23 NYCRR 500 · AI circular letter · Covered entities

Veladon for NY DFS AI: Part 500 Evidence for Covered Financial Institutions

NY DFS's 23 NYCRR 500 is the strictest state-level cybersecurity regulation for financial services in the US. In October 2024 NYDFS issued an AI-specific circular letter extending 500 requirements to AI risk: covered entities must address AI threats in risk assessments, cybersecurity programs, and third-party risk management. Any bank, insurer, or financial-services company with a NY charter or significant NY operations falls in scope.

Full name
NY Department of Financial Services AI Cybersecurity Guidance (23 NYCRR 500)
Effective
Part 500 amendments November 2023; AI-specific circular letter October 2024
Jurisdiction
New York State (covered entities: banks, insurers, credit unions operating in NY)
Primary regulator
NY Department of Financial Services (NYDFS)
Get the NYDFS 500 AI evidence mapHow Veladon works

Executive summary · for CISOs + Compliance Officers

Why this matters for 500–2,500 employee mid-market.

NY DFS's 23 NYCRR 500 is the strictest state-level cybersecurity regulation for financial services in the US. In October 2024 NYDFS issued an AI-specific circular letter extending 500 requirements to AI risk: covered entities must address AI threats in risk assessments, cybersecurity programs, and third-party risk management. Any bank, insurer, or financial-services company with a NY charter or significant NY operations falls in scope. NYDFS examinations in 2025–2026 are specifically asking for AI-related risk-assessment evidence, AI-related third-party evidence (especially LLM providers), and AI-related training artifacts.

Veladon's quarterly pack maps to 500.2, 500.3, 500.9, 500.11, 500.14, and 500.15 with AI-circular-letter cross-references. For a NY-chartered bank, insurer, or money transmitter facing a NYDFS examination in 2026, the pre-indexed pack substantially reduces CISO preparation time (typical 40–80 hours saved per quarter) and lowers the risk of Matter Requiring Attention (MRA) or Matter Requiring Immediate Attention (MRIA) findings on AI-specific circular-letter asks.

Which NY DFS AI controls matter for employees using public LLMs?

These are the specific articles, controls, or sections that govern the moment an employee pastes data into ChatGPT, Claude, or Gemini. A general-DLP retrofit rarely maps to these by default — Veladon's evidence pack carries the references inline on every log line.

  • 500.2 — cybersecurity program extended to AI risk
  • 500.3 — cybersecurity policy with AI use case coverage
  • 500.4 — CISO qualification and reporting obligations
  • 500.9 — risk assessment with AI-related threats
  • 500.11 — third-party service provider security policy (includes LLM providers)
  • 500.14 — training and monitoring program extended to AI
  • 500.15 — encryption of nonpublic information in AI interactions
  • AI Circular Letter (Oct 2024) — specific guidance on AI risk management, deep fakes, model theft, prompt injection

Control-by-control mapping · 8 controls

What Veladon evidences for each NY DFS AI control.

The concrete control-ID to evidence mapping auditors request during fieldwork. Every NY DFS AI control below is indexed inline on every log line Veladon generates — so the quarterly evidence pack ships pre-sampled for each control.

Control IDRequirementVeladon evidence
23 NYCRR 500.2Cybersecurity program — each covered entity shall maintain a cybersecurity program designed to protect the confidentiality, integrity, and availability of the covered entity's information systems.AI-specific monitoring evidence — prompt-level logs demonstrating cybersecurity program coverage for AI use cases, mapped to 500.2 program-scope requirements.
23 NYCRR 500.3Cybersecurity policy — each covered entity shall implement and maintain a written cybersecurity policy approved by the board or senior officer.AI policy version history — policy configuration changes tracked with editor, timestamp, rationale, approval evidence. Feeds the cybersecurity policy maintenance requirement.
23 NYCRR 500.4(b)Chief Information Security Officer — the CISO shall provide a written report annually to the board on the cybersecurity program.CISO quarterly reporting inputs — AI-related cybersecurity events, policy effectiveness, third-party AI risk status, training-program completion. Feeds the annual board report.
23 NYCRR 500.9Risk assessment — each covered entity shall conduct a risk assessment no less than annually.AI threat inventory and risk assessment inputs — nonpublic information categories processed in AI prompts, per-use-case risk scoring, third-party AI provider risk evaluation.
23 NYCRR 500.11Third-party service provider security policy — each covered entity shall implement written policies and procedures designed to ensure the security of information systems and nonpublic information accessible to third-party service providers.Third-party provider classification — OpenAI, Anthropic, Google, Microsoft provider registry with data-handling evidence, contract references, security-control evaluation per the circular letter.
23 NYCRR 500.14Training and monitoring — cybersecurity awareness training, including social engineering, for all personnel.Training-notice acknowledgments per employee, per-employee policy-compliance records, ongoing monitoring via Veladon's per-prompt oversight evidence.
23 NYCRR 500.15Encryption of nonpublic information — each covered entity shall implement controls including encryption of nonpublic information.Redaction evidence showing nonpublic information was protected in transit — per-prompt raw-vs-redacted delta, encryption-in-transit evidence, client-side protection before wire transit.
NYDFS AI Circular Letter (October 2024)Address AI-related cybersecurity threats in risk assessments, cybersecurity programs, and third-party risk management.Explicit AI-circular-letter crosswalk — every Veladon event tagged with applicable circular-letter requirement; quarterly pack includes circular-letter-specific index.

