On Monday, the New York Department of Financial Services sent a letter to federal and state regulators who are members of the Financial and Banking Information Infrastructure Committee (FBIIC), outlining potential new cybersecurity regulations for financial institutions.
The purpose of the letter was to spark a dialogue, get feedback, and ultimately lead to “regulatory convergence” among the agencies. The department – through research and interviewing stakeholders and cybersecurity experts – honed in on several key focus areas for improved regulation:
- Cybersecurity policies and procedures
- Third-party service provider management
- Multi-factor authentication
- Chief Information Security Officers
- Application security
- Cyber security personnel and intelligence
- Auditing
- Notice of cybersecurity incidents