N.Y. financial regulator to delay cyber security rules

(Reuters) — New York's financial regulator will delay an anticipated Jan. 1 deadline for banks and insurers doing business in the state to comply with controversial cyber security rules, a person familiar with the matter said.

The regulator, the New York State Department of Financial Services, will publish a revamped version of its cyber security rules in the New York State Register on Dec. 28, the person said.

The new effective date, following a public review period, will be March 1, 2017, the person said.

Banks and insurers have been fighting for an extension of the compliance deadline and other changes ever since the regulator formally unveiled the proposed rules in September.

On Monday, banking and insurance industry representatives voiced their concerns about the rules in a hearing before New York state lawmakers. Among their objections: The rules did not distinguish between small and large financial institutions and would possibly conflict with future U.S. government cyber security rules.

The New York regulator received more than 150 letters from banking and insurance industry groups, among others, in response to the cyber security plan.

Other changes to be included in the revised rules are unclear.