Cyber Security Regulations: Key to Managing Banking Industry Operational Risk?

March 30, 2017 Sydney Hogg

Managing the banking and finance segment for Schneider Electric has taken me around the world over the past few years, and no matter where I go, from Hong Kong to London, our clients are concerned about cyber security threats and operational risk management.  Government regulators are concerned as well with many countries implementing their own policies and regulations for keeping banking data safe and buildings secure.  That’s why, it was no surprise to hear about the policy implemented in New York State on March 1.

The State of New York Department of Financial Services put in place the nation’s first ‘risk-based’ insurance, banking and finance industry regulations to encourage financial services firms to stay in front of technology trends and advances, and it includes some minimum standards and protections to prevent cyber breaches.  The legislation is intended to provide protections to prevent cyber security breaches including:

  • Controls relating to the governance framework for a robust cyber security program including requirements for a program that is adequately funded and staffed, overseen by qualified management, and reported on periodically to the most senior governing body of the organization;
  • Risk-based minimum standards for technology systems including access controls, data protection including encryption, and penetration testing;
  • Required minimum standards to help address any cyber breaches including an incident response plan, preservation of data to respond to such breaches, and notice to DFS of material events; and
  • Accountability by requiring identification and documentation of material deficiencies, remediation plans and annual certifications of regulatory compliance to DFS.


operational risk management
Secure bank buildings minimize operational risk.


Regulations alone won’t improve operational risk

These regulations acknowledge that it’s not just our data that’s at risk but that banks must also carefully manage access controls to thwart cyber-attacks and reduce operational risk.  For some larger banks who are already complying with global regulations, this new regulation is likely not a concern.  Other financial institutions may find themselves seeking the support of critical vendors and disaster recovery and cyber security experts.

While the implementation of regulations themselves may not help manage operational risk for these financial services companies, a solid plan and governance can.  At Schneider Electric, the cyber security of our products, systems and software is of critical importance.  We maintain in-house cyber security expertise and we work with the world’s top cyber security firms like McAfee, a part of Intel Security, to protect mission-critical communication and networking systems.  Beyond our products, we work with our banking and finance clients on their cyber security strategy to help secure everything from their intelligent building management systems to their data centers from both physical and virtual attacks.

So while regulations alone won’t help the banking and finance industry manage operational risk, maintaining a solid cyber security strategy and working with vendors who maintain a state of the art cyber security practice for their products, systems, and software will.

Previous Article
Infographic: Optimizing Data Center Services
Infographic: Optimizing Data Center Services

Managing a state-of-the-art data center business is challenging. How can you ensure both competitive advant...

Next Article
Energy Manager Today Awards 2016 Hall of Fame
Energy Manager Today Awards 2016 Hall of Fame

Energy Manager Today’s Product of the Year Results are live, and InRow and Galaxy VX were named Product of ...


Ready to talk to an expert? Fill out your info and we'll be in touch

First Name
Last Name
Company - optional
Would you like to sign up for our newsletter?
Phone Number
Country or region
Comments - optional
I am a
I would like to receive news and commercial info from Schneider Electric and its affiliates via electronic communication means such as email, and I agree to the collection of information on the opening and clicks on these emails (using invisible pixels in the images), to measure performance of our communications and improve them.
Thank you!
Error - something went wrong!