New York Wrote the AI Rulebook for $10 Trillion in Banks. Trump’s December EO Says Albany Can’t.
On October 16, 2024, the New York State Department of Financial Services — the regulator that sits over roughly 3,000 banks, insurers, and money-services firms holding more than $10,000,000,000,000 in assets — issued the most detailed AI-cybersecurity guidance any U.S. financial regulator had ever published. Superintendent Adrienne A. Harris (appointed by Governor Kathy Hochul (D-NY)) framed it as a Part 500 overlay: not a new rule, but a clarification of how the existing NYDFS Cybersecurity Regulation already requires covered entities to manage AI-driven threats — deepfake social engineering, AI-augmented phishing, AI-enabled vulnerability discovery, and AI-supply-chain risk from vendors who quietly embedded models into their products.
For nearly fourteen months the letter shaped how every NYDFS-regulated compliance shop wrote its AI-risk policies. Then, on December 11, 2025, President Donald Trump (R) signed an executive order titled Eliminating State Law Obstruction of National Artificial Intelligence Policy— directing the Attorney General to stand up an AI Litigation Task Forcewithin thirty days, with the sole mandate of challenging state AI laws the administration deems inconsistent with the federal framework. The New York guidance was not named in the EO. Nor did it need to be. Every law firm that read the order — Skadden, Sidley, Covington, Debevoise — flagged the same collision course.
The watershed real-world incident that NYDFS pointed to was the Arup engineering firm scam in early 2024: a Hong Kong-based employee was duped into wiring $25,000,000 across 15 separate transactions to 5 bank accounts after a video call in which every other participant — including the company’s CFO — was a deepfake. That is the threat NYDFS wrote the letter to address. The question now is whether the state still gets to.
- $10,000,000,000,000assets regulatedheld by the ~3,000 banks, insurers, and money-services firms inside the NYDFS Part 500 perimeter (NYDFS, Oct 16 2024 press release)
- $25,000,000Arup scam losswired by a Hong Kong-based finance worker after a deepfake video call · 15 transfers across 5 bank accounts · February 2024 · the case that anchors the NYDFS letter
- 3,000%deepfake attemptsincrease year-over-year per the NYDFS-cited Onfido 2024 Identity Fraud Report (Onfido methodology: 31x rise across its identity-verification platform)
- Oct 16, 2024guidance issuedSuperintendent Adrienne A. Harris (Hochul appointee) signs the industry letter framing the four AI threat categories
- Nov 1, 2025MFA upgradePart 500.12 amendments take effect · MFA mandatory for all covered entities (no carve-outs without a compensating-control filing)
- Dec 11, 2025Trump EO‘Eliminating State Law Obstruction of National Artificial Intelligence Policy’ · DOJ AI Litigation Task Force chartered within 30 days · preemption framework against state AI rules
The October 16, 2024 industry letter is not a new regulation. It is what NYDFS calls a “Section 500 overlay” — an authoritative reading of how the existing 23 NYCRR Part 500 Cybersecurity Regulation, on the books since 2017 and substantially amended in November 2023, already requires covered entities to manage AI-related cyber risks. The letter is organized around four threat categories: (1) AI-enabled social engineering— deepfake voice, video, and email impersonation; (2) AI-enhanced cybersecurity attacks— faster reconnaissance, faster exploit development, larger attack surface; (3) exposure of nonpublic information used to power AI — the data covered entities feed into their own AI tools and the data their vendors feed into theirs; and (4) supply-chain vulnerabilities from AI products and services — the third-party-service-provider risk surface that ballooned the moment every enterprise SaaS vendor started shipping an embedded model.
“AI has improved the ability for businesses to enhance threat detection and incident response strategies, while concurrently creating new opportunities for cybercriminals to commit crimes at greater scale and speed.”
