Posts

Showing posts from January, 2017

NY-DFS adjust its cyber regulation

Image
The public hearing held on Monday December 19th seems to have generated serious waves. According to Reuters, NYDFS regulation on cybersecurity is being postponed to March 1st 2017. The new version of NYDFS was supposed to be a first regulation explicitly calling financial institutions to follow specific rules in order to increase the cyber resilience of the institutions. The 50 pages’ documents were completing the frameworks already available such as the well-known NIST CSF or the FFIEC CAT. The last one introduced a model of balance between inherent risk and mandatory maturity. NYDFS did not introduce new concepts unknown by the industry with the proposed regulation. But making these concepts mandatory requirements for Financial Institutions would have changes the narrative. While the additional delay allows financial institutions to get ready, it will also allow the coming regulation and laws to have a chance to be aligned. In addition, the new White House would certainly play a si…