Winter can be an unpredictable time in New York. A well-seasoned New Yorker battles snow, winds, rain and bitter cold with gusto. Can you say the same for your building? Managers, and maintenance staff need to make sure their buildings are ready for whatever may come—and that means taking care of seasonal winterizing tasks before the first flakes fall.
The Winter Checklist:
You don’t want to wait until the cold weather actually arrives to start thinking about winterizing your building. Encourage building staff to bring any potential issues to management’s attention. This is the time you should be making repairs and doing preventative maintenance, if only to avoid exorbitant repair fees, mechanical failures, and potential liability.
On September 28, 2016, certain proposed regulations were published in the New York State Register regarding cybersecurity applicable to companies that operate under banking, insurance, or financial services laws. The proposed regulations will be open to a 45-day notice and public comment period following their September 28, 2016 publication. If the proposal is adopted, affected companies will have 180 days from the effective date to comply with its requirements. There is a limited exemption applicable to companies with (1) less than 1,000 customers in each of the last three years, (2) less than $5,000,000 in gross revenue in each of the last three years, and (3) less than $10,000,000 in year-end total assets. However, for all other affected companies, these regulations may require significant changes to their current cybersecurity programs.
The regulations require the development of a cybersecurity program designed to achieve “core cybersecurity functions,” including:
• Identification of cyber risks;
• Implementation of policies and procedures to protect unauthorized access/use or other malicious acts;
• Detection of cybersecurity events;
• Responsiveness to identified cybersecurity events to mitigate any negative events; and
• Recovery from cybersecurity events and restoration of normal operations and services.
Appointment of Chief Information Security Officer: Affected companies will be required to appoint a Chief Information Security Officer (“CISO”) responsible for overseeing and implementing the institution’s cybersecurity program and enforcing its cybersecurity policy. The CISO must also develop a bi-annual report, available to the DFS upon request, addressing the state of their cybersecurity programs and specifically to:
• Assess the confidentiality, integrity and availability of information systems;
• Detail exceptions to cybersecurity policies and procedures;
• Identify cyber risks;
• Assess the effectiveness of the cybersecurity program;
• Propose steps to remediate any inadequacies identified; and
• Include a summary of all material cybersecurity events that affected the regulated institution during the time period addressed by the report.
Written Cybersecurity Policy: Affected companies would also be required to implement a written cybersecurity policy, addressing at least fourteen specified areas, that is to be reviewed and approved annually by the board of directors and a senior officer or if there is no board of directors, then it must be approved by a senior officer. These areas include:
• Information security;
• Data governance and classification;
• Access controls and identity management;
• Business continuity and disaster recovery planning and resources;
• Capacity and performance planning;
• Systems operations and availability concerns;
• Systems and network security;
• Systems and network monitoring;
• Systems and application development and quality assurance;
• Physical security and environmental controls;
• Customer data privacy;
• Vendor and third-party service provider management;
• Risk assessment; and
• Incident response.
Encryption of Nonpublic Information: The regulations require that companies take steps to encrypt nonpublic information being transmitted or held. If encryption is not immediately feasible, firms can use appropriate alternative controls for one year for “in transit” data, and five years for “at rest” data. Companies will also have to implement authentication procedures for access to information systems and nonpublic information, and audit trail systems that track and maintain, for six years, financial transaction, accounting, and system access data. Further, companies must limit information system and nonpublic information access privileges solely to those who require such access to perform their responsibilities.
Third Party Information Security Policy: In addition to the above-described written policies, companies will be required to implement written policies and procedures relating to the cybersecurity practices of third party providers. A “Third Party Information Security Policy” must detail this assessment, state minimum cybersecurity practices required to do business with the company, and address due diligence processes. Companies are to establish “preferred provisions” to be utilized in agreements with third parties that hold the third parties contractually accountable for their cybersecurity practices.
Additional Requirements: Commencing January 15, 2018, each company will have to certify annually that it is in compliance with these rules and retain supporting records for five years. The rules call for additional periodic activities, such as annual cybersecurity risk assessments and penetration testing, and quarterly vulnerability assessments. Affected companies would further be required to regularly provide mandatory cybersecurity awareness training and employ sufficient cybersecurity staff to manage risks and perform core cybersecurity functions. Companies will have 72 hours to notify the NY State Department of Financial Services of certain cybersecurity events, such as a breach in security, that have a reasonable likelihood of materially affecting normal operations or nonpublic information, and must also have a written incident response plan in place.
The proposed regulations go significantly beyond federal requirements currently in effect in these areas, and impose quite a few new obligations, particularly in requiring annual cybersecurity assessments, notification of state authorities within 72 hours of a breach, and the designation of a Chief Information Security Officer. Affected companies should consult with their legal counsel and security experts to determine what updates and changes they will be required to make under the new law.
