NYDFS Report Foreshadows New Cyber Security Regulations

Carlton Fields
Contact
LinkedIn
Facebook
X
Send
Embed

The New York State Department of Financial Services (NYDFS) has released a report entitled "Update on Cyber Security in the Banking Sector: Third Party Service Providers." The report details the findings of an October, 2014 survey of 40 banking organizations regulated by the department, and identified potential cyber security vulnerabilities with banks’ third-party vendors. Banks rely on third-party vendors for a broad range of services and often have access to a financial institution’s information technology systems, providing a potential point of entry for hackers to obtain sensitive customer data. Among the report’s findings, the department found that 1 in 3 surveyed banks did not require third-party vendors to notify them of cyber security breaches.

As a result of the report’s findings, NYDFS is now considering new regulations for financial institutions, establishing cyber security standards applicable to their relationships with third-party service providers, including potential measures related to the representations and warranties banks receive about the cyber security protections those providers have in place. These regulations could have a significant compliance impact on third-party service providers, including the title insurance industry.

The NYDFS report is the latest step it has taken examining cyber security issues among its regulated entities, and follows the publication of its initial May 2014 report on cyber security in the banking sector, its February 2015 report surveying insurers’ cyber security readiness and plans, and issuance of a Section 308 letter in March requesting information technology reports from insurers in anticipation of conducting risk assessments.

State and federal actions, such as the NYSDFS’s cyber security reports, expected regulations, and the Consumer Financial Services Bureau’s clear statements that supervised banks are expected to oversee and monitor activities of their third-party service providers to ensure compliance with federal consumer finance laws, highlight the continued trend of an increasingly regulated environment, and corresponding liability risks, for these entities.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Carlton Fields | Attorney Advertising

Written by:

Carlton Fields
Carlton Fields
Contact
more
less

Carlton Fields on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide