As of March 1, 2017, banks and insurers have yet another regulation to add to their list of compliance requirements, with the enactment of New York’s first-in-the-nation cyber-security regulation to protect the financial services industry (and its customers) from cyber-attacks. The regulation enforces minimum standards for cyber-security while encouraging firms to keep pace with technological advances and best practices in cyber-risk management.
The impetus behind the law, which might ultimately affect all financial services firms rather than just those based in New York, is that as the global financial services network becomes more interconnected, the risk of cyber-attack becomes more likely. Regulators are therefore proscribing stricter cyber-security requirements for FinServ firms. But for many, those requirements, and how businesses can prepare to adopt them, require some clarity.
