On Monday, November 9, 2015, the New York Department of Financial Services (NYDFS) sent a letter to federal and state regulators announcing that it is considering new cybersecurity regulations for financial institutions. While the letter does indicate an interest in developing new regulations on cybersecurity, it also indicates that the NYDFS hopes that the letter “will help spark additional dialogue, collaboration and, ultimately, regulatory convergence among our agencies on new, strong cyber security standards for financial institutions.” The letter outlines the regulatory proposals under consideration, including the maintenance of a cybersecurity program with specific requirements for policies and procedures, vendor management, multi-factor authentication for applications, cybersecurity personnel, audit, and notice of cybersecurity incidents, among other requirements.
A copy of the letter sent by the NYDFS can be found at: http://www.dfs.ny.gov/about/letters/pr151109_letter_cyber_security.pdf.