Bureaucracy is a paperwork generating monster, and co-op and condo buildings are no exception. From balance sheets to taxes and board minutes, the paper really stacks up. The documents that do need to be produced and held by the corporation are dictated by Article 6 of the New York Business Corporation Law (BCL), in the case of cooperative buildings, and the New York State Property Law, Article 9-B, the Condominium Act, which governs condominium practices. The requirements are virtually the same for both.
Co-ops and condos are required to permanently store: the articles of incorporation and all corporate documents, bylaws, rules and regulations and all amendments thereto. They must also keep the minutes of board and membership meetings, audit reports, year-end financial statements and the names and addresses of unit owners and their percentage of ownership.
Accounting requirements, under the law, are clear. All tax returns should be kept permanently, but the supporting paperwork, like records of income and deduction, need only be kept for seven years to satisfy the IRS Code. Employee records, including benefit and pension plans should be kept permanently, while employee tax records should be kept for at least four years.
Reports that buildings are required to produce and distribute to owners and shareholders include an annual financial report prepared by an accountant, which should contain a full audit of the books, balance sheet and a cash flow report, in addition to a notice regarding the annual shareholders meeting, which, in the case of co-ops, may be served as early as 60 days in advance and no later than 10 days in advance.
Minutes must be recorded and kept for every board meeting. Meeting minutes can be presented as evidence in legal proceedings, so be they should be documented accurately. Additionally, potential buyers may ask to examine the minutes to get a feel for would-be neighbors. With this in mind, it is important to be transparent when recording minutes.
Ultimately, keeping documents and records organized, and communicating responsibly and openly will help keep your building a functional, harmonious space.
Motorists driving down almost any neighborhood road in the suburbs during election months will most certainly be met with a barrage of political signage for candidates, not to mention bumper stickers, window decals, etc. Passing by residential property in cities like New York, however, is quite the opposite. In fact, there is a deafening political silence in most condo and co-op buildings, as almost all condo bylaws and co-op leases prohibit any kind of electioneering. Public and communal spaces within these buildings, (even your front door), are almost always barred from such advertising. The enforcement of these rules are not subject to one political bend or the other, but apply across the spectrum. In fact, nearly all signage and flag flying violates these rules, with two notable exceptions.
The American Flag.
The right to fly the American Flag was enshrined into law in 2006. The Freedom to Display the American Flag Act states that: “a condominium association, cooperative association, or residential real estate management association may not adopt or enforce any policy, or enter into any agreement, that would restrict or prevent an association member from displaying the U.S. flag on residential property within the association with respect to which such member has a separate ownership interest or a right to exclusive possession or use.” Bear in mind, this law protects only the American Flag. State flags, military flags, foreign flags are likely all prohibited by your lease.
Buildings generally make exceptions for religious displays in the hallway outside the door to your unit, or affixed to the door to your unit, such as a mezuzah, a cross, a prayer rug, etc. One co-op may be more lenient than another, however. It is important to be aware of your individual rules beforehand.
While it is not uncommon to see campaign fliers placed under apartment doors, much like menus from your local neighborhood restaurants, this is probably a violation of your building’s rules or by-laws. Remember, the aim here is not to restrict your political opinions or discourage anyone from voting. Rather, your building would prefer you keep it confined to the voting booth.
Litigation, while certainly a needed bow in the quiver, is not always a good first line of defense. Litigation can be costly, and if your building has a history of litigation, property values can be affected. Additionally, if your building is in the middle of a litigation, many lenders will shy away from making loans in connection with a unit in the building. Mediation is far less expensive than litigation and can be a positive and effective way to resolve condo and co-op disputes.
Typically in mediation, a mediator is jointly selected by the parties. In a city like New York, there is a long list of mediators with substantial experience in handling condo and co-op matters. Once the initial conflict checks are completed, and oaths made, the mediator reviews documents submitted by each party. A mediator will meet with all parties to discuss the matter and then meet with each party separately to hear confidential information and discuss possible settlement. After meeting with each party separately, and typically more than once, a mediator will recommend a particular avenue for settlement. If everyone agrees to the basic terms, an agreement can be drafted and the matter settled.
If the parties cannot resolve their dispute and litigation is commenced, there may still be an opportunity for the parties to be heard by a mediator. Depending on the nature of the litigation or the stage of the litigation, the parties may be ordered to mandatory mediation. Alternatively, if the issue involves a contract that included an agreement to arbitrate disputes rather than traditional litigation, the parties will be faced with arbitration.
Regardless of the nature of the dispute, the aim of your building’s board of directors and your building’s counsel should be to try to resolve the matter in the first instance. Litigation should not be a reactionary tool. When tempers flare, having cooler heads come to the table may save you a lengthy, costly court battle. Whether the parties try to mediate their dispute through their attorneys, or agree to mediation, often, third parties such as attorneys and mediators can resolve conflicts without the need for court intervention.