Letters

Cybersecurity Requirements for Financial Services Companies

Summary

SIFMA provided comments to the New York State Department of Financial Services (NYDFS) on amending the Cybersecurity Requirements for Financial Services Companies.

PDF

Submitted To

NYDFS

Submitted By

SIFMA

Date

17

August

2022

Excerpt

August 17, 2022

Submitted via email: [email protected]

New York Department of Financial Services
1 State Street
New York, NY 10004

Re: Cybersecurity Requirements for Financial Services Companies (July 29, 2022)

Dear Sir or Madam,

The Securities Industry and Financial Markets Association (“SIFMA”)1 appreciates the opportunity to comment on the pre-proposed outreach from the New York State Department of Financial Services (“NYDFS”) amending the Cybersecurity Requirements for Financial Services Companies dated July 29, 2022 (“Preproposal”).2 SIFMA understands that this is a preview of the forthcoming official rule proposal but gives stakeholders an opportunity to provide initial comments. SIFMA appreciates this foresight and would like to highlight some significant concerns for consideration. We would welcome the opportunity to meet with the NYDFS to further discuss these concerns prior to the rule proposal being issued.

As you know, SIFMA members take cybersecurity very seriously not only due to the significant regulatory requirements imposed by federal and state governments, but also because protecting client assets and information is paramount to gaining public trust and maintaining competitiveness in the industry. In other words, cybersecurity is not just a regulatory obligation but a critical component of any financial institution’s business strategy. Further the imposition of prescriptive regulatory requirements with little benefit to consumers, may cause companies to divert resources from proactively guarding against emergent threats to meeting prescriptive regulatory obligations. Maintaining principles-based requirements provides financial institutions with the groundwork needed to maintain a high level of cybersecurity.

 

1 The Securities Industry and Financial Markets Association (SIFMA) is the leading trade association for broker-dealers, investment banks and asset managers operating in the U.S. and global capital markets. On behalf of our industry’s one million employees, we advocate on legislation, regulation and business policy affecting retail and institutional investors, equity and fixed income markets and related products and services. We serve as an industry coordinating body to promote fair and orderly markets, informed regulatory compliance, and efficient market operations and resiliency. We also provide a forum for industry policy and professional development. SIFMA, with offices in New York and Washington, D.C., is the U.S. regional member of the Global Financial Markets Association (GFMA). For more information, visit http://www.sifma.org.

2 See New York Department of Financial Services Pre-Proposed Outreach re: 23 NYCRR 500 Cyber Security Requirements for Financial Services Companies (July 29, 2022).