New York’s financial industry regulator is seeking suggestions from other regulators on proposed regulations to shore up digital security defenses in the industry.
In a memo to various national and state regulators on Tuesday, including the Federal Reserve, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation, Anthony Albanese, New York’s acting superintendent of financial services, said that despite efforts to bolster security in recent years, “Companies will continue to be challenged by the speed of technological change and the increasingly sophisticated nature of threats.”
The proposals would require companies to have written policies on security procedures, especially the protection of customer data held by third-party service providers, as well as multifactor authentication and data encryption.
Third-party vendors are considered a weak link in the security chain. “A company may have the most sophisticated cybersecurity protections in the industry, but if its third-party service providers have weak systems or controls, those protections will be ineffective,” Mr. Albanese said in the memo.