From: Lawfare
By Marcel Bucsescu, Matthew Waxman
On September 13, 2016, New York Governor Andrew Cuomo announced a set of proposed cybersecurity regulations for financial services companies that fall under the jurisdiction of the New York State Department of Financial Services (NYSDFS): Cybersecurity Requirements for Financial Services Companies. This proposed regulation, Cuomo noted, is the first of its kind in the nation and reflects the severe threat of cyber-crime and disruptions to the global financial sector centered in New York.
This sector-specific regulation (which now goes through a 45-day public comment and review process) is the latest move in a proliferation of cybersecurity standards that private firms must navigate. Companies are already challenged to draw on appropriate required or voluntary frameworks, from government standards like the National Institute of Standards and Technology (NIST) Cyber Security Framework, to industry standards and other private sector initiatives such as the International Standards Organization 27000 (ISO) or the Payment Card Industry (PCI) Security Standards, and private/public partnerships like North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection standards. The financial services industry, in particular, has seen a proliferation of rules and guidance from regulators like the Security and Exchange Commission (SEC), the Federal Financial Institutions Examination Council (FFIEC) (which informs both the Office of the Comptroller Currency (OCC) and the Federal Reserve Bank’s oversight), and the Commodity Futures Trading Commission (CFTC).
Leave a Reply