Skip to Content

Here’s Why New York State Is Delaying New Cybersecurity Rules for Banks

December 28, 2016

The U.S. flag hangs on the facade of the Federal Reserve BanThe U.S. flag hangs on the facade of the Federal Reserve Ban
The U.S. flag hangs on the facade of the Federal Reserve Bank of New York headquarters.Photograph by Daniel Acker—Bloomberg via Getty Images

New York’s financial regulator said on Wednesday it was revising proposed cyber security rules for banks and insurers doing business in the state to incorporate industry feedback, delaying implementation by two months to March 1.

The rules from the New York State Department of Financial Services are being closely watched by financial services firms around the United States because they would be the first of their kind imposed by any state or federal agency.

At a hearing last week before New York state lawmakers, banking, and insurance industry representatives complained that the new rules did not distinguish between small and large financial institutions and might conflict with future U.S. government regulations.

The New York regulator has also received more than 150 comment letters from banks, insurers, and others in response to its proposed cyber security plan.

The agency said in a statement that it had carefully considered incorporating some of the suggestions into the proposed regulations, which will be finalized following another 30-day review by the industry and public.

Get Data Sheet, Fortune’s daily technology newsletter.

“New Yorkers must be confident that the banks, insurance companies and the other financial institutions that they rely on are securely handling and establishing necessary protocols that ensure the security and privacy of their sensitive personal information,” Financial Services Superintendent Maria Vullo said in the statement.

“This updated proposal allows an appropriate period of time for regulated entities to review the rule before it becomes final and make certain that their systems can effectively and efficiently meet the risks associated with cyber threats,” she said.

Reuters last week first reported on the agency’s plan to delay the regulations.