Berwyn Group

NY Cyber Security Regulations

NY Cyber Security Regulations

Berwyn Group Protects Financial Institutions’ Data

As a critical third party service provider to banks and insurance carriers in New York, we are keeping a close eye on 23 NYCRR § 500 “Cybersecurity Requirements for Financial Institutions” published on September 19, 2016 and recently adopted by the New York Department of Financial Services.    To perform death audits and locate missing individuals we work exclusively with Non-Public Personal Information from financial institutions, insurance carriers, government agencies, Third Party administrators, and retirement departments within corporations.  As a result, data security has always been a top priority for us and our clients.   23 NYCRR § 500 requirement to define cyber security policies and protections will help harden financial institutions from cyberthreats. While there is significant overlap with Gramm-Leach-Liley Act (GLBA), Federal Financial Institutions Examination Council (FFIEC), and other security standards, 23 NYCRR § 500 provides minimum standards for both protecting customer data and fortifying sensitive information systems.

Our products are designed to hold as little data as needed for the shortest possible timeframe, unlike some of our competitors that host or store data for the life of the relationship, putting their clients’ data at higher risk.  All data is transferred via secure and encrypted means as well as encrypted at rest.  Once received client data is strictly limited to those that are performing the work.   Our security processes--both from an IT and physical security background--are regularly reviewed and updated to ensure that we are leading the way in cybersecurity.   In addition to our internal focus on security, Berwyn Group also hires an independent CPA to audit our security practices as part of an annual SOC2 audit.  In short, we applaud New York’s focus on cybersecurity and happily meet all of the requirements outlined for third party service providers in 23 NYCRR § 500 (

While the challenge of cyber security is constantly growing and evolving we are happy to partner with financial institutions that are also working hard to protect their clients.  If you are a Berwyn Group client, rest assured that your data is well taken care of.  If you aren’t a client yet, contact us for more information on how we can help you meet your regulatory requirements.