New regulation introduced by New York state that require banks and insurers adhere to certain cybersecurity standards have gone into effect.
The first US state-mandated ‘Cybersecurity requirements for financial services companies’ has drawn a mixed response, with the new rules welcomes by many business leaders and security experts.
However, there have also been criticisms that the new rules are not tough enough and fail to provide effective guidance in providing protection for companies and consumers.
“In its current form, the cyber security regulation proposed by New York State for banks and insurers is missing the mark, as it fails to address one key consideration: open banking,” said Ed Adshead-Grant, general manager of payments, Bottomline Technologies
“With the adoption of the Payment Services Directive (PSD2) regulation in Europe, we’re already seeing financial institutions across the pond implementing new technologies like open application program interfaces (APIs), and it’s clear that the trend will come to the US as well. The introduction of these technologies will give way to new security threats, requiring banks and insurers to implement real-time monitoring systems to identify and flag suspicious activity.
“While the proposed regulation’s requirement of multi-factor authentication is a solid step toward heightening security, that alone will not solve security problems if auditors are not watching how users – both internally and externally – are behaving in real-time.”
The General Data Protection Regulation (GDPR) will be enacted on May 25 2018 and promises to revolutionise the way that firms collect, store, process and protect the personal information of customers, clients and employees.
Today sees the publication of set of global principles of good practice in the foreign exchange market.
The one-notch downgrade by the credit ratings agency is the first for nearly 30 years.
The new rules aim to prevent companies overpaying tax and to increase the competitiveness of the eurozone.