Dive Brief:
- New York Governor Andrew Cuomo proposed a new regulation Tuesday requiring banks, insurance companies and other financial services institutions regulated by the State Department of Financial Services to establish and maintain a cybersecurity program.
- The regulation would also require regulated financial institutions to designate a CIO responsible for enforcing the cybersecurity program and additional requirements designed to help protect the "confidentiality, integrity and availability of information systems."
- The proposed rules are subject to a 45-day notice and public comment period before final issuance.
Dive Insight:
U.S. lawmakers have grown more concerned about financial security after the Bangladesh heist in February, wherein cybercriminals used the SWIFT banking network to request nearly $1 billion from an account at the Federal Reserve Bank of New York. SWIFT has struggled to get its member banks to comply with new security protocols implemented following the heist because it is a nonprofit cooperative without regulatory authority over its members.
The state regulation is reportedly the first of its kind in the U.S., according to the announcement. If New York’s approach proves effective in holding banks accountable and improving cybersecurity practices in the financial services sector, other states may soon follow suit.
"This regulation helps guarantee the financial services industry upholds its obligation to protect consumers and ensure that its systems are sufficiently constructed to prevent cyberattacks to the fullest extent possible," said Governor Cuomo in an announcement.