NY Seeks to Extend Cybersecurity Rules to Credit Reporting Agencies

10/12/17 – New York Department of Financial Services (DFS) issued new proposed regulations which would require credit reporting agencies to register with DFS and comply with New York’s cybersecurity standard.

In a press release, the DFS published the proposed regulations that would place obligations on consumer credit reporting agencies in light of the recent Equifax breach. The proposed regulatrions would also provides DFS the authority to deny and potentially revoke a consumer credit reporting agency’s authorization to do business with New York’s regulated financial institutions and consumers if the agency is found to be out of compliance with the financial services, banking, and insurance laws, and regulations, including engaging in unfair, deceptive, or predatory practices.

Under the proposed regulation, all consumer credit reporting agencies that operate in New York must register annually with DFS beginning on or before February 1, 2018 and by February 1 of each successive year for the calendar year thereafter.  The registration form must include an agency’s officers or directors who will be responsible for legal compliance.

The proposed regulation also subjects consumer credit reporting agencies to examinations by DFS and prohibits the agencies from doing the following:

In addition, the proposed regulation would require credit reporting agencies to comply with DFS’s cybersecurity regulation starting April 4, 2018. DFS’s cybersecurity regulation requires banks, insurance companies, and other financial services institutions regulated by DFS to have a cybersecurity program designed to protect consumers’ private data; a written policy or policies that are approved by the board or a senior officer; a Chief Information Security Officer to help protect data and systems; and controls and plans in place to help ensure the safety and soundness of New York’s financial services industry.

Comments on the proposed regulation may be submitted until November 20, 2017 to:

Eamon Rock, Esq.
New York State Department of Financial Services
One Commerce Plaza
Albany, NY 12257
(518) 474- 4567
email: Eamon.Rock@dfs.ny.gov until

DFS Press Release; Proposed Regulation.

CFPB Releases Spring 2017 Rulemaking Agenda

The CFPB announced the publication its Spring 2017 rulemaking agenda.

Hot Topic: CFPB Cannot Regulate Optional Insurance Sales

Dodd-Frank limits the CFPB's jurisdiction over insurance. Though the CFPB can exercise some authority over insurance activities, their reach should not extend to optional sales by banks.

Hot Topic: A Survey of CFPB's UDAAP Actions

This summary of each enforcement action by the CFPB can help companies avoid UDAAP violations.