As the number of cyber-attacks on the financial services industry continues to increase every year, new regulations, such as the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR 500) and the General Data Protection Regulation (GDPR), are being established to help fight and prevent these attacks. Additionally, financial institutions are under increased pressure to improve their cybersecurity posture and data protection practices.
In the financial industry where reliability and security are of utmost importance, the Society for the Worldwide Interbank Financial Telecommunication (SWIFT) created the Customer Security Programme (CSP) to help their customers fight cyber-related fraud. However, SWIFT does not focus only on their specific customers environment. The CSP supports collaboration and information sharing among all SWIFT customers by requiring the adoption of published security controls, the use of tools to check for security breaches both internally or with counterparties, and by sharing information through the SWIFT network of any identified attacks or threats.
With the extensive amount of laws and regulations to consider and an ever-increasing level of federal and governmental oversight in the financial industry, financial institutions are expected to establish and maintain a detailed risk management program to ensure the protection of the information entrusted to them. To help manage this expectation, The FFIEC Cybersecurity Awareness program provides financial institutions guidance on how to assess their cybersecurity risk and maturity level, regardless of the entities size or complexity.
In the course of everyday business, many financial institutions obtain the personal and financial information of their customers and share it with their affiliates and vendors. Given the sensitive nature of this nonpublic personal information (NPI), the Gramm-Leach-Bliley Act (GLBA) requires these financial institutions to establish and maintain proper privacy and information sharing practices. As well, the GLBA requires the financial institutions advise the customers of their information sharing practices and the steps the customer needs to take to opt-out of having their information shared.
Financial Institutions are experiencing a rise in the frequency, intensity, and level of sophistication of cyber-attacks. To help combat this, the New York state created the NYDFS Cybersecurity Regulation to require covered financial institutions to assess, identify, and address their cybersecurity risks through a comprehensive cybersecurity program. This program would be comprised of risk-based cybersecurity and incident response programs with adequate stakeholder adoption.LEARN MORE
Built to provide audit, compliance and certification services to service providers, Schellman is perfectly positioned to bring this level of expertise and experience to the financial services industry. We can offer a full suite of services including cybersecurity assessments, SOC reports, ISO 27001 certifications, PCI DSS validations and more. We can also evaluate cybersecurity programs maturity levels to provide critical feedback to Boards and senior leadership.