Four Steps to NYDFS 500 Compliance

Jannine Mahone | July 19, 2018
Twitter: @JannineMahoneFS
Year upon year, regulatory responsibilities increase for financial services institutions.
Non-compliance penalties are high. But so is the operational expense of attempting to comply with these new regulations.
The New York Department of Financial Services (DFS) Title 23 of the New York Codes, Rules, and Regulations (NYCRR) Part 500—also known as NYDFS 5001—is a prime example of a new responsibility you now must carry. As it went into effect last year, on March 1, 2017, you need a plan on how to comply with NYDFS deadlines and milestones to minimize the cost and organizational pain.
Since the 2008 financial crisis, banks globally have paid more than $321 billion in fines2 because they failed to meet the demands of the growing multitude of regulations. But it’s not just the fines that add up. The cost of complying with the ever-growing pile of regulations is growing, too.
Compared to pre-financial crisis spending, the operating costs of compliance have increased by more than 60%3 for both retail and corporate banks. A full 89% of financial services firms4 believe compliance costs could more than double within the next five years. Where previously financial services institutions spent 4% of gross revenue on compliance, they expect this to increase to 10% by 20224.
When the NYDFS 500 was announced in February 2017, yet another set of compliance mandates was left at your doorstep.
The goal of the NYDFS 500 is to ensure that all financial institutions maintain certain minimum cybersecurity standards. That’s because the financial services industry remains a prime target of cybercriminals—both internal and external to your organization—who continue to wreak havoc and cause significant losses for DFS-regulated financial institutions as well as the consumers they serve.
Only 14 pages in length, the NYDFS 500 regulation is not overly prescriptive. Instead, it gives you flexibility to assess your company’s particular risk profile and design a cybersecurity program customized to mitigate those risks. Here are a few quick things to know about the NYDFS 500:
Flexibility is good. But the broad nature of the mandate coupled with the lack of details can make NYDFS 500 a challenging regulation to comply with.
Forescout can help. Our solutions help you automate compliance with NYDFS 500 by expertly identifying assets on your network, classifying and assessing device hygiene, and helping you identify and mitigate security gaps. We not only help eliminate potentially hefty fines, but also significantly reduce operational costs.
Here are four steps Forescout recommends to help you roll up your shirtsleeves and get to work complying with NYDFS 500.
Here is where Forescout shines. Our device visibility platform provides insight into all the diverse types of devices connected to your heterogeneous network—from campus and data center networks, to cloud and operational technology ones. You get transparency into your entire network, which helps you identify potential threats unknown devices may pose to your financial data.
Forescout enables you to auto-classify devices—an essential next step in FFIEC compliance—so you can create effective security policies that ensure device compliance, and control access to network resources on a need-to-access basis. Then you can design and build an effective network segmentation program aligned to those policies.
Forescout helps you to tear down security silos and unify security management tools across your infrastructure, making formerly disjointed security products work as one. Our unique set of network, security and management interoperability technologies allow you to accelerate your response to incidents and ensure superior security while realizing significant operational efficiencies. So you not only respond much more quickly to breaches, you do so at lower cost while protecting your existing security investments.
Did you know that one in four firms (26%)8 say they must dedicate a compliance professional to spend an entire day each week simply tracking and analyzing changes or additions to the regulatory landscape? Small wonder that more than half (53%) expect the cost of compliance8 to increase in the coming year.
As compliance-related costs and risks continue to rise, financial services firms need to prioritize how to best allocate their resources. One way is to take advantage of the latest tools and technologies that help them leverage their investments in legacy security solutions.
Forescout offers such tools to help you automate compliance with NYDFS 500—without having to rip-and-replace your existing security environment.
For more information on ways to achieve NYDSF compliance, download our “Addressing NYDFS Compliance” solution brief.
1 https://www.dfs.ny.gov/legal/regulations/adoptions/dfsrf500txt.pdf
2 https://www.reuters.com/article/us-banks-fines/banks-paid-321-billion-in-fines-since-financial-crisis-bcg-idUSKBN1692Y2
3 https://www2.deloitte.com/us/en/pages/regulatory/articles/cost-of-compliance-regulatory-productivity.html
4 https://www.gtnews.com/2017/04/27/financial-services-firms-braced-for-spiralling-compliance-costs/
5 https://www.ffiec.gov/cyberassessmenttool.htm
6 https://www.nist.gov/cyberframework
7 https://its.ny.gov/breach-notification
8 https://risk.thomsonreuters.com/content/dam/openweb/documents/pdf/risk/report/cost-of-compliance-2017.pdf
Toll-Free (US): 1-866-377-8771
Tel (Intl): +1-408-213-3191
Support: +1-708-237-6591
Headquarters
190 W Tasman Dr.
San Jose, CA, USA 95134