What lands in your quarterly evidence pack for NY DFS AI.

Veladon's quarterly evidence pack is structured around the exact artifacts a Big 4 auditor or regulator asks for. The list below is what lands in your /quarterly-exports/ folder 30 days after deployment.

  1. 01500.2 — AI system activity logs demonstrating cybersecurity program coverage for AI use cases
  2. 02500.9 — AI threat inventory and risk assessment inputs (nonpublic information categories in AI prompts)
  3. 03500.11 — third-party provider classification and data-handling evidence for LLM providers
  4. 04500.14 — training-notice acknowledgments and per-employee policy compliance records
  5. 05500.15 — redaction evidence showing nonpublic information was protected in transit
  6. 06CISO reporting evidence — quarterly reporting inputs on AI-related cybersecurity events for CISO board presentations (500.4(b))

Implementation playbook · 5 phases · 500 employees in 5–10 business days

How to deploy Veladon for NY DFS AI in a compressed timeline.

  1. Phase 01

    Circular-letter alignment

    Week 1–2

    Activities

    • CISO + board review of October 2024 AI circular letter impact
    • Scope AI-related requirements into existing 500 cybersecurity program
    • Deploy Veladon to pilot for discovery + baseline

    Artifacts produced

    • Board memo on AI circular letter
    • 500-program scope update
    • Pilot inventory + baseline metrics

  2. Phase 02

    Policy + vendor risk

    Week 3–4

    Activities

    • Update 500.3 cybersecurity policy with AI coverage
    • Update 500.11 third-party provider policy for LLM providers
    • Configure Veladon for nonpublic-information redaction (500.15)
    • Enable training-notice acknowledgment capture (500.14)

    Artifacts produced

    • Updated 500.3 cybersecurity policy
    • Updated 500.11 third-party policy
    • Veladon nonpublic-information configuration
    • Training-notice workflow

  3. Phase 03

    Production rollout

    Week 5–6

    Activities

    • Full MDM rollout across all covered-entity personnel
    • Activate 500.2 AI-specific monitoring
    • Deliver workforce training under 500.14
    • Transparency notice for employee monitoring

    Artifacts produced

    • 100% deployment evidence
    • Training completion log
    • Notice acknowledgment log

  4. Phase 04

    Examination readiness

    Month 2–3

    Activities

    • Prepare CISO quarterly report inputs (500.4(b))
    • Conduct annual risk assessment update (500.9) with AI inclusion
    • Tabletop exercise on AI-related incident scenarios
    • Prepare examination response runbook

    Artifacts produced

    • CISO report draft
    • Annual risk assessment with AI section
    • Tabletop exercise log
    • Examination runbook

  5. Phase 05

    Continuous examination posture

    Quarterly

    Activities

    • Quarterly NYDFS 500 + AI circular-letter evidence pack
    • Annual CISO board report (500.4(b))
    • Annual risk assessment (500.9)
    • Continuous monitoring per 500.2

    Artifacts produced

    • Quarterly packs
    • Annual CISO reports
    • Annual risk assessments

Concrete use cases · how NY DFS AI obligations show up in practice

The specific scenarios Veladon covers for NY DFS AI.

NYDFS examination — AI-specific evidence request

NYDFS opens a routine examination of a NY-chartered community bank. The examination includes AI-related questions per the October 2024 circular letter. Examiner requests risk assessment (500.9) with AI coverage, third-party provider policy (500.11) for LLM providers, training program (500.14) with AI modules, and evidence of cybersecurity program scope for AI (500.2). Veladon's quarterly pack supplies all four with circular-letter-specific indexing. Examination closes with no AI-related findings — typical outcome for tool-supported evidence posture.

Annual CISO board report under 500.4(b)

The CISO of a NY insurance company prepares the annual 500.4(b) board report. Veladon's quarterly packs across the prior four quarters supply the AI-cybersecurity section: policy effectiveness, incident summary, third-party AI risk status, training completion, AI-system inventory trends. The board-level narrative writes in 2 hours from the pack excerpts vs 15–25 hours without tool support.

