Does NY’s cybersecurity regulation apply to your credit union?
With the recent ransomware attack demonstrating how vulnerable the world is to cyberattacks, I spent part of my weekend looking back over NY’s regulations and to whom they apply to. These regulations took effect in March, but there is a six month transition period, with some requirements being phased in over the next year.
What follows is one man’s opinion and not a substitute for consultation with your own counsel and compliance team.
NY’s regulations apply to “any person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law.” This definition clearly applies to state chartered credit unions and CUSO incorporated or licensed in New York State, such as a mortgage banking or title insurance business.
What if you have a federally chartered credit union that makes mortgage loans? Here is where people part ways with my analysis. Even though originators working for banks and credit unions are exempt from state licensing requirements under Section 12C of the banking law, they still must be registered with NYS as loan originators. (N.Y. Banking Law § 599-c(3)(a) (McKinney). On its face the regulation is broad enough to be triggered by this requirement.
continue reading »