Cybersecurity for NY’s Financial Industry

Anthony Albanese, the acting superintendent of financial services for New York, has issued a memo requesting suggestions from other regulating bodies on proposed regulations for digital security for the financial industries, according to the New York Times.

Observing that, despite efforts to boost security, "Companies will continue to be challenged by the speed of technological change and the increasingly sophisticated nature of threats, ” Albanese is seeking input from national and state regulators including, but not limited to, the Federal Reserve, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation.

Under the current proposal, companies would be required to keep written policies on security procedures, with particular emphasis on the protection of third-party providers since, as noted by Albanese to the New York Times, “A company may have the most sophisticated cybersecurity protections in the industry, but if its third-party service providers have weak systems or controls, those protections will be ineffective.”

In addition to written definition of security procedures, the proposals also call for companies under the watch of the Department of Financial Services in New York to:

  • Name a chief information security officer
  • Perform annual testing and vulnerability assessments
  • Notify the regulating body of security incidents with a “reasonable likelihood” of materially affecting normal operations.