21 October 2017
Breana Patel
Breana Patel

Breana Patel

Breana Patel - Bonova Advisory | Risk &Regulatory Advisory

4Posts 22,384Views 1Comments
Finextra community

Financial Services Regulation

This network is for financial professionals interested in staying up to date on financial services regulation happening anywhere in the world. CFOs, bankers, fund managers, treasurers welcome.

Cyber Security Regulations : Financial Services

29 September 2017  |  9556 views  |  0


We live in an age where the threat of cyberattacks is seemingly imminent. As a result, many firms in the financial services and banking industries have stepped their game up and created specific security teams that can endure the various threats made by individual or organizational assailants. Also, to combat this risk, many regulatory bodies have done their part, by raising the threat level and introducing new privacy legislation every year.

In Retrospect


Whether it's a "lone wolf" or an organization, cyber-attackers are persistently discovering weaknesses to prey on. But with consumer privacy becoming more imperative with every passing day, it is necessary for firms to be able to withstand these attacks. As of late, many central financial institutions have cooperated on proposing a set of rules on cyber risk management standards. 


In response, the ‘Department of Financial Services' of New York State issued revolutionary cybersecurity regulations in February of this year. Taking effect on the 1st of March, the primary focus of this directive was to protect consumer data and financial systems from cyber attacks. New York governor, Andrew Cuomo believes that these "first-in-the-nation" regulations will help guarantee that the industry will have the necessary precautions in place to protect both consumers and producers from devastating cybercrimes.
Many of the terms defined in the document issued by the DFS are already in effect for most of the entities covered by the Gramm-Leach-Bliley Act (GLBA), and they are, therefore, largely unaffected. But some regulations surpass the requirements of the GLBA and all covered entities must adopt them. The GLBA however, mainly concerns itself with large firms and institutions. Consequently, many other financial service firms and smaller banks have had trouble adopting the statute due to discourse over guidance issues.


Financial services industry ups its game
Financial institutions and banks (the latter of which, extensively use digital technology) have begun exploring new technologies that can identify and prevent cyber attacks. Because some banks use technology like ATMs, voice biometrics is being implemented as an additional security measure. Moreover, banks are utilizing features such as social log-ins and content-based identification. Leading financial services firms have increased their annual cybersecurity budget substantially.


The entities covered by the New York State's new regulations were permitted 6 months from the effective date to comply with most of the terms, past which, non-compliance will not be tolerated. This makes the next couple of months extremely vital for institutions that haven't fulfilled the requirements.


To be one step ahead of possible attacks though, banks will need to regularly evaluate their potential vulnerabilities. Their threat levels should be under constant surveillance to forecast possible problems, and threat intelligence should be employed to understand when potential cyber attackers might attempt to take advantage of such holes in their armor.

Looking forward


Banks and financial institutions should take a proactive stance towards cyber security, which means relentlessly pursuing new technologies. When it comes to protecting consumer data, firms must comply with state, federal, and international privacy laws. With the advent of artificial intelligence which will present new risks, banks and financial services firms must find ways to effectively combat these risks.
Firms should consider cyber security, anti-fraud, and AML efforts. They should also launch a risk-based cybersecurity program while simultaneously complying with regulatory requirements. To conclude, when it comes to developing new products and services, the financial firms and banks should prioritize cybersecurity and the consumer's privacy.
On the other hand, banks, and firms can only do so much and will always look for ways to conserve money. It is up to the state regulatory bodies to ensure that they have solid regulations in place regarding cybersecurity. Once that happens, financial institutions will have to comply or suffer the consequences. The reason that these regulations need to be strict and the level of cybersecurity needs to be stellar is that these firms deal extensively in consumer data. Privacy is not a privilege; it is a human right. Here's how other states are looking to emulate New York and keep our private data secure: 

State Priority


New York
Broadening the definition of ‘consumer data' and protecting financial systems from cyber attacks (focusing on the systems rather than the individual consumer)


Colorado
Broker-dealers and investment advisors – They will have to comply with cybersecurity measures to ensure the protection of confidential personal customer information


Connecticut
Similar updates to their laws following in the steps of New York. Their primary focus is to restrict government access to emails and other online communications.


New Mexico
Regulations will be more "consumer data" focused than the regulations set by New York which concentrate more on the entities data collection systems.


Illinois
Focused on the consumer's "right to know" what kind of information is being collected on them.

TagsSecurityRisk & regulation

Comments: (1)

A Finextra member
A Finextra member | 29 September, 2017, 18:09

New York leading state to implement cyber security regulations in banks!

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Breana

AML BSA compliance : Revised CDD rule

17 October 2017  |  2986 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationWholesale bankingGroupFinancial Services Regulation

CCAR : Current and Future trends

16 October 2017  |  2894 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationTransaction bankingGroupFinancial Services Regulation

Cyber Security Regulations : Financial Services

29 September 2017  |  9556 views  |  0 comments | recomends Recommends 1 TagsSecurityRisk & regulationGroupFinancial Services Regulation

Unfolding Digital in Capital Markets

23 September 2017  |  6949 views  |  0 comments | recomends Recommends 0 TagsArtificial IntelligenceTrade executionGroupTrends in Financial Services

Breana's profile

job title CEO | Thought leader in Bank Regulations
location Manhattan
member since 2017
Summary profile See full profile »
Founder of a management consulting firm helping banking to unfold rules of regulations and manage risk enterprise wide.

Breana's expertise

Member since 2017
0 posts1 comments
What Breana reads
Wall street journalRisk
Breana's blog archive
October 2017 (2)September 2017 (2)

Who's commenting on Breana's posts