The cyber security risk is at the top of everyone’s agenda, and with the advent of GDPR, we should all now be taking it very seriously (if we are not already).  However it is now the time for financial services regulators to overlay data protection laws with their specific defined laws and rules.

The first mover is The New York State Department of Financial Services (DFS) but Im sure your favourite local regulator will be coming out with their’s very soon.

The DFS Regulation requires (prescribes) DFS-regulated financial services institutions to institute and maintain a cyber security programme for protecting consumers’ private information and ensuring “the safety and soundness of New York’s financial services industry” have come into effect.

The Regulation, which includes “REGULATORY MINIMUM STANDARDS” for preventing and avoiding breaches in cyber security, emphasises that senior management must “BE RESPONSIBLE” for their respective institutions’ cyber security programmes.

The Regulation promotes accountability through “REQUIRING IDENTIFICATION AND DOCUMENTATION OF MATERIAL DEFICIENCIES, REMEDIATION PLANS AND ANNUAL CERTIFICATIONS OF REGULATORY COMPLIANCE TO DFS.”

Copies of the Regulation : http://on.ny.gov/2kCpuC3

Moreover, the Accompanying Press Release : http://on.ny.gov/2lWUi4i