NYLIB’s Cybersecurity Panel Discussion last Thursday, March 31 at the St. Cloud Rooftop Bar was a tremendous success.

Keynote Speaker

Our keynote speaker, GroupSense CEO Kurtis Minder, delivered a presentation that was filled with useful information on topics like the steps that banks can take to prevent cyberattacks, the importance of reviewing cybersecurity insurance policies, and lining up cybersecurity and legal professionals in advance of an attack, and the need to print out hard copies of important electronic documents, such as incident response plans, to prevent such documents from being rendered inaccessible at exactly the wrong time by a ransomware attack. Mr. Minder also touched on techniques for negotiating with ransomware attackers and the importance of letting an experienced professional handle such negotiations. Mr. Minder, who earlier on Thursday had testified before the Senate Committee on Homeland Security, was profiled last year in a New Yorker article entitled “How to Negotiate with Ransomware Hackers.”  

Regulatory Panelists

Our regulatory panel was capably moderated by John Verry of PivotPoint Security. We were honored that Jessica Kaemingk (Deputy Regional Director, FDIC), Jason Kang (National Bank Examiner and Bank Information Technology Specialist, OCC), and Danny Brando (Financial Institution Cybersecurity Policy Department Head, Supervision Group, Federal Reserve Bank of New York) joined us via Zoom. And we were both honored and delighted that Justin Herring (Executive Deputy Superintendent Cybersecurity Division, NYSDFS) was able to join us in person.

Key Takeaways

The regulators, who each spoke in their personal rather than official capacities, provided information and pointed to guidance regarding threats arising from the current geopolitical situation. They emphasized the importance of robust incident response and business continuity plans that specifically address cybersecurity risks and disruptions. They further emphasized that banks should account for the possibility of disruptions to third-party service providers in their business continuity plans. They commented on the importance of a strong board-level commitment to cybersecurity, as well as ways that chief information security officers (CISO) and other cybersecurity professionals can engage bank boards on the critical topic of cybersecurity.

Considerations for Banks & Financial Institutions

The federal regulators spoke regarding the impetus for the new federal interagency rule requiring banks to promptly report computer-security incidents reaching a certain materiality threshold to regulators and requiring bank service providers to do the same with respect to banks. They commented on the materiality standard under the new rule, and Mr. Herring also provided valuable insights regarding the standard for materiality under the New York State Department of Financial Services’ Part 500.

Here’s a word from Ed Lutz, the President of the New York League of Independent Bankers (NYLIB).

Here’s a word from Pinchus Raice, the co-founder and a Board Member of NYLIB, as well as a partner and co-chair of the Financial Institutions practice group at Pryor Cashman LLP.

Upcoming Events

The NYLIB team is thrilled that we were able to provide an opportunity to bring our colleagues together to explore key issues of importance to members of the banking industry. Our organization’s mission is to provide a forum for networking and education.

As we continue planning events and meetings, NYLIB is open to any suggestions on topics or issues that are of interest to the community and foreign banks in the tri-state area. Don’t forget to subscribe to our mailing list below, to stay informed on news and upcoming events.

Memorable Moments

Please enjoy more memorable moments from our Cybersecurity Panel Discussion here. We encourage you to download your favorite moments and share them on LinkedIn. Don’t forget to tag the New York League of Independent Bankers (NYLIB)!

Previous Events

On Wednesday, August 9, 2017, the New York League of Independent Bankers (NYLIB) held their Summer 2017 Meeting. The evening featured Michael Flynn, an Information Technology Examination Specialist in the FDIC’s Boston Area Office, who discussed the cybersecurity risks and challenges currently facing the banking industry. Mr. Flynn has been with the FDIC for 24 years and began as a Field Examiner in the former Holyoke, MA, Field Office. Over the past five years, he has focused primarily on supervising technology risks at large, complex, and problem banks and technology service providers.

Mr. Flynn’s presentation highlighted the increasing and inherent risk due to the banking industry’s ever-growing dependence on technology. Mr. Flynn identified specific technology, organization, human, and physical risks to financial institutions, and ways that institutions could minimize those risks, conceding that cybersecurity attacks were a “matter of when, not if.” He stressed that institutions were responsible not only for minimizing the possibility of such attacks, but for implementing a plan to deal with their aftermath. Mr. Flynn emphasized that the FDIC’s focus in examining institutions’ IT and cybersecurity would be on their preparedness and risk mitigation efforts.

Mr. Flynn took numerous questions from those in attendance both during and after his presentation. For example:

• One attendee asked how to deal with the possibility of cybersecurity attacks on third party vendors and core service providers. Mr. Flynn explained, in response, that financial institutions could outsource tasks but not the responsibility, and that they needed to provide sufficient oversight of third party vendors and the vendors’ systems.

• Another attendee asked whether New York State’s new cybersecurity regulations (Part 500) were more stringent than federal regulations and, therefore, whether banks could put off implementing more aggressive systems until a New York State examination year. Mr. Flynn stated that, just because the FDIC did not have regulations that paralleled Part 500, did not mean that the FDIC held banks to a lower level of cybersecurity. Instead, he explained that he believed cybersecurity issues could be tied back to safety and soundness and that the FDIC expected cybersecurity diligence equivalent to that required under Part 500. Mr. Flynn added that the Federal banking regulators continue to discuss and review issuing cybersecurity regulations, but that he did not know if, or when, these regulations would be passed.

Thank you to Mr. Flynn for coming to speak with the NYLIB community!

NYLIB held a Banking Conference on May 12, 2017 at the TKP New York Conference Center. The conference discussed important topics affecting community bankers in the tri-state area and featured multiple notable speakers including:

Judy Selby, Senior Advisor at Hanover Stone Partners and former National Lead of Cyber Insurance & Data Privacy at BDO Consulting. Ms. Selby has been hailed as “one of the premier voices in legal technology” by Legaltech News, and consults with clients on cyber insurance, cybersecurity, information governance, data privacy and complex insurance matters.  Ms. Selby presented on New York’s recently adopted cybersecurity regulation, Part 500, giving advice about how bankers might approach compliance with the rule, and manage risks related to the same.

Jeffrey Alberts, Partner and Co-Head of Pryor Cashman LLP’s Financial Institutions Group and former Assistant United States Attorney for the Southern District of New York. Mr. Alberts’ practice focuses on government investigations and related regulatory proceedings, asset-forfeiture litigation, victims’ rights representation, and complex civil and commercial litigation. 

Asaad Faquir, Director of Compliance at RSK Compliance Solutions. Mr. Faquir has a wide range of experience in regulatory compliance, business process improvement, and risk management in the banking and finance industry, and is an active compliance educator and trainer through a variety of outlets, including the RSKonnect Webinar Series, BankWebinars.com, and Atlantic Community Bankers Bank (ACBB) “Compliance Anchor.” 

Mr. Alberts and Mr. Faquir shared an in-depth look into New York’s recently adopted transaction monitoring and filtering regulation, Part 504, and set forth potential solutions for compliance with the regulation from both legal and compliance perspectives.

Thank you to BDO for sponsoring this event, as well as all those who spoke or were in attendance, for making NYLIB’s First Annual Conference a huge success!