In an unprecedented effort to protect New York State's
financial services industry from cyber threats, Governor Andrew M.
Cuomo announced a proposed regulation that requires banks,
insurance companies, and other financial services institutions
regulated by the State Department of Financial Services (DFS) to
establish and maintain a cybersecurity program to protect consumers
and New York State's financial services industry.
The landmark proposed regulation is subject to a 45-day notice
and public comment period before its final issuance. Requirements
of the proposed regulation for financial institutions include:
Establishment of a cybersecurity
Adoption of a written cybersecurity
Designation of a chief information
security officer responsible for the program and policy
Creation of policies and procedures
designed for the security of information systems and non-public
information accessible to, or held by, third parties.
The DFS has published the details of the "Proposed
Cybersecurity Requirements for Financial Service Companies" on
Recognizing the dynamics of the swiftly evolving cyber industry,
the proposed regulation includes minimum standards while
maintaining flexibility so that the rule does not become unduly
restrictive as technology advances.
DFS's proposal to raise the cybersecurity standards for
financial institutions comes at a time when the increasing cyber
risk posed by hackers, employees, criminals and a host of other
actors has received significant media attention. In an effort to
protect its financial services industry from unauthorized
intruders, New York is seeking to impose more rigorous standards on
the industry, which is viewed as a significant target for cyber
To ensure that these new programs and policies are not simply
adopted without proper implementation, New York is proposing an
additional requirement that mandates cybersecurity awareness
training for all personnel, an appropriate document
retention/destruction policy for nonpublic information when it is
no longer required and an incident response plan to respond to any
Although New York's financial services industry may be the
first to be held to the proposed heightened standards, it almost
certainly won't be the last, as other states and industries
will likely follow suit to protect consumers and financial
institutions from an ever-increasing cyber threat.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
FinCEN notified U.S. financial institutions that the Financial Action Task Force updated the list of jurisdictions with strategic anti-money laundering ("AML")/countering the financing of terrorism deficiencies.
The last thirty years have witnessed a dramatic rise in bank adoption of the bank holding company ("BHC") structure. Inherent in this trend is an apparent accepted orthodoxy about the need of such structures from both a business and regulatory perspective.
Recent years have been marked by low interest rates and a highly liquid loan market, creating a very favorable environment for leveraged loans used to fund mergers and acquisitions, sometimes in conjunction with large one-time dividend payouts.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).