From: American Banker
By David Damato
New York’s new cybersecurity rules, currently in draft form, fall somewhere in between these two categories. On one hand, the ever-increasing amount of cyberattacks on financial institutions proves the industry needs minimum standards. On the other hand, the New York State financial regulators must change some of the specific requirements so that banks can avoid spending more time on compliance paperwork than actual security.
Critics of the proposed rules have argued that big institutions already comply with a number of similar federal cybersecurity laws and industry-wide standards — like those from the Securities and Exchange Commission and Federal Financial Institutions Examinations Council — and that smaller institutions will face most of the compliance burden. Some of these concerns are legitimate.
Leave a Reply