State Board ReportMarch 2017As of March 1, New York became the first state to have in effect cybersecurity regulations to protect the state’s financial services industry and consumers from the threat of cyberattacks. Banks, insurance companies and other financial services institutions that are regulated by the New York Department of Financial Services are now required to establish and maintain a cybersecurity program. The regulation encourages firms to keep up with technological changes, but it also sets regulatory minimum standards including:
AICPA President Barry Melancon met with the CPA and Accountants Caucus (Rep. Michael Conaway (R-TX), Rep. Collin Peterson (D-MN), Rep. Tom Rice (R-SC) and Rep. Brad Sherman (D-CA)), on February 2 to provide an overview of the future of the CPA profession, including its efforts in cybersecurity. Late in 2016, the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation issued a joint advance notice of proposed rulemaking on enhanced cyber risk management standards for entities under their supervision and their service providers. On February 17, the National Association of Insurance Commissioners sent a letter in response to the notice outlining the steps they have taken to enhance data security and reporting they are working toward developing an Insurance Data Security Model Law. In concluding their comments the NAIC leaders state: “We recognize that cybersecurity and associated regulatory concerns stretch beyond the insurance sector and we encourage coordination among financial regulators as we develop strategies to protect the financial infrastructure of this country.” |