We live in an age where the threat of cyberattacks is seemingly imminent. As a result, many firms in the financial services and banking industries have stepped their game up and created specific security teams that can endure the various threats made by individual or organizational assailants. Also, to combat this risk, many regulatory bodies have done their part, by raising the threat level and introducing new privacy legislations every year.
In Retrospect
Whether it’s a “lone wolf” or an organization, cyber-attackers are persistently discovering weaknesses to prey on. But with consumer privacy becoming more imperative with every passing day, it is necessary for firms to be able to withstand these attacks. As of late, many central financial institutions have cooperated on proposing a set of rules on cyber risk management standards. Names like JP Morgan Chase, Bank of America & Goldman Sachs are said to be vital to this proposition.
In response, the ‘Department of Financial Services’ of New York State issued revolutionary cybersecurity regulations in February of this year. Taking effect on the 1st of March, the primary focus of this directive was to protect consumer data and financial systems from cyberattacks. New York governor, Andrew Cuomo believes that these “first-in-the-nation” regulations will help guarantee that the industry will have the necessary precautions in place to protect both consumers and producers from devastating cybercrimes.
Many of the terms defined in the document issued by the DFS are already in effect for most of the entities covered by the Gramm-Leach-Bliley Act (GLBA) and they are therefore, largely unaffected. But some regulations surpass the requirements of the GLBA and all covered entities must adopt them. The GLBA however, mainly concerns itself with large firms and institutions. Consequently, many other financial firms and smaller banks have had trouble adopting the statute due to discourse over guidance issues.
Financial services industry ups its game
Financial institutions and banks (the latter of which, extensively use digital technology) have begun exploring new technologies that have the capability to identify and prevent cyberattacks. Due to the fact that some banks use technology like ATM machines and automatic tellers, voice biometrics are being implemented as an additional security measure. Moreover, banks are utilizing features such as social log-ins and content-based identification. Leading financial services firms have increased their annual cybersecurity budget substantially, for example, JPMorgan Chase has a budget of around half a billion dollars for the year of 2017.
The entities covered in the New York State’s new regulations were permitted 6 months from the effective date to comply with most of the terms, past which, non-compliance will not be tolerated. This makes the next couple of months extremely vital for institutions that haven’t fulfilled the requirements.
To be one step ahead of possible attacks though, banks will need to regularly evaluate their potential vulnerabilities. Their threat levels should be under constant surveillance to forecast possible problems, and threat intelligence should be employed to understand when potential cyber attackers might attempt to take advantage of such holes in their armor.
Looking forward
Banks and financial institutions should take a proactive stance towards cyber security, which means relentlessly pursuing new technologies. When it comes to protecting consumer data, firms must comply with state, federal, and international privacy laws. With the advent of artificial intelligence which will present new risks, banks and financial services firms must find ways to effectively combat these risks.
Firms should consider cybersecurity, anti-fraud, and AML efforts. They should also launch a risk-based cybersecurity program while simultaneously complying with regulatory requirements. To conclude, when it comes to developing new products and services, the financial firms and banks should prioritize cybersecurity and the consumer’s privacy.
One the other hand, banks and firms can only do so much and will always look for ways to conserve money. It is up to the state regulatory bodies to ensure that they have solid regulations in place regarding cybersecurity. Once that happens, financial institutions will have to comply or suffer the consequences. The reason that these regulations need to be strict and the level of cybersecurity needs to be stellar is that these firms deal extensively in consumer data. Privacy is not a privilege, it is a human right. Here’s how other states are looking to emulate New York and keep our private data secure: –
| State | Priority |
| New York | Broadening the definition of ‘consumer data’ and protecting financial systems from cyberattacks (focusing on the systems rather than the individual consumer.) |
| Colorado | Broker-dealers and investment advisers – They will have to comply with cybersecurity measures to ensure protection of confidential personal consumer information. The terms of these regulations were reached following a hearing on the 2nd of May. An effective date will be set by the secretary of state after the attorney general gives his thoughts on the new regulations. |
| Connecticut | Similar updates to their laws following in the steps of New York. Their main focus being to restrict government access to emails and other online communications. |
| California | |
| New Mexico | Not much information on this is available other than the fact that their regulations will be more “consumer data” focused than the regulations set by New York which focus more on the entities data collection systems. |
| Nebraska | |
| West Virginia | |
| Illinois | Focused on the consumer’s “right to know” what kind of information is being collected on them. |