In October 2024, the New York Department of Financial Services settled a question that had been quietly building in compliance and legal teams across the state: does 23 NYCRR Part 500 apply to artificial intelligence?
The answer was yes — and it always had been.
NYDFS Superintendent Adrienne Harris's October 16, 2024 guidance letter didn't create new requirements. It clarified that the existing Part 500 framework — risk assessments, access controls, audit trails, third-party vendor management, incident response — already covers AI-related cybersecurity risks, including risks created by a covered entity's own AI deployments. The letter stated directly: covered entities "must assess and take appropriate steps to address their cybersecurity risks, including evolving risks arising from AI."
For banks, insurers, lenders, and other NY-regulated financial institutions, that clarification has a specific implication that most compliance programs haven't fully absorbed: when your employees use ChatGPT, Claude, Microsoft Copilot, or any other external AI tool in the course of their work, those interactions are inside your Part 500 compliance boundary — not outside it.
What Part 500 Actually Requires
The NYDFS Cybersecurity Regulation at 23 NYCRR Part 500 applies to every entity operating under a license, registration, charter, certificate, or authorization under New York's Banking Law, Insurance Law, or Financial Services Law. That scope is broad: commercial banks, community banks, mortgage companies, insurance carriers, insurance brokers, money transmitters, health maintenance organizations, and more.
The regulation's core requirements aren't novel for most covered entities — risk assessments, access controls, audit logging, encryption of nonpublic information in transit, incident response planning, annual CISO reporting to the board, and an annual certification of material compliance signed by the entity's highest-ranking executive and CISO. These have been in place, in various forms, since Part 500's original adoption in 2017 and the November 2023 Second Amendment.
The November 2023 amendments introduced three updates especially relevant to AI:
- Expanded CISO accountability. The CISO must now provide the senior governing body with more detailed and frequent cybersecurity reporting — including, per the October 2024 guidance, reports related to AI risks.
- Enhanced incident response. IR plans must be reasonably designed to address all types of cybersecurity events — explicitly including AI-related incidents.
- Expanded MFA. The final tranche of MFA requirements, which took effect November 1, 2025, requires MFA for any individual accessing any information system — not just systems containing nonpublic information (NPI).
On top of these requirements sits the October 2024 AI guidance letter, which works through Part 500's framework section by section and explains how each requirement applies in an AI context.
The Part 500 Gap Your Employees Are Creating Right Now
The October 2024 industry letter identifies four AI risk categories covered entities must assess: AI-enabled social engineering (deepfakes targeting employees and executives), AI-enhanced cyberattacks (threat actors using AI to find and exploit vulnerabilities faster), exposure of vast amounts of nonpublic information, and third-party/vendor supply chain vulnerabilities.
The third category is the one that most compliance teams at NY-regulated institutions haven't operationalized yet.
Consider the scenario: a relationship manager at a regional bank opens ChatGPT to draft talking points for a client call. She pastes in context — the client's loan structure, recent account activity, some notes from a prior meeting. The prompt goes to OpenAI's servers. The response comes back. She closes the tab.
Under Part 500, that interaction implicates at least four compliance obligations:
Risk assessment (Section 500.9). Part 500 requires risk assessments to be updated "whenever a change in the business or technology causes a material change" to the cybersecurity risk profile. NYDFS has explicitly stated it considers AI deployments — including employee use of external AI tools — to be a material change triggering risk assessment updates. If your risk assessment was completed before your employees started using AI tools, it doesn't satisfy current requirements.
NPI access controls (Section 500.7). The regulation requires covered entities to limit access to NPI to authorized users with a legitimate business need. When an employee pastes client data into an external AI platform, the NPI is now accessible to a third-party AI provider. Whether that transmission is consistent with your access control policies is a question your cybersecurity program should have an answer to — but most don't.
Audit trail (Section 500.6). Part 500 requires covered entities to maintain audit trails designed to detect and respond to cybersecurity events, with records retained for five years and producible to NYDFS on request. Standard API logs and browser history don't satisfy this. The audit trail that Part 500 contemplates includes what NPI was accessed, by whom, and through what channel — including external AI services.
Third-party vendor management (Section 500.11). AI vendors whose infrastructure processes NPI — model hosting providers, API gateway operators — are third-party service providers under Part 500. The October 2024 guidance added specificity: due diligence should evaluate how AI-related threats facing the vendor could affect the covered entity, and vendor agreements should require notification of any AI-related cybersecurity event. Most vendor agreements with AI providers don't include these provisions.
The Annual Certification Puts This on the CISO's Desk
Part 500 requires an annual certification of material compliance, signed by the covered entity's highest-ranking executive and CISO, filed with NYDFS by April 15 each year.
For calendar year 2025, that certification was due April 15, 2026. It covered the period when employee AI tool use became widespread across financial institutions — ChatGPT's growth into enterprise workflows, Microsoft Copilot's GA release, the integration of AI assistants into standard productivity software.
The certification requires attesting that the covered entity complied with all applicable Part 500 requirements during the previous calendar year. If the AI risk assessment wasn't updated, if the access control policies don't address employee AI tool use, if the audit trail doesn't capture AI interactions involving NPI — that's not a gap to fix for next year. It's a certification that is, at minimum, incomplete for the year that just passed.
NYDFS's enforcement record gives this weight. In January 2025, NYDFS imposed a $2 million penalty against PayPal for Part 500 violations including failures to report a cybersecurity event and gaps in required controls. In August 2025, a $2 million settlement with Healthplex illustrated that the pattern of enforcement wasn't limited to major institutions. The common thread in both cases: control gaps that could have been addressed before the event.
What Runtime AI Governance Provides
The Part 500 compliance gaps that AI creates aren't hypothetical future risks. They're present in most NY-regulated institutions today, accumulating with every employee session that uses an external AI tool without policy enforcement.
The governance layer that closes these gaps operates at the point of interaction: between the employee and the AI tool, before NPI leaves the organization.
That layer should do three things:
Policy enforcement at the prompt. A deterministic policy engine that evaluates each submission against your organization's NPI classifications — account numbers, customer data, transaction details, internal reports — and applies your rules about what can and can't be submitted to external AI services. Not a probabilistic filter, but a control that maps to your existing data handling policies.
A tamper-evident audit trail. When your CISO signs the Part 500 annual certification, or when a NYDFS examiner asks about your AI governance controls, the answer should be a log with user, timestamp, AI tool, policy outcome, and matched content category — not a training attestation and a policy document that no one has verified was followed.
Coverage across the full AI surface. ChatGPT, Microsoft Copilot, Claude, Gemini, Perplexity — and the AI capabilities embedded in the productivity tools your employees already use. Policy enforcement that only covers API traffic misses the browser-based sessions where most AI tool use actually happens.
Part 500 Compliance Isn't Waiting for New Regulations
The most important operational takeaway from the October 2024 NYDFS guidance letter is also the most direct: no new regulation was needed. The existing Part 500 framework already covered AI risks. What changed was that NYDFS made clear it intends to examine compliance against that framework — including how covered entities have assessed, controlled, and documented employee AI tool use.
For NY-regulated financial institutions, the compliance question isn't "will AI governance become a regulatory requirement?" It already is. The question is whether your risk assessment, access controls, audit trail, and vendor management program address it in a way that satisfies an examiner — and whether your CISO can sign the next annual certification with confidence.
Containment.AI enforces AI governance policies in real time — at the proxy layer, in the browser, and in the admin dashboard — giving compliance teams at regulated financial institutions the runtime policy enforcement and audit trail that Part 500 requires for employee AI tool use. Learn more or request a demo.