MorgueFile

ALBANY — As concerns deepen over the potential for cyberattacks, the Cuomo administration wants to cast New York as a national leader by shoring up the defenses of the state’s banks against terrorist and criminal hackers.

But a complex set of rules aimed at improving online security is being met with cries that the regulations are too onerous and veer too widely from federal requirements.

In announcing the push last October, Gov. Andrew Cuomo said tighter rules would make New York the first state to button up cyber defenses for financial institutions including banks, mortgage lenders and property title firms.

Hackers must be stopped, agreed James Bopp, treasurer of the state Association of Mortgage Bankers. But he said the state should pause until federal regulators finish refining their own rules, also intended to improve the security of bank accounts and transactions.

“If national security is at stake, then we need a national response to fight this war,” he told state lawmakers at a Banking Committee hearing this week.

Questions about the security of money moving about the world have swirled since February, when thieves siphoned $81 million from the Central Bank of Bangladesh by tricking computer systems at the Federal Reserve Bank of New York. The heist was made through a widely-used transaction system.

Any number of hacks, not necessarily related to banking, have fueled interest in precautionary steps. Just last week Yahoo acknowledged a data theft that resulted in the compromise of more than a billion accounts.

Still more concerns about hacking were raised when intelligence agencies said the Russian government tried to tilt the November election in favor of President-elect Donald Trump. U.S. Sen. Chuck Schumer, D-N.Y., is among those calling for a probe into hacking not only by Russia but also Iran and China.

The state’s Department of Financial Services circulated draft rules for banks and financial institutions last fall, and it has since gotten more than 150 comments, many of them suggesting the state avoid a one-size-fits-all approach.

Robert Treuber, vice president of the New York State Land Title Association – which represents title insurance agents, land surveyors and abstract companies – said the proposal for that industry could create more problems than it solves.

“Regulations that sap resources and complicate business operations without providing clear benefits to the people of New York may lead to a dilution of New York’s status as a secure marketplace,” he said.

James Whalen, a lawyer at Pioneer Bank, based in the Albany region, said the rules could create a “false impression” that New York’s small banks are less secure than larger ones that are federally chartered.

The state wants financial institutions to establish a computer security program and designate “chief information security officers” to oversee those policies.

The Department of Financial Services said it sought the input of nearly 200 banks and insurance firms to shape what Financial Services Superintendent Maria Vullo calls “groundbreaking” rules.

Set to take effect next month, the rules make New York the first state to enforce minimum cyber security standards.

A spokesman for the department, Richard Loconte, said the agency is still wading through comments, though he declined to say if the rules could be redrafted.

However, influential Sen. Jim Seward, R-Otsego County, chairman of the Senate Insurance Committee, said the critics are apparently getting to the government, as a number of edits to the rules are in the offing.

Seward said the state’s “overreaching” with new rules could be expensive, especially for smaller banks. He’s also concerned that much of the data stored by insurers will be centralized, creating a new target for online criminals.

“What if that gets hacked?” he asked. “They would have access to everything.”

Th timing of the rules is key, given growing threats and concerns that the incoming Trump administration may opt to relax federal rules rather than enact new ones, said Assemblyman David Weprin, D-Queens, a member of the Banking Committee.

“We have to worry about protecting New York state’s banks and New York state’s citizens,” he said in an interview. “I don’t think we should take the position that we should wait for the federal government when there is so much uncertainty there.”

Exempted from some of the proposed rules would be banks with fewer than 1,000 customers or gross revenue of less than $5 million per year. The president of the New York Bankers Association, Michael P. Smith, said only a small number of banks fall into that category.

“We believe that the proposal, as written, will result in several serious unintended consequences that will hamper efforts to protect the public and may defy its purpose of preventing cyber attacks,” Smith said in written comments to state regulators.

He urged that state rules be consistent with the federal approach.

Critics of the proposal have found a sympathetic ear in Assemblyman James Tedisco, R-Saratoga, who said he is concerned about the possibility of higher fees for those getting loans or opening other accounts.

“We could always weigh in and do something legislatively if this gets out of hand,” he said.

Joe Mahoney covers the New York Statehouse for CNHI’s newspapers and websites. Reach him at jmahoney@cnhi.com