DFS reports that its Cybersecurity Portal has been redesigned to assist users with their filings. To ensure that filings are matched to the appropriate Covered Entity or licensed person, DFS requires the use of an identifying number when filing. The identifying numbers are: NYS License number, NAIC/NY Entity number, NMLS number, or Institution number. A look-up feature is included in the portal for anyone who does not know which number to use. As is set forth below, the good news is that if an exemption is still valid with no changes in status of the reporting person or entity, no new filing of an exemption notice is necessary.
Exemptions - If a Covered Entity or licensed person has an exemption that is still valid, they do not need to file a new Notice of Exemption in 2021. If there has been any change in exemption status, regulated entities or licensed individuals should amend or terminate their exemption as soon as possible and have 180 days from the end of the fiscal year in which they cease to be exempt to comply with all applicable requirements of Part 500. A Link to section of the recent clarifying guidance is here.
Certification of Compliance – All Covered Entities and licensed persons who are not fully exempt from the Cybersecurity Regulation are required to submit a Certification of Compliance no later than April 15, 2021, attesting to their compliance for the 2020 calendar year.
Filing Instructions to assist with the process are detailed in the link above.
Receipts - You will receive an email with a receipt number for all filings you complete. The receipt will indicate the year the filing was made. The receipt will also indicate the type of filing made: Notice of Exemption will have a receipt number that begins with the letter “E” and Certifications of Compliance will have a receipt number that starts with the letter “C.” You should maintain a copy of this email in your records for future reference.
Questions about filings should be directed to DFS at email@example.com.