The New York State Department of Financial Services has extended the comment period on its cybersecurity amendments until Thursday, Aug. 18, and the New York Credit Union Association is seeking input as it prepares its response.

In 2017, New York state enacted its “first-in-the-nation” Cybersecurity Regulation, which goes beyond existing federal requirements. This regulation applies to any state-licensed or chartered institution and their affiliates and DFS requires regulated entities to certify on an annual basis that they are complying with this regulation.

The proposed regulation makes several changes to the existing framework. It creates a new category of large class-A institutions, which will have to undergo periodic independent cyber audits. It also makes some important technical changes regarding the ability of all credit unions to encrypt personal data.

Henry Meier, the Association’s SVP/general counsel, further breaks down the proposed changes in this blog post, New York State Proposes Key Amendments to Cybersecurity Reg, earlier this month.

The Association invites comments from credit unions, particularly on the more technical aspects of the proposal.  If you or a member of your IT team has any insights, please email them to henry.meier@nycua.org by 12 p.m. on Wednesday Aug. 17.