Some of Wall Street's biggest banks will face tough new cyber-security assessments under plans from New York state's financial services watchdog.
With cyber-attacks - such as the recent hacking at JPMorgan Chase - an increasing threat to banks and their customers, the New York State Department of Financial Services (DFS) has issued a guidance letter (PDF) to the firms, including Barclays, Credit Suisse and Santander, that it regulates.
These banks will now be examined on a host of issues, including their protocols for the detection of cyber breaches; corporate governance related to cyber security; their defences against breaches; and the security of their third-party vendors.
Firms will have to answer detailed questions on their security efforts, handing over things like the CVs of chief information security officers and descriptions of multi-factor authentication usage and application development standards.
The assessments will become regular, ongoing parts of all DFS bank examinations in a step that the regulator argues will help encourage stronger cyber security practices because examination ratings can have significant impacts on the operations of financial institutions, including their ability to enter new business lines of make acquisitions.
Benjamin Lawsky, superintendent of financial services, says: "It is our hope that integrating a targeted cyber security assessment directly into our examination process will help encourage a laser-like focus on this issue by both banks and regulators. Cyber hacking is a potentially existential threat to our financial markets and can wreak serious havoc on the financial lives of consumers."