New York’s new guidance on third-party service provider cyber risk

Photo: Lisa Maree Williams/Getty Images

The guidance does not impose new requirements; it helps NYDFS-regulated institutions meet existing obligations in light of evolving vendor-related cybersecurity risks.

The New York Department of Financial Services has issued new guidance on cybersecurity risks connected to third-party service providers.

Acting Superintendent Kaitlin Asrow announced it, highlighting the risks related to entities becoming increasingly reliant on third-party service providers (TPSPs).

She said the guidance builds on NYDFS’s ongoing efforts to protect

Free Trial

Register for free to keep reading.

To continue reading this article and unlock full access to GRIP, register now. You’ll enjoy free access to all content until our subscription service launches in early 2026.

Unlimited access to industry insights
Stay on top of key rules and regulatory changes with our Rules Navigator
Ad-free experience with no distractions
Regular podcasts from trusted external experts
Fresh compliance and regulatory content every day

Topics

Latest News

BNP Paribas loses $20m Sudan jury trial, expects reversal on appeal

FINTRAC fines Cryptomus a record C$177m for AML/ATF violations

Update on ESMA final report on ESG ratings technical standards

Topics

Latest News

Risk management over innovation – CD Howe on Canada’s regulatory landscape

Financial services failing Consumer Duty as 45% remain confused by 'simplified' language

Relaxing bank leverage rules carries real risk, BoE warns

Topics

Latest News