New York State Department of Financial Services (NYS DFS) cybersecurity proposal issues a regulation protecting consumers data from banks, insurance companies, and other financial services institutions.
New NYS DFS Regulations
NYS DFS states that the proposed regulation will be effective March 1, 2017. The new cybersecurity regulations will require financial institutions to protect consumer data and maintain a mature cybersecurity program at their organizations. These regulations expand further than protecting Nonpublic Personal Information (NPI) but will not also include the regulations of non-personal business information. The NYS DFS Regulations will also mandate penetration testing and require that data incidents be reported to NYS DFS within 72 hours.
The regulations state that all financial institutions must conduct a risk assessment which will allow the organization to truly understand the information they hold and the risks to their businesses. Part of this cybersecurity program also includes the organization to have a Vendor Risk and Third Party Service Provider management program in place. The Vendor Risk Management policy will ensure that security of Information Systems and Nonpublic Information that are accessible to Third Party Service Providers.
These new regulations should mature the cybersecurity practices on the financial services industry and will make these programs more effective through outlines risk assessment guidelines to follow. Fines will be enforced, so the cybersecurity practice must be taken seriously. The results will net a stronger Governance, Risk and Compliance standards for the organization. Click here to review more information about the cybersecurity requirements for financial services companies