<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=378468&amp;fmt=gif">

Our experts partner with compliance teams around the world to provide customizable, user-friendly software solutions designed to simplify every-day compliance processes while ensuring you meet the strictest regulatory standards.

Our system offers a host of benefits and reassurances for compliance leaders, compliance teams and technology specialists.

Automated conflict of interest detection and mitigation helps your compliance teams work better, faster and more effectively. The rigor of our reporting, surveillance, certification and security systems provides complete peace of mind for Chief Compliance Officers and board members.

Helping you to detect and prevent market abuses that could jeopardize your reputation and regulatory compliance. Actively manage insider lists and investigate employee trading in the context of current market activity and events.

Ensure employees’ personal trading and investments comply with all regulatory requirements and company policies.

Ensure employees’ personal investments comply with all regulatory requirements and company policies.

Automatically pre-clear client gifts or entertainment to prevent breaches of anti-bribery regulations.

Avoid regulatory compliance breaches arising from employees’ external business activities.

Save time and resources in safeguarding your business from political conflicts of interest among employees worldwide.

Helping you to actively manage employee trading in the context of market activity and events to guard against insider trading.

Create unlimited projects to easily manage and monitor dynamic lists of employees who have access to insider information.

blog-banner-image.png

Blog

New Deadline For New York Data-Security Law

September 1 is the next important date to keep in mind for 23 NYCRR §500

In the works since the big data breaches of 2014, including those of Target and Home Depot, 23 NYCRR §500 was a creation of the New York State Department of Financial Services. It was designed to "promote the protection of customer information as well as the information technology systems of regulated entities."

23 NYCRR §500 officially went into effect March 1, 2017, but had a series of rolling deadlines for when organizations had to meet certain requirements. The next important deadline is September 1, 2018. By then, financial institutions must:

  • Keep an audit trail of all financial transactions.
  • Keep that information for at least five years.

 Further, regulated data:

  • Must be encrypted.
  • Must be erased when it's no longer needed.

Finally, banks must keep an audit trail of "security events" for three years. Right now, banks are only required to keep such information for 30-60 days. A significant change, and a sign of things to come.

New York state of mind
The audit trail and information retention requirements address the concern that, if critical customer information is stolen or destroyed in a cyber attack, it can easily be recovered. The encryption requirements get at the notion that, if data is stolen, it can't be used by the thieves as quickly or as easily. All this for the benefit of the consumer. But these requirements are also beneficial for the affected financial institutions, which might otherwise view themselves as simply having to bear many new and onerous burdens on their businesses. 

Data thefts cost money in the short term, as the company must jump into action, lock down and investigate its operations and practices, and possibly reimburse customers who lose money to resulting fraud. In the long term, a company may lose business due to bad press and the resulting loss of customer trust. All this to say that, given the new reality of how consumer data rights are being perceived and acted upon by governmental organizations, it's better for businesses to think about compliance as not just a way to stay on the right side of regulators but as a way in which to thrive moving forward.

Europe's General Data Protection Rule. California's Consumer Privacy Act. Ongoing talks in the Trump administration about potentially sweeping federal data-privacy regulation. Data regulation is here and more is coming. It's not an exaggeration to say there's been an awakening when it comes to data issues, in the US and abroad. The regulation surrounding this new thinking will only continue to pile up and/or evolve.

For the moment, DFS hasn't finalized how it will penalize financial institutions that don't comply with the new law. That will change. Those financial institutions waiting for the other regulatory shoe to drop, so they can get on with their lives, should accept the fact that the shoes have only just begun to drop.

StarCompliance has been at the forefront of the data revolution, designing compliance software and building the secure infrastructure it runs on for nearly 20 years. Clients in more than 50 countries trust Star to keep their own data and client data safe and at the ready. Find out if Star can help your enterprise financial institution thrive now and into the future. Book a FREE demo today.

 

 

 

 

 

SHARE THIS STORY | |

Search

Follow

Recent Posts

Posts by Topic

see all

Subscribe to Blog