Adrienne A. Harris · Superintendent, NYDFS · October 16, 2024
What the letter requires, in practice, is that every covered entity treat AI as a first-class input into its existing Part 500 risk-assessment, governance, identity-and-access-management, personnel-training, third-party-service-provider, and incident-response programs. The Covington and White & Case client alerts that followed the release both made the same point: nothing in the letter creates a new filing. Everything in the letter changes how the existing filings will be read. NYDFS examiners now expect a covered entity’s risk assessment to name AI threats specifically, its training materials to teach staff to detect deepfake calls, and its TPSP diligence to ask vendors whether they embed models in the products the bank uses.
1. AI-enabled social engineering.Deepfake voice, video, and text impersonation of executives, regulators, and counterparties. NYDFS calls this “one of the most significant threats to the financial services sector.”
2. AI-enhanced cybersecurity attacks.Faster reconnaissance, faster exploit generation, automated credential-stuffing at scale, AI-tuned phishing-payload variation. The attacker’s tool budget collapsed.
3. Exposure of nonpublic information powering AI. The customer data, transaction data, and underwriting data that covered entities feed into their own AI tools — and that their vendors feed into theirs — is now a regulated data flow that must be governed under Part 500.
4. Supply-chain vulnerabilities from AI products and services. Every SaaS vendor that quietly embedded a model into its product is now a TPSP risk surface. The October 2025 follow-on letter on third-party service providers made the non-delegability point explicitly.
Adrienne A. Harris was appointed NYDFS Superintendent by Governor Kathy Hochul (D-NY) in 2021 and confirmed by the state senate in early 2022. Her prior career sat at the intersection of fintech, Obama-era economic policy (she served at the National Economic Council), and venture-backed financial-services investment. American Banker framed the October 2024 letter as a Harris-signature move: a regulator who reads the technology stack closely enough to draft a rule the technology stack can comply with. The letter, in that read, is what a fintech-fluent regulator does instead of a slow-moving rulemaking.
The institutional weight Harris brought to the document mattered. NYDFS regulates roughly 3,000 entities holding more than $10,000,000,000,000 in assets — not a small-state agency. When NYDFS issues an industry letter, every bank counsel in Manhattan reads it that week. The October 16 guidance was on every Part 500 compliance checklist by the end of October. By November 1, 2025, when the most recent Part 500 amendments took effect, the AI overlay was simply assumed as part of the operating environment.
“AI-enabled social engineering presents one of the most significant threats to the financial services sector.”
NYDFS · Industry Letter · “Cybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related Risks” · October 16, 2024
Every regulatory document has a precipitating incident. The NYDFS AI letter has one in particular: the Arup engineering firm deepfake CFO scam, disclosed publicly by Hong Kong police in early 2024 and reported in detail by CNN Business on May 16, 2024. A finance worker at the British multinational’s Hong Kong office received what appeared to be a routine email from the company’s U.K.-based CFO requesting an urgent confidential transaction. The worker was initially skeptical — until he joined a video call in which the CFO and several other colleagues appeared on screen. He recognized faces. He recognized voices.
Every other person on that call was a deepfake. The worker authorized $25,000,000 in transfers — 15 separate wires sent to 5 Hong Kong bank accounts. The fraud was discovered only after the worker followed up with Arup’s head office and learned no such transaction had been authorized. The CFO had never been on the call.
It was not a phishing email. It was a video conference. The attacker exfiltrated enough publicly available video and audio of the CFO and other Arup executives to build real-time deepfake avatars that passed visual and audio inspection on a live call.
It cleared internal controls. The worker had specifically been trained to verify unusual transactions. The deepfake video call was, in his judgment, that verification.
Why NYDFS cared:the same attack runs cleanly against any covered entity in New York. The NYDFS letter specifically calls out deepfake video and audio impersonation of executives as an “AI-enabled social engineering” risk that Part 500 risk assessments must now address.
