NY Sets High Bar for Bank Cybersecurity Protections
Last week the New York State Department of Financial Services issued a bulletin describing the Department’s new expanded information technology (IT) and cybersecurity examination procedures. Notably, the standards outlined in the bulletin are stricter than the assessments conducted by the Federal Financial Institutions Examination Council (FFEIC) earlier this year.
Benjamin Lawsky, Superintendent of the Department of Financial Services, has taken a harder line on online bank security. The Financial Services Department will now include corporate governance, management of threats and issues, IT resources, shared infrastructure, protections against intrusions, testing, monitoring, training and management of third-party service providers in its cybersecurity examinations. Considering that the Department regulates the majority Wall Street banks, these new procedures are likely to lead the pack in establishing new industry standards.
- Cybersecurity Examination Bulletin: http://www.dfs.ny.gov/banking/bil-2014-10-10_cyber_security.pdf