Captive owners in the US should take note of developments related to the new cyber compliance law in New York, warned Bruce Wright of Sutherland, Asbill & Brennan.
Speaking on the hot topics panel alongside Tom Jones of McDermott Will & Emery at the World Captive Forum, Wright explained that as the National Association of Insurance Commissioners (NAIC) has adopted a similar cyber compliance model all US captive owners need pay attention.
The New York Cybersecurity Regulation (NYCRR), which became effective 1 March 2017, requires financial services companies to adopt a cybersecurity programme that “ensures the safety and soundness of the institution and protects its customers”.
According to Wright, while it is no bad thing for the industry to have to be more careful concerning cyber security, captives in New York have had issues with complying to the stringent regulations, which emphasise the protection of electronically maintained non-public information.
Wright said: “All of you are sitting out there saying ‘I can ignore it, I’m safe, I’m in someplace else, however, do take note that the NAIC has adopted a model cyber law, which is very similar to the New York law. So, this may be coming to a theatre near you in the near future.”
He continued: “The question is how all the other states are going to deal with this. We are going to likely see this go through the country and the question is how are the jurisdictions with captive laws going to respond with regards the operations of captives when and if these laws are adopted.”