New York Proposes New Cybersecurity Regulations for Financial Institutions

logo-WHIR

This article originally appeared at The WHIR

The New York Department of Financial Services has sent a letter to Financial and Banking Information Infrastructure Committee members outlining potential new cybersecurity regulations. The letter (pdf), dated Monday, provides a review of the assessment measures taken by the organization, as well as proposed regulatory criteria including the establishment of policies and procedures, use of multi-factor authentication, and employment of Chief Information Security Officers and other cybersecurity personnel.

The letter by Acting Superintendent of Financial Services Anthony Albanese is part of an ongoing process which previously introduced cybersecurity questions into the regulatory approval process and a proposal for new legislation from state attorney general Eric T. Schneiderman. The FBIIC consists of regulators and industry groups including the Securities Exchange Commission, the Federal Deposit Insurance Commission, and the Federal Reserve Bank of New York.

Surveys and analysis conducted beginning in 2013 by the NYDFS began a financial cybersecurity review process, which continued with risk assessments and a further survey, this time relating to interactions with third-party service providers. That process has produced the set of regulations in eight areas outlined in the letter.

The NYDFS proposes that financial institutions adopt:

Albanese notes in the letter that the list is neither final nor complete, and that additional dialogue among industry and regulatory stakeholders is necessary to finalize the new requirements.

Also this week US prosecutors announced charges against conspirators in the 2014 JP Morgan data breach, which remains the most high-profile hack ever on a financial institution.

This first ran at http://www.thewhir.com/web-hosting-news/new-york-proposes-new-cybersecurity-regulations-for-financial-institutions