What is the role of compliance in battling cyber risk?

Cross-Industry Compliance Leadership Summit eyes the intersection of two disciplines

“It’s called the cloud,” Deloitte & Touche LLP Principal Julie Bernard remarked. “It’s not called the vault. Keep that in mind.”

Bernard and Deloitte & Touche LLP Managing Director Susan Ameel moderated a session at Deloitte Advisory’s recent Cross-Industry Compliance Leadership Summit about the ways compliance and cyber security meet, and how the executives responsible for those areas might benefit by coordinating their efforts.

Many of the industries most subject to cyber attacks are also among the ones that have the most sophisticated regulatory and compliance obligations. Financial services, energy and utility companies, health care organizations, defense and aerospace – they all have to safeguard their own sensitive data, their customers’ information, or both.

Continue reading “What is the role of compliance in battling cyber risk?”

Federal banking agencies issue proposal on cyber risk management standards

Nearly one month after the New York State Department of Financial Services issued a proposal to establish prescriptive cyber requirements for New York-domiciled financial institutions,1 three three federal banking agencies—the Federal Reserve Board (FRB), Federal Deposit Insurance Corporation (FDIC), and Office of the Comptroller of the Currency (OCC) (collectively, the “agencies”)—issued an advance notice of proposed rulemaking (ANPR) on enhanced cyber risk management and resilience standards for large banking organizations.2

Specifically, the enhanced standards would apply to US bank holding companies, the US operations of foreign banking organizations, and US savings and loan holdings companies with more than $50 billion in total assets, as well as nonbank financial companies and financial market utilities designed for FRB supervision by the Financial Stability Oversight Council (FSOC), among others.

Continue reading “Federal banking agencies issue proposal on cyber risk management standards”

New York State proposes new cybersecurity regulation for financial institutions

As federal regulators continue to update existing cybersecurity guidance1 and consider new rules governing banks’ cybersecurity practices,2 the New York State Department of Financial Services (DFS), under the direction of Governor Andrew Cuomo, proposed to establish cybersecurity requirements that go beyond those at the federal level.

On September 13, 2016, the DFS issued a proposal3 that would require banks, insurance companies, and other DFS-regulated entities to establish a cybersecurity program and comply with related requirements. Although these institutions are already subject to cybersecurity requirements at both the federal and state levels, the proposal, which the DFS describes as a “first-in-the-nation” regulation, would establish a more prescriptive framework than any existing regulation.

Continue reading “New York State proposes new cybersecurity regulation for financial institutions”