ALBANY, N.Y. (5/19/15)--Benjamin Lawsky, New York's financial services regulator, said last week he hopes to propose new cybersecurity regulations for financial institutions and insurance companies under his supervision by year-end.
Lawsky said the regulations would seek to provide more security for financial institutions in fending off hackers, Reuters reported (May 11).
"The one thing we find to be an existential threat right now is whether our financial institutions and systems are adequately protected when it comes to cybersecurity," Lawsky, superintendent of the New York Department of Financial Services (DFS), said at the Reuters Financial Regulation Summit in New York.
Mike Lanotte, New York Credit Union Association senior vice president/general counsel, said his organization has followed this development with Lawksy’s office.
“The association has discussed this issue with the Department of Financial Services and monitored the efforts of the DFS and the state legislature on this priority issue,” Lanotte told News Now. “We will continue to work with these groups as proposals and legislation come forward to ensure credit union concerns and interests are considered and addressed in any regulation or legislation.”
The planned regulations would follow a report issued by Lawksy’s department in April. The report revealed that one-third of the 40 financial institutions it surveyed did not require outside vendors to notify them of breaches, a practice that could compromise financial institutions’ data.
"A bank's cybersecurity is often only as good as the cybersecurity of its vendors,” Lawsky said when the report was released.
One regulation may require financial institutions to get warranties from their vendors about what cybersecurity protections they have in place.
Lawksy noted that the massive breach at Target in 2013 was tied to its heating and ventilation systems contractor.
Another proposal could require financial institutions to adopt a process for allowing employees, and possibly customers, to log in to their systems in order to make sure they are authorized users, Lawsky said.
Data protection and cybersecurity are top advocacy issues on both the state and federal levels for CUNA, state credit union leagues and credit unions, and they continue to stress that merchants must be held to the same standards as financial institutions in protecting consumer data.
CUNA backs U.S. House Bill H.R. 2205, introduced by Reps. Randy Neugebauer (R-Texas) and John Carney (D-Del.). It would establish a process for companies of all sizes to follow in order to secure consumer data.
CUNA also strongly supports S. 961, introduced by Sens. Tom Carper (D-Del.) and Roy Blunt (R-Mo.). S. 961would set standards for entities that handle consumers' personal financial information, while outlining procedures that must be followed in the event of a data breach.