The Onfido figure NYDFS cites in the letter — that deepfake attempts increased 3,000%year over year — traces back to Onfido’s 2024 Identity Fraud Report, which measured a 31x riseacross the company’s identity-verification platform. The order-of-magnitude figure is what regulators tend to anchor on when writing guidance: the threat is not theoretical, it is not edge-case, and it is no longer expensive for an attacker to execute.
The most operationally consequential part of the NYDFS letter is its discussion of multi-factor authentication. The Part 500.12 amendments that took effect November 1, 2025 already mandated MFA across all covered entities — no carve-outs without a compensating-control filing approved by the Superintendent. The October 2024 AI letter went one step further: it warned that any MFA implementation relying on SMS one-time-passcodes, voice-recognition, or video-recognition factors is now exposed to AI-augmented bypass techniques.
What the letter pushes toward, without quite mandating, is the shift to phishing-resistant authentication — FIDO2 hardware security keys, passkeys, and platform-bound credentials that cannot be replayed by an attacker holding a synthesized voice sample. The Debevoise data-blog read of the letter framed it most pointedly: NYDFS is signaling that an examiner will, going forward, treat SMS-only MFA as a control gap regardless of whether the regulation literally requires its replacement.
On October 21, 2025, NYDFS issued a follow-on industry letter that closed what had been the most-debated ambiguity in the 2024 AI guidance: who bears responsibility when a covered entity’s vendor — an enterprise SaaS platform that quietly added an AI model to its product — becomes the attack vector. The 2025 letter answered directly: covered entities cannot push the obligation onto the vendor.
“Covered Entities' compliance responsibilities cannot be delegated to third parties.”
Sidley · Data Matters · NYDFS Third-Party Cybersecurity Risks Guidance · October 23, 2025
The non-delegability principle is what transforms the AI letter from a soft-touch advisory into something with teeth. Under the 2025 TPSP framing, when a covered entity uses a downstream AI tool — embedded in a CRM, a fraud-detection platform, an HR system, an underwriting engine — it now owns the AI risk-assessment work for that tool. Vendor attestations are evidence, not a defense. Sidley, Covington, and Alston & Bird all framed the October 2025 letter as the operational spine that gives the October 2024 AI overlay its real compliance load.
On December 11, 2025, the White House published Eliminating State Law Obstruction of National Artificial Intelligence Policy. The order’s most consequential operative paragraph directs the Attorney General to establish, within 30 days, an AI Litigation Task Forcewhose “sole responsibility shall be to challenge State AI laws inconsistent with the policy.” The grounds the task force is authorized to invoke include unconstitutional regulation of interstate commerce, preemption by existing federal regulations, and any other unlawful basis the Attorney General identifies. The order carves out exceptions for state laws on child safety, compute infrastructure, and government procurement — categories the NYDFS letter does not occupy.
Skadden’s December 2025 client alert on the EO laid out the framework cleanly: the administration’s position is that state-by-state AI rulemaking creates an interstate-commerce burden the federal AI framework is designed to displace. Whether NYDFS guidance qualifies as a “state AI law” for purposes of the EO is itself contested. NYDFS guidance is not statute; it is a regulator’s reading of a financial-services cybersecurity regulation that has been on the books since 2017. The AI overlay is, formally, about cybersecurity controls at financial institutions — a traditional area of state insurance-and-banking authority — and not about regulating AI systems as such.
American AI dominance must not be obstructed by patchwork state laws written by activists and trial lawyers. The DOJ AI Litigation Task Force will challenge any state rule that conflicts with the national framework.
Paraphrased commentary · not a verbatim post
Editorial paraphrase · composite of the Trump administration's stated position on state AI preemption in the December 11, 2025 EO and accompanying public framing.
Federal AI policy must override state-by-state regulatory overreach. Innovation cannot be choked by 50 different rulebooks.
Paraphrased commentary · not a verbatim post
Editorial paraphrase · composite of the Trump-administration position on state AI preemption.
