Certain Republican presidential candidates, in their most recent debate, stated their intention to go to “cyberwar” with China. The New York Department of Financial Services (“NYDFS”), while more modest in its scope, announced on November 9, 2015 equally hostile intentions toward hackers and, more directly, toward financial institutions that don’t exercise good cyber-hygiene.
NYDFS, the state agency with jurisdiction over the insurers, banks, investment companies and mortgage brokers, among other financial services organizations, has been vigilant about cybersecurity for over a year, including cybersecurity questions in its annual bank examinations and sending examination letters to insurance companies about their information safeguards (our NYDFS blog post linked here).
In the November 9th letter to the Federal Reserve Board of Governors, the U.S. Department of the Treasury, the Securities and Exchange Commission and several other federal financial agencies and commissions, NYDFS Acting Superintendent Anthony J. Albanese detailed tough new cybersecurity regulations and asked for “collaboration and regulatory convergence,” because NYDFS, he wrote, “considers cybersecurity to be among the most critical issues facing the financial world today.”
The proposed regulations would require covered financial services organizations to do the following:
NYDFS is clearly serious about enforcing information safeguards. Covered financial services organizations would be well-advised to use these proposed regulations as a template for implementing robust security not primarily because the proposed regulations will soon come into effect, but because solid cybersecurity is good business. With new cyber-attacks reported across multiple media almost every day, good stewardship of customer sensitive data is a great marketing tool, and much less expensive than loss of business due to a breach.
For further information on financial services cybersecurity compliance and breach response protocols, please call Kenneth N. Rashbaum.