compliance. During an examination, DFS may issue a First Day Letter requesting documentation, evidence, and supporting records for everything you certified.

YOUR NEXT 30 MINUTES

Find out where your agency
actually stands.
A focused 30-minute review for NY insurance agencies. No pitch, no pressure, just clarity.
• Your current technology and security
environment
• Where compliance and security gaps may exist
• Which regulations apply to you (DFS, FTC Safeguards, etc.)
• Common risk areas often overlooked in NY agencies
• A clear next step — even if it isn't Motiva
30 min · Confidential · No obligation
Book a NYCRR 500 Readiness Call
Book my call
You'll speak directly with Walter Contreras, Motiva's CEO and a
DFS-approved instructor.
ABOUT US
Managed ITPrivacy PolicyTerms and ConditionsAccessibility StatementBlogs
Resources
NY DFS Compliance HubCybersecuritySolutionsStateRemote Session
Contact Us
1100 Franklin Avenue,
Garden City NY 11530 info@motiva.net (646) 374-1820
© 2026 Motiva Networks – All Rights Reserved.