-
New York regulator Benjamin Lawsky may use the cybersecurity rules he's proposed for virtual-currency companies as a model for traditional banks. That would subject the financial institutions his agency supervises to the most stringent data-security rules anywhere.
October 17 -
Bank executives need to understand these basics of vulnerability and accountability when it comes to the security of electronic networks or they could quickly lose their jobs.
December 2
New York banking regulator
In a memo published on the Department of Financial Services website, Lawsky said that he planned to include a heightened focus on data protection in department's IT examinations and risk assessments.
"In an effort to promote greater cyber security across the financial services industry, the New York State Department of Financial Services plans to expand its information technology examination procedures to focus more attention on cybersecurity," Lawsky said in the memo.
Banks will now be required to answer questions about their cyber infrastructure in a pre-examination questionnaire known as a "First Day Letter." The questions will cover a range of topics, including a bank's reporting structure for cybersecurity issues, plans for information security testing and insurance coverage for third-party liabilities.
Additionally, Lawsky said the department will begin inspecting banks' cybersecurity policies and infrastructure, following each bank's comprehensive risk assessment.
As part of those examinations, banks will be required to provide information on 12 different topics related to their cyber infrastructure, including credentials of their chief information security officers, their data classification systems and due diligence process for vetting providers.
The announcement, which comes two months after
New York Governor
Lawsky previewed plans for heightened security standards in October, saying in a speech that he planned to use the cybersecurity provisions of his proposal to regulate virtual currency firms as a model for future bank cyber regulations.
His