Which financial institutions must comply with NYDFS 23 NYCRR 500?

All entities operating under a DFS license in New York: state-chartered banks, credit unions, insurance companies, licensed lenders, mortgage servicers, money transmitters, check cashers, virtual currency businesses, and premium finance agencies. Federal banks with national charters (OCC-supervised) are generally not DFS-licensed, but many NY-headquartered financial institutions hold DFS licenses alongside federal charters and must comply.

What makes an institution a 'Class A' entity under the 2023 NYDFS amendments?

Class A entities have 2,000 or more employees (including affiliates), $1 billion or more in annual gross revenue (including affiliates), or $5 billion or more in year-end total assets (including affiliates). Class A entities face enhanced obligations: independent cybersecurity audit, quarterly board reporting on cybersecurity, and senior officer attestations. Mid-size regional banks and insurers with affiliates frequently qualify as Class A.

Do AI and ML systems count as 'information systems' under 23 NYCRR 500?

Yes. DFS defines information systems as any electronic system used to access, transmit, store, or process information. AI/ML models processing customer financial or health data are information systems. AI training datasets containing nonpublic information (NPI) are covered. Inference pipelines, model serving infrastructure, and AI API integrations that touch NPI are all within scope and must implement 23 NYCRR 500 controls.

How long must AI decision audit trails be retained under NYDFS?

23 NYCRR 500.06 requires audit trails for 5 years for data supporting financial transactions and 3 years for other cybersecurity event data. AI systems making or contributing to financial decisions (loan approvals, insurance underwriting, fraud determinations) require 5-year retention. The audit trail must record every AI inference accessing NPI: model version, input categories, output, timestamp, and downstream action. DFS examiners specifically review whether AI audit trails are sufficient to reconstruct automated decisions.

What does the NYDFS independent audit cover for AI-intensive institutions?

Class A entities must conduct an independent annual cybersecurity audit. DFS examiners have reviewed AI/ML systems as part of cybersecurity audits, including: AI risk assessment completeness, model versioning and change control processes, audit trail sufficiency, access controls for AI infrastructure, third-party AI vendor risk management, and whether the CISO has visibility into all AI systems processing NPI. The audit is independent — meaning it cannot be conducted solely by the team responsible for AI operations.

How does NYDFS 23 NYCRR 500 compare to OCC SR 11-7 model risk management?

Both apply to financial institution AI but with different focus areas. NYDFS 23 NYCRR 500 is a cybersecurity regulation — it covers AI as an information system that must be secured: access controls, audit trails, incident notification, and breach prevention. OCC SR 11-7 (and its Federal Reserve counterpart) is a model risk management framework — it covers AI as a model that must be validated: development governance, validation documentation, ongoing monitoring, and inventory. AI systems at DFS-licensed institutions face both frameworks: cybersecurity controls under 23 NYCRR 500 and model validation under SR 11-7 (or equivalent).

How does Tenet AI support NYDFS 23 NYCRR 500 compliance for financial AI?

Tenet AI provides the 5-year immutable audit trail required by 23 NYCRR 500.06 for AI systems processing nonpublic information. Every inference is logged with model version, input data categories, output, and timestamp in a tamper-evident record. Tenet's anomaly detection supports the 72-hour incident notification requirement by identifying unusual AI decision patterns that may signal a security event. For Class A board reporting: Tenet's decision analytics provide the AI risk metrics (anomaly rate, model drift, override frequency) that CISOs need for quarterly board cybersecurity presentations.

NYDFS 23 NYCRR 500 Cybersecurity Regulation for AI/ML Systems: What DFS-Licensed Institutions Must Do

Q: What AI security events require 72-hour DFS notification?

Material cybersecurity events must be reported within 72 hours of determination. AI-specific events likely requiring notification: unauthorized access to AI training data or model infrastructure; model poisoning attacks corrupting AI financial outputs; adversarial attacks on fraud detection AI causing quantifiable financial loss; third-party AI model provider breaches exposing NPI transmitted via API. The 72-hour clock starts at the materiality determination, not at discovery — covered entities need a defined AI incident materiality assessment process.

