ALBANY, N.Y. (11/16/15)--The New York Department of Financial Services (DFS) last week issued a letter outlining new cybersecurity requirements for financial institutions, including credit unions.
The new requirements include mandatory annual audits, enhanced identity authentication for key databases and a mandate that firms have a single executive charged with managing their information security.
Mike Lanotte, New York Credit Union Association (NYCUA) senior vice president/general counsel, told News Now the NYCUA will continue to work with DFS while it works toward potential new requirements.
“We want to maintain dialogue with the DFS and determine what their ultimate goal would be, while making sure that any new regulations are not overly burdensome as it relates to credit unions,” Lanotte told News Now. “We want a fair and balanced outcome for everyone involved.”
DFS issued the letter after conducting a survey of more than 150 of its regulated banking organizations about their cybersecurity programs, costs and future plans. After reviewing and analyzing the responses, DFS released reports of its key findings in 2014 and 2015.
The reports highlighted the financial industry’s reliance on third-party service providers for critical banking and insurance functions as a continuing challenge, the letter said.
DFS has expanded its information technology examination procedures to focus more attention on cybersecurity.
“The department believes that it would be beneficial to coordinate its efforts with relevant state and federal agencies to develop a comprehensive cybersecurity framework that addresses the most critical issues, while still preserving the flexibility to address New York-specific concerns,” Anthony J. Albanese, New York’s acting superintendent of financial services, wrote in the letter.