On January 27, 2017, the Securities Industry and Financial Markets Association (SIFMA), the American Bankers Association (ABA), BITS — the technology policy division of the Bank Policy Institute (commonly referred to as “BPI,” formed in 2018 following the merger of The Clearing House Association and the Financial Services Roundtable) — and the Financial Services Sector Coordinating Council (FSSCC) submitted a comment letter to the New York State Department of Financial Services (NYDFS) regarding the agency’s proposed rulemaking on cybersecurity requirements for financial services companies (the “Proposal”).

The letter requests consideration of three essential revisions:

1. Application of the Proposal to foreign entities;
2. The Proposal’s Risk Assessment requirements; and
3. Implementation impracticalities and unintended consequences stemming from the Proposal, including the Proposal’s current considerations regarding encryption.