|
 The measures, which follow a string of high-profile hacking
incidents, would include everything from requiring that firms
appoint a chief information security officer and adopt a
multi-stepped process for allowing employees and customers to log
into their systems.
The details were outlined in a letter sent by the New York Financial
Department of Services (NYDFS) to other state and federal
regulators, and are the most comprehensive information to date about
the planned regulations.
NYDFS publicized the letter on the same day that U.S. prosecutors
unveiled criminal charges accusing three men of helping run a
sprawling series of hacking and fraud schemes, including a huge 2014
attack against JPMorgan Chase & Co , that generated hundreds of
millions of dollars of illegal profit.
"It is our hope that this letter will help spark additional
dialogue, collaboration and, ultimately, regulatory convergence
among our agencies on new, strong cyber security standards for
financial institutions," wrote Anthony Albanese, acting NYDFS
superintendent, in a letter to numerous regulators, including the
U.S. Office of the Comptroller of the Currency and Federal Reserve
Board of Governors.
The NYDFS regulations, if ultimately adopted, would require firms to
adopt written cyber security policies and procedures in 12 areas,
including customer data privacy and network security. Firms would
also have to develop policies to require that outside service
providers also keep data secure.
[to top of second column] |
The planned measures follow surveys that NYDFS conducted between
2013 and 2015 about cyber security programs of companies it
regulates. An April report, for example, revealed that one-third of
the 40 banks NYDFS had surveyed in 2014 did not require outside
vendors to notify them of data breaches, which could compromise bank
data.
Firms, if the measures are adopted, would have to conduct annual
testing and auditing of their cyber security systems. Each firm's
chief information security officer would also have to submit an
annual report to NYDFS, informing the regulator of possible
vulnerability to risks.
NYDFS has been mulling potential regulations for more than a year.
Benjamin Lawsky, the agency's former superintendent, discussed the
issue at a Reuters Financial Regulation Summit in May.
(Reporting by Suzanne Barlyn; Editing by Chizu Nomiyama, Phil
Berlowitz and Bernard Orr)
[© 2015 Thomson Reuters. All rights
reserved.] Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