New York Department of Financial Services (NYDFS) 23 NYCRR 500 cybersecurity regulation applies to all DFS-licensed entities — banks, insurers, money transmitters, mortgage servicers, and licensed lenders — operating in New York. The 2023 amendments created tiered obligations: Class A entities (2,000+ employees, $1B+ revenue, or $5B+ assets) face enhanced requirements including independent cybersecurity audits and quarterly board reporting. AI and ML systems used in financial operations are within scope as "information systems" containing "nonpublic information." Key AI-specific obligations: risk assessment before AI deployment, 5-year audit trail retention for all AI decisions involving nonpublic information, 72-hour incident notification for material AI security events, and annual penetration testing of AI infrastructure. DFS enforcement has produced fines exceeding $100M in individual actions.

Which Entities Are Covered and What Is a "Class A" Institution

23 NYCRR 500 applies to any person operating under a license, registration, charter, certificate, or similar authorization under New York Banking Law, Insurance Law, or Financial Services Law — covering state-chartered banks, insurance companies, money transmitters, licensed lenders, mortgage loan servicers, and check cashers. Class A entities under the 2023 amendments are those with 2,000 or more employees (including affiliates), $1 billion or more in annual gross revenue (including affiliates), or $5 billion or more in year-end total assets (including affiliates). Class A entities face enhanced cybersecurity requirements beyond the baseline: independent annual audits, quarterly board reporting on cybersecurity, and senior officer attestations. AI-intensive financial institutions should determine their Class A status at the outset — Class A thresholds are easily met by mid-size banks and regional insurers.

AI Systems as "Information Systems" and Nonpublic Information in AI Pipelines

23 NYCRR 500.01(f) defines "information systems" as any electronic system used to access, transmit, store, or process information, and "nonpublic information" (NPI) as individually identifiable financial, health, or business information. AI and ML systems processing customer financial data, credit histories, insurance claims, transaction records, or health information for underwriting are information systems containing NPI under this definition. This means: AI training datasets containing customer financial or health records must meet 23 NYCRR 500 data security requirements; inference pipelines that process NPI through AI models must have audit controls; and AI model outputs that include or reference NPI are subject to access control, encryption, and retention requirements. The DFS has indicated in examination guidance that AI and ML systems are squarely within the regulation's scope as information systems.

5-Year Audit Trail Requirement for AI Financial Decisions

23 NYCRR 500.06 requires covered entities to maintain audit trails designed to detect and respond to cybersecurity events with sufficient detail to reconstruct material financial transactions. For AI systems making or contributing to financial decisions, a compliant audit trail must: record every AI inference that accesses or produces NPI; include the model version, input data categories, output, timestamp, and downstream action taken; be retained for a minimum of 5 years; and be tamper-evident or tamper-resistant. DFS examiners specifically review whether AI audit trails are sufficient to reconstruct automated credit decisions, insurance underwriting outputs, and fraud detection actions. AI teams should design audit logging for 5-year retention from day one — retrofitting retention is expensive and creates gaps during exam cycles.

72-Hour Cybersecurity Incident Notification for AI Events

23 NYCRR 500.17 requires covered entities to notify DFS within 72 hours of determining a cybersecurity event is material. AI-specific events that likely require 72-hour notification: unauthorized access to AI model infrastructure or training data; model poisoning attacks that corrupted AI financial decision outputs; adversarial attacks on fraud detection AI causing measurable financial loss; and third-party AI model provider breaches that exposed NPI transmitted via API. The 72-hour clock starts when the event is determined to be material — covered entities should establish a defined materiality determination process for AI events that can operate within 72 hours. DFS also requires a written cybersecurity incident response plan (CIRP) under 500.16 that covers AI systems.

Class A Enhanced Requirements: Independent Audit and Board Reporting

Class A entities must complete an independent cybersecurity audit conducted by a qualified external or internal auditor, report quarterly to the board of directors or equivalent senior officer on cybersecurity matters including AI risks, and have the CISO provide written reports to the board at minimum quarterly on material cybersecurity risks and the status of the cybersecurity program. For AI: the independent audit scope must include AI/ML systems — DFS examiners have reviewed AI model risk management frameworks as part of cybersecurity audits. Board reports should address AI-specific risk metrics: anomaly detection results, model performance monitoring, third-party AI vendor risk, and any AI incidents. The senior officer attestation (500.17(b)) certifies compliance; Class A CISOs must be prepared to defend AI cybersecurity program adequacy.