Sign the NYDFS certification with the CEO. Without lying.
The 2023 amendments introduced personal liability through CISO + CEO dual-signature certification. $144M+ in DFS fines since 2021 across 27 consent orders. Material-compliance documentation depth examiners now expect, 8 specific document types maintained continuously, dual-signature workflow with the audit trail both signers see, officer-defense documentation captured throughout the year.
- All 23 NYCRR Part 500 sections (post-2023 amendments)
- CISO + CEO dual-signature certification with audit-trail-grade evidence
- 8 examiner document types maintained continuously
- Material-compliance assessment per section · officer-defense documentation
What is NYDFS Part 500 compliance software?
§500.17 is the regulator’s nightmare, CISO and CEO sign jointly. RiskWatch makes the materiality assessment defensible per section, captures the dual-signature audit trail both signers see, and produces all 8 of the document types DFS examiners always request. Most teams have 3 of 8 ready when the examiner shows up. Aligned to 23 NYCRR Part 500 , all 23 sections, with officer-defense documentation captured continuously.
$144M in DFS fines since 2021. 27 consent orders. Personal liability now built in.
The 2023 amendments transformed Part 500 from corporate compliance to personal accountability. CISO + CEO sign the certification jointly; DFS often adds certification-violation charges on top of any other Part 500 violation. Examiners now request 8 specific document types, most teams have 3.
CISO + CEO dual-signature on the certification. Personal liability.
The 2023 Second Amendment requires both CEO and CISO to sign the annual certification, and certification must be based on data and documentation sufficient to demonstrate “material” compliance. Dual-signature workflow with evidence-backed certification, neither signer attests to anything not backed by audit trail.
Examiners ask for 8 specific documents. Most teams have 3.
DFS examiners routinely request: cybersecurity policy, system architecture and data flow diagrams, IR + BCDR plans, risk assessment reports, CISO board reports + governance minutes, training logs + access recertifications, annual cert justifications, third-party assessments. All 8 maintained continuously, examiner-aligned format, audit-trail-grade.
Material compliance qualifier ≠ partial compliance. DFS adds cert violations on top.
The June 2023 amendment added “material” to the certification standard. But DFS often adds certification-violation charges whenever it finds any other Part 500 violation, exposing executives to personal jeopardy. Materiality assessment per section, with the audit trail showing what was material vs immaterial, defensible if DFS challenges the cert.
Both signers attest. Both face personal liability.
The 2023 amendments require CEO and CISO to sign the annual certification jointly. Each signature carries personal liability for material compliance. Both signers see the same audit trail, materiality assessments per section, supporting evidence for every assertion, and the officer-defense documentation that proves the certification was based on data, not just attestation.
When DFS challenges a certification (which happens, DFS adds certification-violation charges on top of any other Part 500 violation), the audit trail is what defends both officers. The platform captures it continuously throughout the year so April 15 cert is confirmation, not retrospective justification.
What DFS always asks for. Most teams have 3 of 8.
The DFS examiner document request is consistent across examinations: cybersecurity policy + program, system architecture diagrams, IR + BCDR plans, risk assessments, CISO board reports, training logs + access recertifications, cert justifications, and third-party assessments. Most NY-licensed FIs have policy + IR + risk assessments, and scramble for the rest the week before the exam.
The platform maintains all 8 continuously in DFS-aligned format. When examiners arrive, you hand them a current pack, not a 90-day-old one with stale dates that triggers follow-up requests.
The dual-signature workflow gave both of us the same audit trail. CEO signed because the evidence was there. CISO signed because there was no surprise gap.
NYDFS Cert + Examiner Pack
Twenty-six page pack covering all 23 sections + dual-signature workflow + materiality assessment template + all 8 DFS examiner document types in DFS-aligned format.
- Per-section materiality template
- Dual-signature workflow
- 8 examiner-doc templates
- Officer-defense doc guide
Looking for NYDFS ↔ NIST CSF ↔ FFIEC ↔ GLBA crosswalk? Find it on the compliance frameworks hub.
Common questions, answered up front.
About NYDFS 23 NYCRR Part 500, the 2023 amendments, dual-signature certification, examiner documentation, and how RiskWatch covers all of them.
What is NYDFS Part 500 compliance software?
What changed in the 2023 amendments?
What 8 document types do DFS examiners request?
How does the dual-signature certification work?
Is there a free trial?
Build your certification pack this week.
Start a 30-day free trial, all 23 Part 500 sections, dual-signature certification workflow, examiner document templates, MFA tracker, third-party oversight, and cross-mapping. No credit card required.
No credit card required · 30-day free trial · Cancel anytime