NYDFS Puts Additional Regulatory Burdens on Bitcoin Sector

The New York Department of Financial Service (NYDFS) has published a new cybersecurity regulation draft which might have a direct-indirect impact on the state’s Bitcoin industry growth.

Touted as the regulation that would limit consumers’ exposure to cyber attacks, the aforementioned law is likely to put additional legal burdens on the New York’s freshly brewing Bitcoin sector. The state’s FinTech entrepreneurs were already facing troubles in complying with a draconian BitLicense law.

Nevertheless, the new regulation is supposed to be the first of its kind in the entire United States, proposed to counter the “growing threat” from terrorists and other criminal organizations.

“This regulation is designed to promote the protection of customer information as well as the information technology systems of regulated entities,”

— states the introductory section of the new cybersecurity requirements draft.

For starters, the Bitcoin industry never wanted to collect customer information in the first place but was forced to do so by the BitLicense. Now, the very department seems to be imposing additional regulations to address one of the potential problems which never existed before BitLicense.

Compliance Requirements for the New Cybersecurity Regulation

According to the proposed regulation, companies will be required to assess their risk profiles and design a program to address those risks. Financial services companies in the State of New York will be required to draft a cybersecurity policy for their respective organizations to address the following areas:

(a). information security, (b). data governance and classification, (c). access controls and identity management, (d). business continuity and disaster recovery planning and resources, (e). capacity and performance planning, (f). systems operations and availability concerns, (g). systems and network security, (h). systems and network monitoring, (i). systems and application development and quality assurance, (j). physical security and environmental controls, (k). customer data privacy, (l). vendor and third-party service provider management, (m). risk assessment and (n). incident response.

In addition to an extensive policy, financial institutions including Bitcoin companies will be required to appoint a Chief Information Security Officer. According to NYSDFS, the cybersecurity proposal will be implemented from the beginning of next year (January 1, 2017).

The complete proposal is available for download here. The department has given a 45-day notice for public comments on the new draft cybersecurity proposal, starting September 28, 2016.

Whether this proposal will be implemented in its original form or not, it will be known by the end of the 45-day notice period. Either way, the financial services industry can’t escape additional burden imposed by the state’s financial services department. Will the new cybersecurity proposal lead to more Bitcoin companies moving out of New York state? Provide you comments below and let the discussion keep going.

Ref: NYSDFS |Image: Microsoft Blog