On November 9, the New York Department of Financial Services (NYDFS) released a letter Acting Superintendent Anthony Albanese sent to certain federal and state banking, securities and insurance regulators outlining a set of potential new regulations under consideration at NYDFS aimed at increasing cybersecurity defenses within the financial sector. As noted in S&C’s memo to clients on the NYDFS’s letter:  

“Consistent with other recent developments in the area of cybersecurity, this letter highlights growing regulatory concern with the cyber preparedness of financial institutions and reflects the recognition that regulated entities, their customers and the public more generally will benefit from a coordinated regulatory approach to these issues. In any event, this letter clearly suggests that NYDFS views these issues as important and in need of robust regulatory response action. In addition, while the NYDFS is seeking cooperation among the various regulators, it may also be ready and willing to act in the near term on its own. To this end, the letter states that NYDFS “welcomes the opportunity to work with other regulators to develop a comprehensive approach to cybersecurity regulation in the weeks and months ahead” [emphasis added]. More generally, we expect the area of cybersecurity-related regulation to continue to develop at a rapid pace, particularly for financial institutions, and in light of the complex regulatory framework, we expect regulatory coordination to evolve on an iterative basis. In any event, financial institutions that are subject to NYDFS’s jurisdiction should prepare themselves for increased oversight and reporting with respect to cybersecurity matters.”