Blog article
See all stories »

Cyber Security Regulations : Financial Services

We live in an age where the threat of cyberattacks is seemingly imminent. As a result, many firms in the financial services and banking industries have stepped their game up and created specific security teams that can endure the various threats made by individual or organizational assailants. Also, to combat this risk, many regulatory bodies have done their part, by raising the threat level and introducing new privacy legislation every year.

In Retrospect

Whether it's a "lone wolf" or an organization, cyber-attackers are persistently discovering weaknesses to prey on. But with consumer privacy becoming more imperative with every passing day, it is necessary for firms to be able to withstand these attacks. As of late, many central financial institutions have cooperated on proposing a set of rules on cyber risk management standards. 

In response, the ‘Department of Financial Services' of New York State issued revolutionary cybersecurity regulations in February of this year. Taking effect on the 1st of March, the primary focus of this directive was to protect consumer data and financial systems from cyber attacks. New York governor, Andrew Cuomo believes that these "first-in-the-nation" regulations will help guarantee that the industry will have the necessary precautions in place to protect both consumers and producers from devastating cybercrimes.
Many of the terms defined in the document issued by the DFS are already in effect for most of the entities covered by the Gramm-Leach-Bliley Act (GLBA), and they are, therefore, largely unaffected. But some regulations surpass the requirements of the GLBA and all covered entities must adopt them. The GLBA however, mainly concerns itself with large firms and institutions. Consequently, many other financial service firms and smaller banks have had trouble adopting the statute due to discourse over guidance issues.

Financial services industry ups its game
Financial institutions and banks (the latter of which, extensively use digital technology) have begun exploring new technologies that can identify and prevent cyber attacks. Because some banks use technology like ATMs, voice biometrics is being implemented as an additional security measure. Moreover, banks are utilizing features such as social log-ins and content-based identification. Leading financial services firms have increased their annual cybersecurity budget substantially.

The entities covered by the New York State's new regulations were permitted 6 months from the effective date to comply with most of the terms, past which, non-compliance will not be tolerated. This makes the next couple of months extremely vital for institutions that haven't fulfilled the requirements.

To be one step ahead of possible attacks though, banks will need to regularly evaluate their potential vulnerabilities. Their threat levels should be under constant surveillance to forecast possible problems, and threat intelligence should be employed to understand when potential cyber attackers might attempt to take advantage of such holes in their armor.

Looking forward

Banks and financial institutions should take a proactive stance towards cyber security, which means relentlessly pursuing new technologies. When it comes to protecting consumer data, firms must comply with state, federal, and international privacy laws. With the advent of artificial intelligence which will present new risks, banks and financial services firms must find ways to effectively combat these risks.
Firms should consider cyber security, anti-fraud, and AML efforts. They should also launch a risk-based cybersecurity program while simultaneously complying with regulatory requirements. To conclude, when it comes to developing new products and services, the financial firms and banks should prioritize cybersecurity and the consumer's privacy.
On the other hand, banks, and firms can only do so much and will always look for ways to conserve money. It is up to the state regulatory bodies to ensure that they have solid regulations in place regarding cybersecurity. Once that happens, financial institutions will have to comply or suffer the consequences. The reason that these regulations need to be strict and the level of cybersecurity needs to be stellar is that these firms deal extensively in consumer data. Privacy is not a privilege; it is a human right. Here's how other states are looking to emulate New York and keep our private data secure: 

State Priority

New York
Broadening the definition of ‘consumer data' and protecting financial systems from cyber attacks (focusing on the systems rather than the individual consumer)

Broker-dealers and investment advisors – They will have to comply with cybersecurity measures to ensure the protection of confidential personal customer information

Similar updates to their laws following in the steps of New York. Their primary focus is to restrict government access to emails and other online communications.

New Mexico
Regulations will be more "consumer data" focused than the regulations set by New York which concentrate more on the entities data collection systems.

Focused on the consumer's "right to know" what kind of information is being collected on them.

Comments: (1)

A Finextra member
A Finextra member 29 September, 2017, 18:09Be the first to give this comment the thumbs up 0 likes

New York leading state to implement cyber security regulations in banks!

Breana Patel

Breana Patel

CEO | Thought leader in Bank Risk & Regulations

Bonova Advisory | Risk &Regulatory Advisory

Member since

06 Sep


New York

Blog posts




This post is from a series of posts in the group:

Financial Services Regulation

This network is for financial professionals interested in staying up to date on financial services regulation happening anywhere in the world. CFOs, bankers, fund managers, treasurers welcome.

See all