Professionals involved in IT protection who reside or are looking to reside in New York will expect to be inundated with work after the New York State Department of Financial Services proposed new regulations in September 2016 concerning the minimum cybersecurity obligations of financial institutions. The Department of Financial Services have cited cyber security as one of the most critical issues facing the financial world today and therefore deems regulatory action a necessity.
From January 2017 every regulated entity needs to have enhanced anti-hacking programs and written cybersecurity policies introduced and thereafter will need to file a certificate of compliance annually starting from January 2018. Each entity will need to either employ or designate a Chief Information Security Officer whose job it will be to ensure that the program is implemented and that its policies are enforced, they will also need to bi-annually develop a risk report to assess the program/policies and identify any possible cyber security risks. Simulated Cyber- attacks will be carried out to test the systems. Any beaches will need to be reported to the Department of Financial Services within seventy two hours.
It is speculated that foreign banks with offices in New York will find that the new regulations will apply not only to the New York offices, but the banks themselves and companies such as law firms and service providers associated with these banks may find themselves subject to increased requirements.
Whilst these regulations at present only apply to New York it is expected that other states will follow suit and this will lead to a worldwide impact on cyber-security. Therefore many international companies may be looking at their own protection and policies in light of these regulations and seeking professional advice ahead of time to ensure that they do not encounter potentially problematic issues in the future.