On December 10, 2014, Superintendent Benjamin Lawsky of the New York Department of Financial Services (the “DFS”) announced a “New Cyber Security Examination Process” (the “New Examination Process”) for New York-chartered and licensed banking institutions (“Regulated Entities”). Pursuant to the New Examination Process, the DFS will expand its information technology (“IT”) examination procedures to focus more attention to cybersecurity, and will schedule these IT/cybersecurity examinations following each institution’s comprehensive risk assessment. Even if you are not a financial institution regulated by the DFS, the key takeaways discussed below provide insight into the types of questions regulators are asking with respect to cybersecurity practices and offer practical guidance for assessing the framework of a cybersecurity compliance regime.
The New Examination Process includes both sample examination topics and information requests that the DFS will use in future examinations. A review of these topics and information requests provides understanding of the DFS’ cybersecurity expectations for Regulated Entities, as well as practical cybersecurity considerations for financial institutions not regulated by DFS. Below we discuss five key takeaways related to the New Examination Process.
To read the full alert, click here.