New cyber security regulations proposed for New York

New York bank regs

Benjamin Lawsky, New York financial services regulator, said this week that he intends to propose new banking and insurance cyber security regulations by the end of 2015.

Speaking at the Reuters Financial Regulation Summit in New York, Lawsky highlighted how new regulations could enhance security and prevent hacking. “The one thing we find to be an existential threat right now is whether our financial institutions and systems are adequately protected when it comes to cyber security,” Lawsky said.

According to Business Insurance, the New York Department of Financial Services issued a report in April that revealed that 30% of the 40 banks surveyed did not require outside vendors to inform the department of breaches, which led to exposure of bank data.

The Department of Financial Services of New York regulate all business of insurance companies, state-chartered banks and foreign banks that operate in the area, including big banks such as Goldman Sacks, Barclays and Deutsche Bank.

The new regulations will attempt to combat the issues explored in the report and may require banks to get warranties from their vendors explaining what cyber security protections they have in operation.

Alongside this, a second regulation could enforce a multi-stepped process that would allow employees and customers to log in to their systems to check they are authorised to use the service.

Lawsky says that if banks fail their security risk assessments, regulators would go public with this information. “If they fail, there would be pretty severe consequences. I think we have to think hard about telling the world that a particular bank is vulnerable to a cyber attack,” said Lawsky.

Increasing reports of hacks has led to a more in depth focus from banking regulators on cyber security and may become a major part of their routine examinations of banks in the future.