Seeing that for all but the largest banks, cybersecurity is principally a vendor management issue, the NY DFS is scrutinizing contractual protections and due diligence..
Authors: Gary R. Bronstein; Scott A. Brown; Christina M. Gattuso; Aaron M. Kaslow; Erich M. Hellmold; Kevin M. Toomey
On April 9, 2015, the New York Department of Financial Services (the “DFS”) issued a report titled “Update on Cyber Security in the Banking Sector: Third Party Service Providers” (the “DFS Report”), highlighting significant potential cyber security vulnerabilities with banks’ third-party vendors. In the press release announcing the DFS Report, Superintendent Lawsky reiterated his cautionary cyber guidance, “[a] bank’s cyber security is often only as good as the cyber security of its vendors. Unfortunately, those third-party firms can provide a backdoor entrance to hackers who are seeking to steal sensitive bank customer data.” The DFS Report, which discussed the possibility of new cyber security regulations for banks relating to third-party vendor management, serves as a warning for banks that vendor relationships will receive heightened scrutiny by the DFS, and to evaluate their vendor relationships and renegotiate vendor contracts.