Cyber security regulations: Key to managing banking industry operational risk?

This audio was created using Microsoft Azure Speech Services

Managing the banking and finance segment for Schneider Electric has taken me around the world over the past few years, and no matter where I go, from Hong Kong to London, our clients are concerned about cyber security threats and operational risk management.  Government regulators are concerned as well with many countries implementing their own policies and regulations for keeping banking data safe and buildings secure.  That’s why, it was no surprise to hear about the policy implemented in New York State on March 1.

The State of New York Department of Financial Services put in place the nation’s first ‘risk-based’ insurance, banking and finance industry regulations to encourage financial services firms to stay in front of technology trends and advances, and it includes some minimum standards and protections to prevent cyber breaches.  The legislation is intended to provide protections to prevent cyber security breaches including:

  • Controls relating to the governance framework for a robust cyber security program including requirements for a program that is adequately funded and staffed, overseen by qualified management, and reported on periodically to the most senior governing body of the organization;
  • Risk-based minimum standards for technology systems including access controls, data protection including encryption, and penetration testing;
  • Required minimum standards to help address any cyber breaches including an incident response plan, preservation of data to respond to such breaches, and notice to DFS of material events; and
  • Accountability by requiring identification and documentation of material deficiencies, remediation plans and annual certifications of regulatory compliance to DFS.

Regulations alone won’t improve operational risk

These regulations acknowledge that it’s not just our data that’s at risk but that banks must also carefully manage access controls to thwart cyber-attacks and reduce operational risk.  For some larger banks who are already complying with global regulations, this new regulation is likely not a concern.  Other financial institutions may find themselves seeking the support of critical vendors and disaster recovery and cyber security experts.

While the implementation of regulations themselves may not help manage operational risk for these financial services companies, a solid plan and governance can.  At Schneider Electric, the cyber security of our products, systems and software is of critical importance.  We maintain in-house cyber security expertise and we work with the world’s top cyber security firms like McAfee, a part of Intel Security, to protect mission-critical communication and networking systems.  Beyond our products, we work with our banking and finance clients on their cyber security strategy to help secure everything from their intelligent building management systems to their data centers from both physical and virtual attacks.

So while regulations alone won’t help the banking and finance industry manage operational risk, maintaining a solid cyber security strategy and working with vendors who maintain a state of the art cyber security practice for their products, systems, and software will.

Tags: , , , ,


  • NetCloud Cybersecurity

    7 years ago

    Of course Cybersecurity regulations are a key point to manage Banking Industry Operational Risk. Cybersecurity is in fact one of the most important things in the present and future Banking Industry, because having a not well-secured network protecting the whole data, can be a dangerous way to crash the system. All the regulations about this field are welcomed.

    • Sydney Hogg

      7 years ago

      Thank you for the comment @NetCloud Cybersecurity. Banks have a major challenge in managing the operational risk for both their business and clients assets. Increased regulation in the field of cyber security brings much needed focus on the priority. While regulations are welcome, many financial institutions, especially small to mid-size operations, are not well equipped to deal with the enormity of the task of regulatory compliance. Choosing cyber-secure products and software for their networks and building management from trusted, reliable solution providers is a good place to start. Additionally, seeking the expertise of recognised specialists and consultants in the field can help banks achieve the governance expectations of all stakeholders.

  • OKC Electrician

    7 years ago

    Great read! Thank you!

    • Sydney Hogg

      7 years ago

      @OKC Electrician. Thanks for your comment – much appreciated

Comments are closed.