Photo of Ted Augustinos

Ted Augustinos

Subscribe to Ted Augustinos's Posts

Ted advises clients on cutting-edge privacy and data protection matters. Clients trust him to help them navigate emerging state privacy laws including the California Consumer Privacy Act, and cybersecurity requirements such as the NY DFS Cybersecurity Regulation.

Follow:Read more about Ted AugustinosTed's Linkedin Profile

In this episode of The Consumer Finance Podcast, Chris Willis is joined by Ted Augustinos and Kim Phan to introduce The Money Matrix, an upcoming webinar series helping financial institutions navigate privacy, data security, and AI in today’s complex digital landscape. The teaser highlights strategies to secure financial data, overcome barriers to adopting AI, and stay ahead of regulatory trends. Each session offers practical guidance to help teams like Neo, Trinity, and Morpheus remain innovative, compliant, and trusted. The series explores how financial institutions can balance innovation with data privacy while leveraging AI responsibly.

Key point: All businesses struggle with cybersecurity risks presented by their service providers. New guidance from the NY DFS applies to all DFS regulated entities, but the guidance would assist any business in any industry in addressing these risks.

On October 21, 2025, the New York Department of Financial Services (the “DFS”) issued important guidance for covered entities (including all DFS licensees) for managing their cybersecurity risk related to third-party service providers (“TPSPs”). Industry Letter – October 21, 2025: Guidance on Managing Risks Related to Third-Party Service Providers | Department of Financial Services specifically includes the covered entity’s use of cloud, file transfer, AI and fintech providers (“Guidance”). According to the DFS, the “Guidance does not impose new requirements or obligations . . ..” Rather, “it is intended to clarify regulatory requirements, recommend industry best practices . . ., and promote compliance . . ..” The Guidance highlights that managing the cybersecurity risk presented by TPSPs “remains a crucial element of a Covered Entity’s cybersecurity program,” and notes that it applies to all covered entities, regardless of size.