Media Coverage
Source: American Banker
Media Coverage
12.10.14
A regulator with the New York Department of Financial Services announced this week that the agency will toughen its cybersecurity examinations for state-chartered banks, making the requirements even stiffer than federal standards. The Federal Financial Institutions Examination Council (FFIEC) began assessing hundreds of banks’ cybersecurity fitness this year.
The New York agency’s more stringent process will include requiring banks to provide resumes and extensive training information about current CIOs and their departments, as well as explanations of the institutions’ use of multi-factor identification and software testing practices. New York is the first state in the country to announce its own cybersecurity exam process.
Washington DC Public Policy partner Mercedes Tunstall told American Banker the New York requirements will undoubtedly prompt institution-wide change at many banks.
"A lot of financial institutions don’t have their policies and procedures addressing these issues; they just generally try to protect data,” she said.
Tunstall explains that at many financial institutions, IT and security may not always work in concert to protect data, a dynamic they will have to adjust to pass the new exam process.
"Something that is clear [from the New York process] is the expectation that they will have relationships with each other, that they won’t fight politically internally, that they will have a reporting structure so IT and infosecurity work together,” she said.