The New York State Department of Financial Services (DFS) has released new cybersecurity guidance aimed at addressing risks linked to the growing reliance on third-party service providers (TPSPs) by financial institutions.
Acting superintendent Kaitlin Asrow announced the guidance as part of DFS’s continued efforts to safeguard New Yorkers and regulated entities under its nationally recognised cybersecurity framework.
The guidance emphasises that while third-party providers play a crucial role in driving innovation and operational efficiency across financial services, accountability for data protection and risk management remains firmly with the regulated entities themselves. It seeks to clarify existing obligations under DFS’s cybersecurity regulation rather than impose new requirements, offering firms a clearer understanding of expectations and best practices when managing third-party risks.
DFS Acting Superintendent Kaitlin Asrow said, “While third-party service providers have driven innovation and enabled significant efficiencies in our financial system, regulated entities are still ultimately accountable for protecting consumers and managing risk. To ensure the safe and secure operation of financial services and the protection of nonpublic information, entities must establish and maintain appropriate internal risk management controls when using third-party service providers.”
The guidance serves as a reminder that financial firms must maintain robust internal risk management controls and conduct thorough due diligence when outsourcing functions to external partners. It also highlights the importance of implementing strong governance frameworks and contractual protections to mitigate the potential for cybersecurity incidents that could compromise consumer data or disrupt financial operations.
This latest publication builds upon DFS’s long-standing leadership in cybersecurity regulation, reinforcing its commitment to ensuring the financial ecosystem remains resilient amid evolving technological threats and dependencies.
Find more on RegTech Analyst
Keep up with all the latest FinTech news here
Copyright © 2025 FinTech Global
