While the New York Credit Union Association understands the need to update security framework in a rapidly evolving world, its leadership believes that addressing the certain issues could assist state-chartered financial services companies with compliance, said William J. Mellin, Association president/CEO, in a comment letter to the New York State Department of Financial Services last week.

Mellin stated that, while the Association appreciates the department’s proposed cybersecurity amendments, they pose both “unrealistic compliance burdens” and a “lack of clear objective criteria.” Mellin outlined specific suggested changes to enable the department to achieve its core goals in proposing the amendments, while doing so in a way that helps financial institutions comply with the regulations in a cost-effective manner.

The comments, sent to Joanne Berman, counsel to the DFS Cybersecurity Division, are in response to updated cybersecurity regulations announced in November 2022, in which a 60-day comment period commenced.

DFS stated that the proposed amended regulations strengthen the agency’s risk-based approach to ensure cybersecurity risk is integrated into business planning, decision-making and ongoing risk management. The original 2017 regulation established a regulatory model that is now used by both federal and state financial regulators.