NYDFS 500 Compliance

The financial industry is under cyber siege. Because of this, NYDFS is leading the way with stricter cybersecurity regulations. These address the increasing number of cyber attacks on the financial industries. NYDFS Compliance Regulation (23 NYCRR 500) created cybersecurity rules for financial services companies.

The NYDFS supervises banks, insurance companies, and other financial service companies. For example, more specific companies are: 

  • Credit Unions
  • Health Insurers
  • Investment Companies
  • Licensed Lenders
  • Private Bankers
  • Offices of Foreign Banks
  • Commercial Banks
  • Life Insurance Companies
  • Mortgage Brokers
  • Savings and Loans Associations

NYDFS Compliance required by June 1, 2020.

NYDFS regulations can mean potential fines – up to $500,000 in less than a week.


For example, these large fines can add up quickly:

  • $2,500 per day while a violation continues
  • $15,000 per day for reckless or unsound practices
  • $75,000 per day for a knowing and willful violation

Being NYDFS exempt does NOT mean you are EXCUSED

NYDFS 500 allows certain covered entities to be exempt from not having to meet some 23 NYDFS 500 cybersecurity regulations. For more information about NYDFS exemption status click here.

Many entities with exemption status may not know they are still required to complete a risk assessment. In addition, they must revise policies and procedures, publish a Third Party Provider Security Policy and document a cybersecurity program.  As a result, those that comply can avoid possible fines and penalties.

CyberCompass® simplifies the confusing and frustrating requirements for NYDFS 500 compliance. We make it simple, easy and affordable.

As a result, CyberCompass® automated compliance software gives you fast, effective solution. Protect your business and clients with NYDFS compliance by the June 1, 2020 deadline.

We have built solutions for EXEMPT and NON-EXEMPT companies.

CyberCompass® automates NYDFS 500 compliance with built-in expertise that translates  government requirements into layman’s terms. It does most of the heavy lifting to streamline NYDFS compliance workflow. Because of this, you can meet the June 1, 2020 deadline.

It is cloud-based, so it can be accessed anywhere with no software download. Most importantly, you don’t have to be a NYDFS or cybersecurity expert to use CyberCompass®.

Our automation can save your firm over 400 hours throughout the twelve-month subscription. 

Get and Stay NYDFS Compliant

  • Answer one set of simple yes/no questions that meets NYDFS & CIS-20
  • Flexibility to start and stop – CyberCompass® saves your progress
  • Compliance gap report – easily see where you need improvements
  • Built in step-by-step guide to fix issues
  • CyberCompass® online vault saves your “body of evidence” in one place
  • Monitor your compliance for 12 months with dashboards and reporting

See our NYDFS compliance and CyberCompass® Frequently Asked Questions to learn more.

CyberCompass® is now being offered to all eligible ELANY members at no cost. If you are an ELANY member, click here to activate your FREE account.