We live in an age where the threat of cyberattacks is seemingly imminent. As a result, many firms in the financial services and banking industries have stepped their game up and created specific security teams that can endure the various threats made by individual
or organizational assailants. Also, to combat this risk, many regulatory bodies have done their part, by raising the threat level and introducing new privacy legislation every year.
In Retrospect
Whether it's a "lone wolf" or an organization, cyber-attackers are persistently discovering weaknesses to prey on. But with consumer privacy becoming more imperative with every passing day, it is necessary for firms to be able to withstand these attacks. As
of late, many central financial institutions have cooperated on proposing a set of rules on cyber risk management standards.
In response, the ‘Department of Financial Services' of New York State issued revolutionary cybersecurity regulations in February of this year. Taking effect on the 1st of March, the primary focus of this directive was to protect consumer data and financial
systems from cyber attacks. New York governor, Andrew Cuomo believes that these "first-in-the-nation" regulations will help guarantee that the industry will have the necessary precautions in place to protect both consumers and producers from devastating cybercrimes.
Many of the terms defined in the document issued by the DFS are already in effect for most of the entities covered by the Gramm-Leach-Bliley Act (GLBA), and they are, therefore, largely unaffected. But some regulations surpass the requirements of the GLBA and
all covered entities must adopt them. The GLBA however, mainly concerns itself with large firms and institutions. Consequently, many other financial service firms and smaller banks have had trouble adopting the statute due to discourse over guidance issues.
Financial services industry ups its game
Financial institutions and banks (the latter of which, extensively use digital technology) have begun exploring new technologies that can identify and prevent cyber attacks. Because some banks use technology like ATMs, voice biometrics is being implemented
as an additional security measure. Moreover, banks are utilizing features such as social log-ins and content-based identification. Leading financial services firms have increased their annual cybersecurity budget substantially.
The entities covered by the New York State's new regulations were permitted 6 months from the effective date to comply with most of the terms, past which, non-compliance will not be tolerated. This makes the next couple of months extremely vital for institutions
that haven't fulfilled the requirements.
To be one step ahead of possible attacks though, banks will need to regularly evaluate their potential vulnerabilities. Their threat levels should be under constant surveillance to forecast possible problems, and threat intelligence should be employed to understand
when potential cyber attackers might attempt to take advantage of such holes in their armor.
Looking forward
Banks and financial institutions should take a proactive stance towards cyber security, which means relentlessly pursuing new technologies. When it comes to protecting consumer data, firms must comply with state, federal, and international privacy laws. With
the advent of artificial intelligence which will present new risks, banks and financial services firms must find ways to effectively combat these risks.
Firms should consider cyber security, anti-fraud, and AML efforts. They should also launch a risk-based cybersecurity program while simultaneously complying with regulatory requirements. To conclude, when it comes to developing new products and services, the
financial firms and banks should prioritize cybersecurity and the consumer's privacy.
On the other hand, banks, and firms can only do so much and will always look for ways to conserve money. It is up to the state regulatory bodies to ensure that they have solid regulations in place regarding cybersecurity. Once that happens, financial institutions
will have to comply or suffer the consequences. The reason that these regulations need to be strict and the level of cybersecurity needs to be stellar is that these firms deal extensively in consumer data. Privacy is not a privilege; it is a human right. Here's
how other states are looking to emulate New York and keep our private data secure:
State Priority
New York
Broadening the definition of ‘consumer data' and protecting financial systems from cyber attacks (focusing on the systems rather than the individual consumer)
Colorado
Broker-dealers and investment advisors – They will have to comply with cybersecurity measures to ensure the protection of confidential personal customer information
Connecticut
Similar updates to their laws following in the steps of New York. Their primary focus is to restrict government access to emails and other online communications.
New Mexico
Regulations will be more "consumer data" focused than the regulations set by New York which concentrate more on the entities data collection systems.
Illinois
Focused on the consumer's "right to know" what kind of information is being collected on them.