Regulators in both the US and Europe are increasingly interested in what financial services companies are doing to address cyber security threats.
According to Angus McFadyen of Pinsent Masons, after the New York State Department of Financial Services (NYDFS) announced its intention to introduce new regulations “strengthening cyber security standards for banks’ third-party vendors” in the “coming weeks”, Europe is to follow.
The announcement was made as it revealed that fewer than half of the banks it surveyed said they do not “conduct any on-site assessments” of “high-risk” suppliers, such as data processing companies and other suppliers that typically have access to “sensitive bank or customer data”.
McFadyen said that although “security is a growing concern on both sides of the Atlantic” the action proposed by the NYDFS is “the most forthright we’ve seen”.
“European regulators are also actively looking at security,” McFadyen said. “We’ve seen new rules around payment security come out of Europe and the Financial Conduct Authority’s (FCA’s) own guidance on bank outsourcing touches on its importance. Security measures are rarely perfect, as we’ve seen with the takedown of the French TV channel TV5Monde, but the risks presented by a compromise in the sector are growing as we are increasingly digitising financial services.”