Financial industry cybersecurity concerns grow, New York acts

With growing concerns over cyber risks, federal and state regulators have increased efforts to develop new cybersecurity standards. New York became the first state to require banks, insurance companies, and other regulated financial institutions to establish and maintain a cybersecurity program to protect consumers and the industry, with regulations taking effect March 1, 2017. Meanwhile, federal banking regulators are considering cyber risk management standards and resilience standards for large financial institutions and their service providers. In addition, the Securities and Exchange Commission has adopted regulations to strengthen the technology infrastructure of the securities markets, and the Commodity Futures Trading Commission has adopted related rules on system safeguards. This White Paper will discuss New York’s new requirements, explore issues under consideration by federal banking agencies, and explain requirements imposed by federal securities and commodities regulators.