New York State Of (Cybersecurity) Mind

New cyber-rules are taking effect in New York state, with wide-ranging impact for financial services players near and far.  Brexit gets down to business on data protection, and Down Under, underworld activities are raking in the (digital) dollars.

As the Sinatra tune goes (a bit paraphrased) … New York: If you can make it there in cybersecurity, you can make it anywhere.

The financial services industry is girding for the new regulations by the New York State Department of Financial Services (DFS), which take effect as of Aug. 28, which is, of course, today.

Yes, the rules apply to a single state, but as some sources, including New York Law Journal, report, the regulations could have a global impact. The entities covered extend across money transmitters, mortgage firms, health insurers and, of course, banks.

Statewide Rules, Global Impact?

As the Journal notes, the fact that a global industry is being regulated within a state has significant implications beyond New York’s borders. Financial services companies located within New York are covered by what is known as Part 500, but then again, so are the third-party service providers scattered across the globe that work with those New York-based entities. Simply put, each third-party provider must adhere to “minimum security practices” to be put in place over a two-year implementation period.

The financial firms themselves must report cybersecurity events (including breaches) to the DFS within 72 hours if there is a determination that there is any material harm to operations that have occurred or have a “reasonable likelihood” of occurring. That can include even unsuccessful attempts by hackers to access data. In addition, firms must also appoint chief information security officers who would oversee the cybersecurity programs and efforts.

Data Protection in the U.K., Bitcoin Scrutiny Down Under 

Data protection has been on the collective minds of regulators outside the United States, too. Across the pond, as The Financial Times reports, the United Kingdom, with Brexit looming, is seeking a “bespoke deal” on data protection.

U.K. ministers want what is termed an “early mutual recognition” of data protection efforts on both sides of the equation — the European Union (EU) itself and the U.K., post exit from that union. The FT notes that ministers also want the Information Commissioner’s Office, which oversees data protection efforts in the U.K., to have continuity in working with European watchdogs.

As has been reported before, new general laws will take effect in May of 2018 that span Europe and will govern how information is gathered, stored and distributed.  Government agencies and private business, through “early mutual recognition,” will have to state how they are using data and also will have to, in some cases, gain consent from their end users.

Elsewhere in regulation, and also outside the United States, focus is tightening on cryptocurrencies. Australia is gearing up to boost anti-money laundering efforts and wants to regulate cryptocurrencies, including bitcoin. The FT also noted this past week that under proposed reform being brought before lawmakers, digital currency operations, such as exchanges, would fall under the regulatory purview of AUSTRAC, the agency that investigates and battles financial crime.

The move comes in the wake of news of alleged financial misdoings at Commonwealth Bank of Australia (CBA). Money laundering activities at CBA, as it is known, occurred amid tens of thousands of breaches of laws already in place to combat terrorism financing and other criminal activities. AUSTRAC, in turn, brought about a civil legal action against CBA. The alarm had been sounded, as Australia said that digital currencies helped organized crime reap some riches in that country. As estimated by the Australian Criminal Intelligence Commission, digital currencies and digital banking have contributed to as much as $28 billion of criminal activity. As a result, bitcoin and its peer digital currencies may need more oversight.

China and Clearing House Efforts

Beyond digital currencies, what about digital payments using traditional currencies? Forbes reports that in one huge market for paying in bits and bytes — that would be China — more oversight may be in the offing. Mobile payments through companies such as Ant Financial and Tencent have made it so that 40 percent of the population in China carries less than the equivalent of $15 in hard currency via pocket or purse or wallet. The Chinese central bank said earlier this month that mobile payments firms must funnel payments through a new clearance house by the middle of next year. The China Nets Union Clearing Corp. has the central bank itself as majority shareholder at 35 percent, and Ant Financial and Tencent each at 10 percent.

Also in China, regulators have said they have made inroads tied to their continued efforts in reigning in the nation’s “shadow” banking sector. The Prudential Regulation Bureau said late this month that it had achieved the initial targets set down in battling unregulated lending, with new rules in place touching upon online lenders and asset management firms, as had been reported by The New York Times.