Banks must—legally—view cyber security as a key part of risk management, said New York's top banking regulator, according to a copy of a letter he sent to banks that have a New York state charter or license, the Financial Times is reporting.
"Increasing the intensity of the most important thing we do, which is bank examinations, could help prevent a large, systemic, Armageddonlike attack," said Benjamin Lawsky, head of New York’s Department of Financial Services (DFS).
The noted some examples of how this crackdown will materialize: "The stricter rules cover corporate governance, login security, management of third-party vendors and cyber security insurance, among other issues. Those new topics will be added to the bank examinations conducted by the department. Banks will also be given a 96-question survey to provide more details on their cyber security efforts. DFS is asking companies for the organization charts for their information technology and security operations, in addition to the CV of the chief information security officer."
Lawsky told the paper that the DFS actions—which cover all of Wall Street—won't be alone, as other regulators are likely to follow. "The whole regulatory community, including DFS, really needs to be upping its game so we’re trying to do that here. And we see other regulators stepping it up, too, so hopefully we can share best ideas and practices," he said. "This is not an us versus them issue. This is an issue where we are all going to sink or swim together."