The federalism point. States have regulated the safety and soundness of state-chartered financial institutions since the founding. The NYDFS Part 500 Cybersecurity Regulation is a cybersecurity rule for financial institutions, not an AI rule. The October 16 letter clarifies an existing cybersecurity rule for a new threat vector. The federal framework does not occupy the field of financial-institution cybersecurity.
The non-AI-law point.The letter does not regulate AI products, AI developers, or AI deployers as such. It tells a regulated bank that if the bank uses any AI tool or faces any AI-enabled threat, the bank’s existing cybersecurity-control obligations apply. That is not an AI law in the sense the December 11 EO targets.
The McCarran-Ferguson / dual-banking-system point. U.S. financial regulation has been built on dual federal-state authority for over 150 years. A blanket federal preemption of state cybersecurity authority over state-chartered institutions would represent a structural break the courts have historically been cautious to read into ambiguous federal statutes.
The roughly 3,000 entities inside the NYDFS Part 500 perimeter are now operating under two contradictory signals. NYDFS examiners are still scheduled to assess Part 500 compliance against the October 16, 2024 AI overlay and the October 21, 2025 TPSP follow-on. The federal AI Litigation Task Force, chartered under the December 11, 2025 EO, may or may not bring suit to enjoin one or both. The Compliance Week and ABA Banking Journal coverage of the trade-press read both noted what every general counsel inside the perimeter has already concluded: until a court rules, compliance with NYDFS is the only safe posture, because NYDFS has examination authority NYDFS exercises today, while DOJ enforcement of the EO will take months to materialize.
The operational result is a regulatory tax: every covered entity is running parallel legal analyses, parallel compliance programs, and parallel vendor-diligence workstreams. Whichever side prevails, the institutions in the middle have already paid for both.
DFS Superintendent @AdrienneAHarris issued new guidance to financial institutions on cybersecurity risks arising from AI and strategies to combat related risks. The guidance addresses AI-enabled social engineering, AI-enhanced cyberattacks, exposure of nonpublic information, and supply-chain risks.
NYDFS expects banks and firms to cut risks posed by AI, according to new guidance from Superintendent Adrienne Harris. Covered entities should incorporate AI-related risks into their existing Part 500 cybersecurity programs — not as a new filing, but as a clarification of existing obligations.
- The DOJ AI Litigation Task Force’s first filing. The thirty-day clock in the December 11 EO put the chartering deadline at on or about January 10, 2026. The first complaint the task force files will signal whether it targets statute-based state AI laws (Colorado, California, Texas) before it reaches regulator-issued guidance like the NYDFS letter, or whether it tries to draw the perimeter wider from the start.
- NYDFS’s defensive posture.Whether Superintendent Harris recharacterizes the October 16 letter as a cybersecurity clarification rather than an AI rule — the framing most likely to survive a preemption challenge — is the move every Part 500 practitioner is watching for.
- The November 1, 2025 MFA enforcement window. The Part 500.12 amendments mandating MFA are in effect. NYDFS’s first enforcement action citing the AI letter’s SMS-MFA-obsolescence framing will set the floor for the rest of the industry.
- Other state regulators following the NYDFS template. California (DFPI), Texas (Department of Banking), and Illinois (IDFPR) have all signaled interest in similar cybersecurity-AI overlays. Whether they publish after the preemption EO or pause to see the litigation outcome will shape whether the NYDFS letter remains an outlier or becomes the start of a state-regulatory cluster.
- The Arup-style incident inside a covered entity. The NYDFS letter is currently anchored to a Hong Kong incident. The first publicly disclosed deepfake-CFO loss at a New York-chartered institution will determine whether the AI overlay is a paper exercise or the predicate for the first big Part 500 enforcement action of the cycle.
This page will be updated as the DOJ AI Litigation Task Force files its first complaints, as NYDFS issues any follow-on clarification, and as covered entities begin publicly disclosing AI-enabled cybersecurity incidents.