The New York Department of Financial Services (“DFS”) recently issued an industry guidance letter announcing new assessments that the department will utilize to examine cyber security preparedness. The new guidelines will apply to all the banks DFS has regulatory powers over. According to the Insurance Journal, the department is also considering extending similar cyber security assessments for the insurance industry.
Because cyber hacking constitutes a major threat to United States financial markets, DFS is implementing these new cyber security assessments in all bank examinations moving forward. Since regulatory examination ratings have consistently impacted the policies and operations of financial institutions, DFS hopes these assessments will encourage financial institutions to develop more robust cyber security practices.
Specifically, DFS will consider the following security related issues in its bank examinations:
- Corporate governance, including organization and reporting structure for cyber security related issues;
- Management of cyber security issues, including the interaction between information security and core business functions, written information security policies and procedures, and the periodic reevaluation of such policies and procedures in light of changing risks;
- Resources devoted to information security and overall risk management;
- The risks posed by shared infrastructure;
- Protections against intrusion including multi-factor or adaptive authentication and server and database configurations;
- Information security testing and monitoring, including penetration testing; Incident detection and response processes, including monitoring;
- Training of information security professionals as well as all other personnel;
- Management of third-party service providers;
- Integration of information security into business continuity and disaster recovery policies and procedures; and
- Cyber security insurance coverage and other third-party protections.
DFS’ cyber security assessments will examine the banks’ cyber security insurance coverage, as well as other third-party protections.
It is expected that Federal and State regulators will continue to emphasize implementing policies and procedures that protect against cyber-attacks in order to protect the national financial market as well as individual consumer’s privacy and finances.
PIB Law represents national banks, retailers, reinsurers, insurers, mortgage lenders and financial services companies from its offices in New Jersey, New York City, Philadelphia, Boston, San Antonio, and Chicago. For more information on reinsurance and insurance issues, contact PIB Law at 908-725-9700.