On Tuesday, the New York State Department of Financial Services issued a letter to the US Securities and Exchange Commission (SEC) and other key market regulators requesting coordinated efforts to create new cybersecurity regulations.
The letter provides a high-level framework regulators could use to draft bespoke cybersecurity rules, including the call for financial institutions to appoint a chief information security officer, maintain written cybersecurity policies and procedures and conduct quarterly audits.
Cybersecurity as of yet is a hazy concept within the existing US regulatory framework. The SEC recently began relying on its “safeguards rule,” which requires GPs to protect client data, in order to bring charges against a private equity firm for failing to adopt sufficient cybersecurity policies and procedures.
In conversations with pfm, private fund compliance officers have complained that it remains unclear what is needed of them to avoid cybersecurity-related enforcement action. Sources close to the SEC say that the commission is reluctant to issue a prescriptive set of cybersecurity rules, instead preferring firms to adopt a risk-based assessment based on size, resources and operations.
The SEC is set to embark on a cybersecurity sweep of registered entities in the coming weeks after releasing findings from an earlier sweep that found gaps in registered advisers’ cybersecurity preparedness.
New York banking regulators are considering rules requiring financial institutions to negotiate a minimum set of protections in their contracts with third-party service providers, use a two-factor authentication process both internally and on customer login pages and report material breaches to state authorities, among other items.
The letter said that it “would be beneficial to coordinate [the department’s] efforts with relevant state and federal agencies to develop a comprehensive cyber security framework” in the coming weeks and months ahead.
See the December edition of pfm, out soon, for coverage of our cybersecurity roundtable, which brought together private equity CFOs and leading information IT security consultants to talk about the latest cybersecurity challenges facing the industry.
If you do not receive this within five minutes, please try to sign in again. If the problem persists, please email: