Trending: Bank Cybersecurity, North Korea, and the RegTech Summit
Cybersecurity Requirements in U.S. Banks
Over the past week, several developments have emerged on the forefront of the Anti-Money Laundering and Counter Terrorism Financing (AML/CTF) initiative that could drastically alter the landscape of the financial services industry. With the scope of cyber-crime transitioning increasing globally, new compliance regulations have been proposed by New York Governor Andrew Cuomo that if implemented would increase the liability placed on large banks across the world to develop or invest in computer-based protections. The move would be one of the first in the United States that would require banks to establish these cyber-security programs. According to the article “New York proposes cybersecurity regulations for banks”, found on BSA News Now on September 15th, “Banks would be required to hire a chief information security officer and implement measures that detect and deter cyber intrusions and protect consumer data”, a development that could end up costing both banks and insurers millions of dollars (Dow Jones, 2016). An additional change in regulatory practices would come in the form of the need for banks to directly contact New York’s Department of Financial Services of any data breaches within a 3-day period following the event. In previous years, large organizations have kept these transgressions secret due to the “patchwork” of state regulations that covered when companies must disclose breaches.
The NY Department of Financial Services and other agencies around the world have placed emphasis on the need for “aggressive pursuance” of financial crime in recent years. Maria Vullo, Superintendent of the NY Dept. of Financial Services has stated that she plans on continuing the tough enforcement policies that have become the industry standard, but hopes to strike a “more business friendly tone.” In addition to requirements of annual risk assessments and encryption of all nonpublic information transmitted to, and/or stored by banks, Vullo expressed that “The proposed regulations include required minimum standards, but will allow companies to assess their own risks to prevent “limit[ing] industry innovation” (Dow Jones, 2016).
Nuclear Testing Calls for Economic Sanctions
In other news, plans by the Obama Administration to launch unilateral sanctions against North Korea following the East Asian country’s latest nuclear test has been met with great contempt by North Korean leader Kim Jong Un. Cited on BSA News Now on September 13th, Minami Funakoshi’s article “North Korea says sanctions push after nuclear test ‘laughable’” reads that on Friday, September 9th, North Korea “set off its most powerful nuclear explosion to date, saying it had mastered the ability to mount a warhead on a ballistic missile, ratcheting up a threat that its rivals and the United Nations have been powerless to contain” (Funakoshi, 2016). The gradual plan for increased nuclear and overall military power in North Korea is claimed to be in response to the “augmented threats of nuclear war from the United States.” Several countries including the United States, Britain, and France pushed for the United Nations Security Council to impose new sanctions and further enforce existing measures against North Korea in wake of the most recent, and largest, nuclear test to date. Additionally, the United States has teamed with Japan and the Republic of Korea to discuss possible, unilateral, bilateral, and trilateral cooperation in regards to this matter. The sanctions, if imposed, have the potential to set a precedent for future modalities of overseas relations.
The RegTech Summit, an end-user driven conference designed to educate those in the financial services sector on the concept of Regulatory Technologies and the positive effect they can have on regulatory compliance, kicked off in London, England this past week. Global RADAR CEO Dominic Suszek was on hand to participate in the conference on September 13th and 14th. For a first hand account of the proceedings, Suszek’s article “Using technology to manage compliance (RegTech 2016)” can be found at: