New York’s Department of Financial Services is considering issuing new regulations on cybersecurity for financial institutions, according to a letter the department sent to federal and state regulators on Monday.
The potential rules would require having detailed written cybersecurity policies and procedures, both for the institutions themselves, for applications they use and for third parties that access the institutions’ sensitive data; implementing multi-factor authentication for customer account access and internal access to sensitive systems; designating a chief information security officer; employing “adequate” levels of cybersecurity personnel; conducting annual cybersecurity audits; and notifying NYDFS of certain cyber breach incidents.
“This letter sets forth the key regulatory proposals that we are currently considering and we invite your feedback,” the letter said. “The department welcomes the opportunity to work with other regulators to develop a comprehensive approach to cyber security regulation in the weeks and months ahead.”