Third-party risk under 500.11 for LLM providers

A money transmitter adds ChatGPT Team, Claude Team, and Gemini Business as employee-approved AI providers. 500.11 requires written policies on third-party service provider security. Veladon's third-party provider registry captures OpenAI DPA + SOC 2, Anthropic DPA + SOC 2, Google DPA + SOC 2 + ISO 27001, with contract-reference evidence and data-handling policy. Policy documentation satisfies 500.11 without a net-new vendor-risk process.

Annual risk assessment expansion under 500.9

A NY-chartered bank's annual 500.9 risk assessment adds AI-related threats (data exfiltration, prompt injection, third-party AI provider risk, deep fake social engineering). Veladon's AI threat inventory supplies the identified-threats section; per-use-case impact evaluation supplies the risk-severity scoring; nonpublic-information redaction rates supply the mitigation-effectiveness inputs. Risk-assessment completion time drops from 60–100 hours (manual research) to 15–30 hours (tool-supported).

Matter Requiring Attention remediation

A mid-tier bank received a NYDFS examination finding with an MRA on 500.2 (AI program scope) and 500.11 (third-party AI governance). Remediation requires evidence within 90 days. Veladon deploys in week 1, generates interim evidence at 30 days, full quarterly pack at day 90. The remediation submission packages the pack as evidence of corrected posture. MRA closes with no escalation to MRIA or consent order.

NYC-specific AI bias-audit overlap (Local Law 144)

A NY-based insurance company using AI in underwriting decisions falls under both 23 NYCRR 500 circular letter (cybersecurity) and NYC Local Law 144 (AI bias audits for employment decisions, extended by some interpretations). Veladon's use-case impact assessment supports both: cybersecurity scope via 500.2/500.9, bias-relevant inputs via per-use-case documentation. One tool supports two regulatory surfaces; CISO + Compliance Officer collaborate on both tracks using common data.

Deadline calendar

NY DFS AI deadlines + audit milestones.

Framework deadline

Continuous (examination cycles)

  1. Annual

    Annual CISO board report

    500.4(b) written annual report on cybersecurity program, including AI-related risks.

  2. Annual

    Annual risk assessment

    500.9 risk assessment with AI inclusion per October 2024 circular letter.

  3. Rolling (typically 12–24 month cycles)

    NYDFS examinations

    On-site or remote examinations. AI-specific evidence requested per October 2024 circular letter.

  4. 90–180 days from finding

    MRA/MRIA remediation

    Remediation of examination findings with evidence submission.

Why a general DLP retrofit is insufficient for NY DFS AI evidence.

General DLP deployed in a financial-services org handles classic 500 controls but does not map to the October 2024 AI circular letter. NYDFS examinations in 2025–2026 are specifically asking for AI-related risk-assessment evidence, AI-related third-party risk evidence (especially LLM providers), and AI-related training artifacts. Covered entities relying on classic DLP plus manual memos typically receive examination findings; those with AI-specific logging close cleanly.

Questions CISOs ask about NY DFS AI

Common questions about NY DFS AI and employee AI use.

Which financial institutions are covered by 23 NYCRR 500 and the AI circular letter?

Covered entities include any person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation, or similar authorization under NY banking, insurance, or financial services law. This captures most NY-chartered banks, credit unions, insurers, mortgage bankers and brokers, and money transmitters. The AI circular letter extends 500 requirements explicitly to AI risk for all covered entities, regardless of the entity's size.

What does the NYDFS AI circular letter actually require?

The October 2024 circular letter requires covered entities to: (1) assess AI-related cybersecurity threats in their annual risk assessment, including prompt injection, model theft, deep fakes, and data exposure to third-party AI; (2) update cybersecurity policies to address AI use cases; (3) include AI risk in third-party service provider governance under 500.11; (4) extend training and monitoring under 500.14 to AI; (5) ensure encryption under 500.15 protects nonpublic information in AI interactions. None of these requires a specific tool, but all require evidence of operation.

How does NYDFS 500 interact with the EU AI Act for a NY bank with EU branches?

The two frameworks overlap at the evidence layer for AI-related controls. A NY bank with EU branches falls under both: NYDFS 500 for the NY operations, EU AI Act for the EU branches. Veladon's quarterly pack supports both mappings — 500-indexed evidence for the NY examination and Article 26-indexed evidence for the EU audit. One logging infrastructure, two index views.

What happens in a NYDFS examination if AI-related evidence is absent?

