New York issues cyber regulations for banks, insurers
- Record-setting rally pushes on as S&P ends week up 3 percent
- Trump's Cohn Pick Most Bullish Sign Yet for Banks - Cowen
- Unusual 11 Mid-Day Movers: (IDXG) (INVN) (EBS) Higher; (SCON) (DTEA) (DLTH) Lower (more...)
- 21st Century Fox (FOXA) offers to acquire Sky for GBP10.75/share
- Coca Cola (KO) Announces James Quincey to Succeed Muhtar Kent as CEO; Kent to Continue as Chairman
New York state Governor Andrew Cuomo speaks on the final night of the Democratic National Convention in Philadelphia, Pennsylvania, U.S. July 28, 2016. REUTERS/Mike Segar
Get inside Wall Street with StreetInsider Premium. Claim your 2-week free trial here.
By Suzanne Barlyn
(Reuters) - New York Governor Andrew Cuomo on Tuesday issued long-anticipated proposed cyber security regulations for banks and insurers in the state, the first of their kind in the United States by any state or federal agency, the governor said in a statement.
Cuomo's planned regulations for institutions overseen by the New York State Department of Financial Services (NYDFS) would require companies to set up cyber security programs and appoint a chief information officer, among other measures, according to the governor's office.
The planned regulations, in the works since 2014, follow a series of high-profile hackings of U.S. companies and three surveys by the regulator about cyber security programs at a total of nearly 200 companies under its watch. One NYDFS report last year revealed that a third of 40 banks in a 2014 survey did not require outside vendors to notify them of data breaches, which could compromise bank data.
The regulations aim to provide institutions with flexibility to adapt to technological innovations while reducing vulnerabilities, NYDFS Superintendent Maria Vullo said in a statement.
NYDFS regulates state-chartered and foreign banks licensed to operate in the state, including Goldman Sachs Group, Barclays and Deutsche Bank, and all insurance companies that do business in the state.
It previewed the plan in a November, 2015 letter to other state and federal regulators. That same day, U.S. prosecutors unveiled criminal charges accusing three men of helping run a sprawling series of hacking and fraud schemes, including a huge 2014 attack against JPMorgan Chase & Co , that generated hundreds of millions of dollars of illegal profit.
Among the planned requirements: board chairmen would have to file annual certifications with NYDFS, stating, to the best of their knowledge, that their companies' cyber programs comply with the regulation.
Other measures would include appointing overseers for outside vendors and limiting access of customers' non-public information, such as social security numbers, to employees who need those details, according to the proposal. Systems would have to include multiple steps for verifying user identities.
Institutions would also have to regularly test their cyber security systems. The chief information security officer would have to present twice-yearly reports about progress and vulnerabilities to the board of directors and make those findings available to NYDFS.
Before the plan becomes final, the public will have 45 days to submit comments, once the proposed regulations are published in the New York State Register.
(Reporting by Suzanne Barlyn; Editing by Chizu Nomiyama, G Crosse and David Gregorio)
Serious News for Serious Traders! Try StreetInsider.com Premium Free!
You May Also Be Interested In
- Athene Holding (ATH) IPO Opens Up 9%
- Athene Holding (ATH) Prices 27M Share IPO Inline with Prior Expectations
- Trump team memo on climate change alarms Energy Department staff
Create E-mail Alert Related CategoriesReuters
Related EntitiesDeutsche Bank, JPMorgan, Goldman Sachs, Barclays
Sign up for StreetInsider Free!
Receive full access to all new and archived articles, unlimited portfolio tracking, e-mail alerts, custom newswires and RSS feeds - and more!