NY | ALL resident and non-resident insurance firms must file a Certification of Compliance with New York’s cybersecurity regulation [Section 500.19(b)] by February 15, 2018. Certifications that were filed in 2017 MUST BE refiled. Individuals who previously qualified for exemption because their agency maintains a cybersecurity compliance program [per Section 500.19(b)] do not need to file.
On January 8, 2018, the Excess Lines Association of New York (ELANY) published its Bulletin No. 2018-02, which outlines the 2018 compliance requirements with which licensees must be in FULL compliance by February 15th. The bulletin also lists which requirements still apply to licensees who filed for the “limited” exemption under Section 500.19(a).
The bulletin also lists requirements above and beyond the filing for a Certification of Compliance which licensees must meet by March 1, 2018.
NOTE: Although ELANY is providing helpful information regarding New York’s cybersecurity regulation, the regulation DOES NOT apply exclusively to surplus lines licensees. ALL New York insurance licensees are subject to this regulation.