We are pleased to announce the creation of another new resource to help independent insurance agencies comply with the New York financial services cybersecurity regulation. The new tool helps agencies that qualify for the limited exemption identify the requirements that apply to them. It also informs the agency as to which filing it must submit before the April 15 deadline.
Section 500.17(b) of the regulation requires all "covered entities" (New York licensed and chartered companies in the banking, financial services, and insurance industries) to annually submit either a Certification of Material Compliance or an Acknowledgment of Non-Compliance regarding the prior calendar year. The entity must complete and submit the appropriate form on the New York State Department of Financial Services (DFS) website annually by April 15.
This requirement applies to the business entity only; it does not apply to licensed employees of an agency.
Our new resource provides a checklist of the requirements that apply to limited exempt agencies. The list is in the form of several questions for which the answers are either "yes" or "no." If the head of IT for your agency (and that person may well be the agency principal) can truthfully answer "yes" to all the questions, the agency should submit the Certification of Material Compliance.
On the other hand, if the truthful answer to one or more questions is "no," the agency should complete the Acknowledgement of Non-Compliance.
The checklist is an exclusive benefit for Big I New York members. You can find it on the Filing Instructions page in the Cybersecurity section of our website. Because the Cybersecurity section is a benefit that our members pay for, users must log in to the site with their email address and password to access it.
Other resources to help you complete the filing include:
- Video recording or our April 2024 webinar demonstrating how to complete the filings.
- DFS instructions for completing the Certification of Material Compliance.
- DFS instructions for completing the Acknowledgement of Non-Compliance.
Please be aware that neither the agency nor its licensed employees are required to resubmit the Notice of Exemption on the DFS cyber portal unless their circumstances have changed. If nothing has changed, it is unnecessary to complete and submit this form again.