NYFDS Published Two Industry Letters Addressing Cybersecurity

Staff Editor 2026-06-09
NYFDS Published Two Industry Letters Addressing Cybersecurity

NYFDS Published Two Industry Letters Addressing Cybersecurity

https://natlawreview.com/article/nydfs-issues-dual-guidance-heightened-cybersecurity-threats-frontier-ai-risks

Publish Date: 2026-06-09 18:35:00

Source Domain: natlawreview.com

On May 21, 2026, NYDFS published two related industry letters addressing cybersecurity preparedness for DFS-regulated financial institutions, insurers, and money transmitters. The first, titled Guidance on Measures Regulated Entities Should Consider in a Heightened Cybersecurity Threat Environment (the Guidance), provides a structured menu of defensive measures entities should consider when cybersecurity risks become significantly elevated. The second, titled Heightened Cybersecurity Risks Associated with Frontier AI Models (the Advisory), warns that certain AI models capable of identifying vulnerabilities and exploits at unprecedented speed and scale will soon become more widely available, and directs entities to prepare now. The two documents are designed to work together: the Advisory identifies the threat, and the Guidance provides recommendations on how to respond.

Neither publication creates binding requirements. Both documents state explicitly that they do not alter the obligations under Part 500. The Guidance frames its recommendations as measures entities “should consider” adopting based on their “unique circumstances and operations.” The Advisory states it is “intended to inform Regulated Entities’ risk management and compliance efforts.”

That said, NYDFS has a well-established pattern of publishing non-binding guidance that later becomes the benchmark in examinations and enforcement. NYDFS may evaluate whether an entity considered these measures, documented its reasoning, and updated its risk assessment accordingly.

Scope

The Guidance applies broadly to all NYDFS-regulated organizations and individuals, using the same jurisdictional reach as Part 500. (As a reminder, the scope of Part 500 changed when regulatory amendments recently went into effect.) Any entity required to hold an NYDFS license falls within its scope, including but not limited to licensed lenders, insurance companies, insurance producers, money transmitters, mortgage…

Source

More Stories

Conan O’Brien Is Hosting Educational Videos For An AI Cybersecurity Company

Conan O’Brien Is Hosting Educational Videos For An AI Cybersecurity Company

Staff Editor 2026-06-09
UW-Superior launches cybersecurity program to meet growing workforce demand

UW-Superior launches cybersecurity program to meet growing workforce demand

Staff Editor 2026-06-09
Federal vulnerability management is stuck. A patch wave is coming anyway.

Federal vulnerability management is stuck. A patch wave is coming anyway.

Staff Editor 2026-06-09

Terms and Conditions - Privacy Policy