New Cybersecurity Regulations Proposed for Financial Services Organizations
In September 2016, the New York State Department of Financial Services (NYSDFS) proposed new cybersecurity regulations for banks chartered in New York, insurance companies doing business in the state and other financial institutions. If passed, the regulations could take effect as soon as January 1, 2017, with a 180-day transitional period to comply.
The drafted proposal would require covered financial institutions to:
- Establish a cybersecurity program
- Adopt a cybersecurity policy
- Appoint a chief information security officer
- Perform an annual risk assessment, penetration testing and periodic vulnerability assessments
- Encrypt nonpublic data
- Ensure that any companies with whom they do business have sufficient cybersecurity controls in place
- Perform cybersecurity awareness training programs for employees
- Create a written incident response plan
- Annually certify compliance to NYSDFS
Do you know enough about your current cyberattack prevention and response strategies to understand how existing and potential regulations impact you?
If you have questions about cybersecurity or how these proposed regulations could impact your financial institution, contact one of our industry experts.