Wall Street regulator ups cybersecurity oversight

New York state’s top banking regulator warned financial firms Wednesday it will be stepping up its oversight of their cybersecurity.

Benjamin Lawsky, director of the New York Department of Financial Services, sent a three-page letter to the financial sector explaining a new review procedure.


The supervisor will now include more cybersecurity questions as part of each institution’s information technology examination.

The regulator will also conduct this new cybersecurity assessment separately from each firm’s basic overall risk assessment — basically a test of how vulnerable the company is to collapse.

The cybersecurity exam will include topics such as: How companies detect and defend against cyber intrusions; how cybersecurity personnel are managed; what type of cybersecurity training employees receive; whether companies have cybersecurity insurance; how secure third-party vendors are.

Regulators will now even ask for the resumé of each company’s chief information security officer as well as copies of all information security policies.

It’s a significant expansion, but not out of character for the department under the leadership of Lawsky who has gained a reputation for aggressively promoting strict digital standards for the financial sector.

He’s pushed for bitcoin regulations that would require background checks and detailed records for companies using the digital currency. Lawsky has also pressed banks to disclose more information about how they monitor cyber risks.   

“Cyber hacking is a potentially existential threat to our financial markets and can wreak serious havoc on the financial lives of consumers,” he said in a statement Wednesday.

There have been rumors Lawsky will soon step down from his post, which he originated in 2011. In that time, the New York Department of Financial Services has become a key Wall Street watchdog.

The new guidance hit the same day that Sen. Elizabeth Warren (D-Mass.) urged federal financial regulators to stress cybersecurity in their own examinations.

“If a cyberattack disrupted the ability of … banks to allocate collateral, it could have devastating consequences,” she said during a Senate Banking Committee Hearing. “It strikes me as a classic safety and soundness issue.”

The Office of the Comptroller of the Currency, a federal financial watchdog, has warned it will be conducting spot checks of certain financial firms’ cybersecurity systems.