New
York State's financial services regulator on Tuesday unveiled details
about potential new cybersecurity regulations for banks and insurance
companies under its jurisdiction.The
details were outlined in a letter sent by the New York Financial
Department of Services (NYDFS) to other state and federal regulators.
The letter provides the most comprehensive information to date about the
planned regulations, which Benjamin Lawsky, the agency's former
superintendent, discussed at a Reuters Financial Regulation Summit in
May.
"It is our hope that this letter will help spark additional dialogue, collaboration and, ultimately, regulatory convergence among our agencies on new, strong cybersecurity standards for financial institutions," wrote Anthony Albanese, acting NYDFS superintendent, in a letter to numerous regulators, including the U.S. Office of the Comptroller of the Currency and Federal Reserve Board of Governors.
The NYDFS regulations, if ultimately adopted, would require firms to adopt written cybersecurity policies and procedures in 12 areas, including customer data privacy and network security. Firms would also have to develop policies to require that outside service providers also keep data secure.
The planned regulations follow surveys that NYDFS conducted between 2013 and 2015 about cybersecurity programs of companies it regulates. An April report following one of those surveys, for example, revealed that one-third of the 40 banks NYDFS had surveyed did not require outside vendors to notify them of breaches, which could compromise bank data.
Firms would also have to appoint a chief information security officer to oversee and enforce their cybersecurity policies. Those officers would also have to file annual reports with NYDFS about those programs and potential risks to their firms.
"It is our hope that this letter will help spark additional dialogue, collaboration and, ultimately, regulatory convergence among our agencies on new, strong cybersecurity standards for financial institutions," wrote Anthony Albanese, acting NYDFS superintendent, in a letter to numerous regulators, including the U.S. Office of the Comptroller of the Currency and Federal Reserve Board of Governors.
The NYDFS regulations, if ultimately adopted, would require firms to adopt written cybersecurity policies and procedures in 12 areas, including customer data privacy and network security. Firms would also have to develop policies to require that outside service providers also keep data secure.
The planned regulations follow surveys that NYDFS conducted between 2013 and 2015 about cybersecurity programs of companies it regulates. An April report following one of those surveys, for example, revealed that one-third of the 40 banks NYDFS had surveyed did not require outside vendors to notify them of breaches, which could compromise bank data.
Firms would also have to appoint a chief information security officer to oversee and enforce their cybersecurity policies. Those officers would also have to file annual reports with NYDFS about those programs and potential risks to their firms.
No comments:
Post a Comment
comment