New York revises, delays new cyber rules after industry complaints

By By Jim Finkle Features Reuters

  • Copyright Reuters 2016

    (Copyright Reuters 2016)

  • A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris April 15, 2014.  REUTERS/Mal Langsdon

    A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris April 15, 2014. REUTERS/Mal Langsdon (Copyright Reuters 2016)

New York's financial regulator said on Wednesday it was revising proposed cyber security rules for banks and insurers doing business in the state to incorporate industry feedback, delaying implementation by two months to March 1.

Continue Reading Below

The rules from the New York State Department of Financial Services are being closely watched by financial services firms around the United States because they would be the first of their kind imposed by any state or federal agency.

At a hearing last week before New York state lawmakers, banking and insurance industry representatives complained that the new rules did not distinguish between small and large financial institutions and might conflict with future U.S. government regulations.

The New York regulator has also received more than 150 comment letters from banks, insurers and others in response to its proposed cyber security plan.

The agency said in a statement that it had carefully considered incorporating some of the suggestions into the proposed regulations, which will be finalized following another 30-day review by the industry and public.

"New Yorkers must be confident that the banks, insurance companies and the other financial institutions that they rely on are securely handling and establishing necessary protocols that ensure the security and privacy of their sensitive personal information," Financial Services Superintendent Maria Vullo said in the statement.

Continue Reading Below

"This updated proposal allows an appropriate period of time for regulated entities to review the rule before it becomes final and make certain that their systems can effectively and efficiently meet the risks associated with cyber threats," she said.

Reuters last week first reported on the agency's plan to delay the regulations.

(Reporting by Jim Finkle in Boston; Editing by Richard Chang)