Skip to main content
Blog
Home/
Intelligent Agreement Management

Complying with New York’s 23 NYCRR Part 500 Cybersecurity Regulation

Summary4 min read

The Docusign IAM platform offers financial services organizations tools like multi-factor authentication and identity verification to help comply with New York State's updated 23 NYCRR Part 500 cybersecurity regulation requiring enhanced security measures.

      • Docusign balances regulatory compliance and customer experience

      Table of contents

      Financial services organizations operating in New York State are subject to some of the most rigorous compliance requirements in the U.S. In no arena is this truer than cybersecurity, where the New York State Department of Financial Services (NYSDFS) has in recent years taken a more aggressive regulatory stance to help protect consumers and financial institutions from increasingly sophisticated and costly cyberattacks and data breaches.

      Significantly, NYSDFS amended 23 NYCRR Part 500, its cybersecurity regulation, on Nov 1, 2023. This latest amendment includes more robust requirements for implementing multi-factor authentication (MFA) under section 500.12.

      Beginning November 1, 2025, a broad group of financial services organizations designated as “Covered Entities” must enable multi-factor authentication (MFA) for “any individual accessing the Covered Entity’s internal networks from an external network,” unless a limited exemption applies.  MFA comes in many different flavors, and under Part 500, Covered Entities must implement at least two of the following types of authentication:

      • Type 1 – Knowledge factors, such as a password and/or passcode

      • Type 2 – Possession factors, such as a token or text message on a mobile phone

      • Type 3 – Inherence factors, such as a biometric characteristic

      Docusign balances regulatory compliance and customer experience

      Thanks to Intelligent Agreement Management (IAM) solutions offered by Docusign, financial institutions don’t have to choose between providing an outstanding customer experience and meeting the latest MFA requirements included in Part 500. 

      Docusign eSignature has long been a leading solution that helps financial firms deliver a secure, seamless, and trusted signing experience to their customers. Now, the Docusign IAM platform offers a wide range of capabilities that support the robust new MFA requirements that financial institutions must comply with. Docusign offers several solutions that financial institutions can incorporate into their workflows, including the following identity verification and authentication features:

      • Photo ID Verification: Verify government-issued identity documents automatically with these integrated identity verification capabilities: 

      • Risk-Based Verification: Balance security and customer experience by automatically adjusting the level of identity verification recipients must complete based on a recipient’s risk score, while providing detailed, actionable fraud insights.* 

      • Biometric verification: Allow signers to verify their identities by completing AI-powered biometric checks in less than a minute,** on average, as part of the process of completing agreements secured with Docusign ID Verification. Signers can also verify their identity using their existing or new CLEAR profile. 

      • Knowledge-Based Authentication (KBA): Enable recipients to identify themselves by successfully answering a series of personal questions accessed from public databases (i.e., “What is the name of the street you purchased your first house on?”).

      • Identity Wallet: Store and reuse identity verification details securely for faster, compliant agreements, enhancing user experience and maintaining security for repeat signers.

      • Access Code: Customize a unique code that your recipients must input into the Docusign workflow to access your agreement. The code must be communicated separately to the recipient (via email, phone, etc.). 

      • Phone Authentication: Allow signers to verify their identity by entering a one-time passcode delivered to their mobile device, a process that takes just seconds,** compared to other authentication methods that could take longer or be less secure. 

      • Notary On-Demand: Deliver on-demand, 24/7 notarization experiences with a pool of notaries publicly available across all 50 U.S. states.

      If you’re new to Docusign, schedule a demo today to see how our innovative solutions for multi-factor authentication can work for you. And if you’re a current Docusign customer, reach out to your account representative to learn how to activate these IDV solutions on your existing subscription.

      * Coming later in 2025; currently available in Beta. ** Based on Docusign product usage data. Individual results may vary.

      Related posts

      • Intelligent Agreement Management

        How To Know If Your Team Needs to Automate Your Contract Process

        How To Know If Your Team Needs to Automate Your Contract Process

      Discover what's new with Docusign IAM or start with eSignature for free

      Explore Docusign IAMTry eSignature for Free
      Person smiling while presenting