Skip to content 
The New York State Department of Financial Services (NYDFS), has issued new cybersecurity guidance on how financial services firms should manage cybersecurity risks associated with third-party service providers (TPSPs).
Editorial
This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.
The new guidance comes as FS firms’ reliance on technologies managed by third parties — such as cloud computing, file transfer systems, AI, and offer fintech offerings – increases.
“The growing scale and complexity of cyber risks posed by TPSPs demands a proactive, risk-based, and continuously adaptive approach to third-party governance,” says the watchdog in a letter to entities that it regulates.
The NYDFS says that it has identified the need for more robust due diligence, contractual provisions, monitoring and oversight, and TPSP risk management policies and procedures. Some firms, it notes, are outsourcing critical cybersecurity compliance obligations to third parties without ensuring appropriate oversight and verification.
While the latest guidance doesn’t impose new requirements or obligations, it is intended to “clarify regulatory requirements” and share best practices.
Says acting Superintendent Kaitlin Asrow: “While third-party service providers have driven innovation and enabled significant efficiencies in our financial system, regulated entities are still ultimately accountable for protecting consumers and managing risk.
To ensure the safe and secure operation of financial services and the protection of nonpublic information, entities must establish and maintain appropriate internal risk management controls when using third-party service providers.”
Source link
#York #regulator #issues #party #cybersecurity #guidance
