The New York State Department of Financial Services has outlined its proposals to strengthen cyber security regulations.
In a letter to other state and federal regulators, the NYDFS says it “considers cyber security to be among the
US strengthen cyber security regulations
most critical issues facing the financial world today”.
The watchdog, which has been investigating the issue for the last two years, surveying Wall Street firms and carrying out risk assessments, says that although the industry has taken significant steps to bolster security, it faces a fast-changing threat, and that the use of third party vendors has emerged as a particular problem.
Setting out its planned rule changes, the NYDFS says companies under its jurisdiction would be required to put in place written cyber security policies and procedures covering a host of areas.
They would also have to ensure that contracts with third parties included a set of rules designed to keep sensitive data safe, including the use of multi-factor authentication and encryption.
Under the new rules, firms would have to designate a chief information security officer responsible for overseeing policy, while cyber security staffers would be required to undergo mandatory training.
Audit trail systems would be put in place and firms would be required to notify the regulator immediately of any incident “that has a reasonable likelihood of materially affecting the normal operation”.
Writes Anthony Albanese, Acting Superintendent of Financial Services: “It is our hope that this letter will help spark additional dialogue, collaboration and, ultimately, regulatory convergence among our agencies on new, strong cyber security standards for financial institutions.”