Cyber Security to Become Element of NYDFS Bank Examination Process


The New York Department of Financial Services (the “NYDFS”) plans to include cyber security as part of its bank examination process.  The NYDFS issued a report (the “Report“) entitled “Report on Cyber Security in the Banking Sector”, in which the NYDFS stated that it plans to review a bank’s cyber security incident response and event management, access controls, network security, vendor management, and disaster recover in evaluating the bank’s overall safety and soundness.  The NYDFS pointed out that while national news reports about the data breach at Target and the Bitcoin hacking scandal at Mt. Gox have recently brought more public awareness of cyber threats, the bank regulatory agencies have been warning banks for more than a year as cyber attacks have become increasingly more sophisticated.

The Report is based on a survey of 154 banks and credit unions in New York.  The survey covered industry trends, concerns, and opportunities for improvement across a cross-section of depository institutions. According to the Report, the NYDFS believes that smaller institutions are less prepared than the larger banks to handle cyber threats.

Enhancing cyber security is expected to increase the cost of regulatory compliance, especially for smaller institutions.  Steps to improve cyber security may include hiring IT security personnel, engaging outside consultants, upgrading software, and implementing new security protocols. Nevertheless, many banks recognize the importance of the investment and are already strengthening their institution’s cyber security. Moreover, the NYDFS does not plan to have a one-size-fits-all solution.  The revised procedures are expected to be tailored to the respective bank’s risk profile.

IRS Circular 230 Disclosure: To ensure compliance with requirements imposed by the IRS, we inform you that any U.S. tax advice contained in this informational piece (including any attachments) is not intended or written to be used, and may not be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Goodwin | Attorney Advertising

Written by:


Goodwin on:

Popular Topics
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.