On February 25, the Superintendent of the New York Department of Financial Services (“DFS”), Benjamin M. Lawsky, spoke at Columbia Law School regarding the increased role of states as regulators, especially in the case of emerging risks such as cybersecurity.  The speech, titled “Financial Federalism: The Catalytic Role of State Regulators in a Post-Financial Crisis World,” advocated for states to take into consideration initiatives at the federal level, without waiting for federal regulators to take the lead. Lawsky’s “financial federalism” broke down into three points of impact from DFS’s perspective: (1) Wall Street accountability in the wake of the financial crisis; (2) anti-money laundering efforts in the financial sector; and (3) strengthening cybersecurity in the financial markets.  Focusing on cybersecurity as an imminent threat in 2015, he highlighted three key initiatives taken by DFS:

  1. An overhaul of the procedures for regular examinations of banks and insurance companies to include targeted assessments of cybersecurity preparedness;
  2. Addressing the cybersecurity of third-party vendors; and
  3. Advocating for the use of multifactor authentication.

According to Lawsky, states like New York must play a “catalytic” role in improving national and international cybersecurity practices.  He sees New York as an “incubator[] for new approaches to vexing problems” and a potential leader in establishing heightened cybersecurity requirements through financial regulations.

Ultimately, these DFS initiatives in the cybersecurity area, together with the agency’s emphasis on the role of states as reformers, confirms that DFS will seek to take a proactive approach to implementing and enforcing cybersecurity standards.  DFS continues to serve as a regulatory leader and bellwether for institutional reforms in the consumer financial services space.