Typical outcome: a Matter Requiring Attention (MRA) or Matter Requiring Immediate Attention (MRIA) citing 500.2 (cybersecurity program scope), 500.9 (risk assessment), or 500.11 (third-party governance). Resolution requires a Corrective Action Plan with evidence of remediation, typically on a 90–180 day timeline. Larger covered entities have received multi-million-dollar consent orders for 500 deficiencies; AI-specific findings in 2025–2026 examinations are escalating in frequency.

Does NYDFS require a specific AI tool or is Veladon sufficient evidence?

NYDFS does not endorse specific tools. The examination asks: can you evidence that you are managing AI-related cybersecurity risk consistent with the circular letter? Tools that produce the required evidence at the required granularity close examinations. Veladon's prompt-level logs, AI inventory, third-party provider classification, training-notice acknowledgments, and encryption evidence for nonpublic information in AI prompts satisfy the common examination asks. Your CISO attestation under 500.4(b) references the evidence set.

Tailored FAQ · NY DFS AI-specific

Additional NY DFS AI questions Veladon buyers ask.

Which financial institutions are covered by 23 NYCRR 500 and the AI circular letter?

Covered entities include any person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation, or similar authorization under NY banking, insurance, or financial services law. This captures most NY-chartered banks, credit unions, insurers, mortgage bankers and brokers, and money transmitters. The AI circular letter extends 500 requirements explicitly to AI risk for all covered entities regardless of size.

What does the NYDFS AI circular letter specifically require?

The October 2024 circular letter requires covered entities to: (1) assess AI-related cybersecurity threats in their annual risk assessment, including prompt injection, model theft, deep fakes, and data exposure to third-party AI; (2) update cybersecurity policies to address AI use cases; (3) include AI risk in third-party service provider governance under 500.11; (4) extend training and monitoring under 500.14 to AI; (5) ensure encryption under 500.15 protects nonpublic information in AI interactions.

How does NYDFS 500 interact with EU AI Act for a NY bank with EU branches?

The two frameworks overlap at the evidence layer for AI-related controls. A NY bank with EU branches falls under both: NYDFS 500 for NY operations, EU AI Act for EU branches. Veladon's quarterly pack supports both mappings — 500-indexed evidence for NY examination and Article 26-indexed evidence for the EU audit. One logging infrastructure, two index views.

What happens in a NYDFS examination if AI-related evidence is absent?

Typical outcome: a Matter Requiring Attention (MRA) or Matter Requiring Immediate Attention (MRIA) citing 500.2 (cybersecurity program scope), 500.9 (risk assessment), or 500.11 (third-party governance). Resolution requires a Corrective Action Plan with evidence of remediation, typically on a 90–180 day timeline. Larger covered entities have received multi-million-dollar consent orders for 500 deficiencies; AI-specific findings in 2025–2026 examinations are escalating in frequency.

Is Veladon's evidence sufficient by itself for a NYDFS examination?

Veladon supplies the tool-generated evidence (AI inventory, usage logs, third-party provider registry, training acknowledgments, encryption/redaction evidence). The organizational evidence (cybersecurity policy, incident-response plan, CISO qualification evidence, board-approval records) is customer-authored and maintained. Together, these satisfy the common examination asks. Typical outcome with the combined evidence set is examination closure with no AI-related findings.

Does the NYDFS AI circular letter apply to pre-existing AI use or only new deployments?

It applies to both. Covered entities must assess AI risk in the annual 500.9 risk assessment regardless of when the AI was first used. Existing unmanaged employee shadow-AI use at NY-chartered covered entities is precisely the risk NYDFS intends to capture. Veladon deploys in 5–10 days and produces the first quarterly pack at day 30, giving a covered entity under examination pressure a 60–90 day path to a complete evidence posture.

Pricing context · 500–2,500 employee deployments

What Veladon typically costs for NY DFS AI coverage.

For NYDFS 500 + AI circular letter coverage at 500–2,500 employees in NY-chartered banking, insurance, or financial services, Veladon lands at $22–32k ACV (mid-market tier) or $45–90k (enterprise tier) with NYDFS-indexed quarterly packs. The ROI math is weighted: a single NYDFS consent order at mid-market tier typically carries $500k–$5M penalties plus multi-year remediation costs; Veladon cost over 3 years is roughly 2–6% of a single consent-order cost. Avoiding even one MRA escalation to MRIA typically justifies the tool. For NY-chartered covered entities with existing Examination cycles, deployment should precede the next examination opening date by at least 90 days.

Related on Veladon

Need NY DFS AI evidence on a compressed timeline?

Veladon deploys via MDM in 30 minutes and generates the first evidence pack at day 30. Get the Veladon early-access brief — detailed architecture, detection taxonomy, and NY DFS AI crosswalk.

Get the NYDFS 500 AI evidence map