New York State’s Department of Financial Services (DFS) recently sent federal and state regulators a letter that sketched out possible cybersecurity requirements for players in the finance industry – including the adoption of cybersecurity policies (whether self-made or from third-party providers), regular security checks, and close coordination with the DFS in the event of breaches.
The November 9 memo came on the heels of DFS completing its survey on regulated insurance companies and banks, which provided a good look at these organizations’ existing cybersecurity programs and how similar set-ups can be scaled for wider use.
The DFS forwarded the missive to, among others, the Securities and Exchange Commission, the Federal Reserve Board of Governors, the Office of the Comptroller of the Currency, the National Credit Union Administration, and the Consumer Financial Protection Bureau.
The letter noted that regulation bodies must appoint information security officers and conduct annual audits to ensure a robust legal and administrative infrastructure for cybersecurity concerns.
The DFS added that new and more comprehensive procedures need to be established for third-party service providers, especially on the topics of encryption and liability in case of data loss due to a security breach.
The DFS said that the letter represents a step in the department’s stated goal of streamlining cybersecurity procedures across the state, covering areas such as information and systems security, data privacy and authentication, identity management, incident response, and many others.
