The New York Department of Financial Services (NYDFS) implemented Cybersecurity Requirements for Financial Services Companies with the goal of protecting New York financial service institutions and their customers from cyber-threats. This unprecedented rule covers entities who fall under the authority of the NYDFS, including banks, insurance companies and financial service institutions with limited exemptions based on employee and asset size. Although the rules are effective on March 1^st, there is a transitional period ranging from 180 days to 2 years for the regulatory requirements.

Building a culture of compliance within your institution can be difficult, but it's one of the most important things you can do to ensure your Enterprise Risk Management program is comprehensive, effective, and efficient.

Every month since December, we have hosted a webinar focused on giving our clients and prospects a ton of information about the changes happening to our Information Technology module. We have covered the common controls framework that manages how often you have to input a specific control that spans all technologies. We have showed off our contextual questionnaires that cut down the number of questions your team has to answer for each risk assessment, so they only have to fill out what's relevant to that technology. We've also showed you how to map your controls to your threats, to ensure that you identify any gaps you may currently have in your system, to quickly and easily remediate them.

Every year, the American Bankers Association hosts their ABA Risk Management Conference, focused on the evolution of risk in the financial industry, and the methods used to help analyze and control them within your institution. This year promises to be no different, with over 30 strategic and practical sessions built into the three day conference to help parse through some of the biggest upcoming changes we are likely to encounter.

On March 7th at 11am PST (2pm EST), Mike Cohn, Director of the WolfPAC Solutions Group will be presenting a webinar hosted by Western Independent Bankers:

Last month, the Western Independent Bankers (WIB) hosted the first in a three part Enterprise Risk Management webinar series with Randy Marsicano presenting on the Keys to an Effective ERM program. On February 15^th, Drew Coveney, CIA and Internal Audit Supervisor for Wolf & Company will be presenting the second installment:

Last week, Bharat Nair and Manny Centeio hosted a webinar about the new evolution of the WolfPAC IT Risk Assessment module. During the webinar, Manny walked through many of the administrative functions that cover every IT assessment. Part of this demonstration showed you how to utilize the robust common control framework built into the system. This means that the controls implemented across every technology are only input once, and no longer have to be entered for each individual assessment.

Starting on January 1^st, New York chartered and regulated bank and nonbank institutions will be required to implement and maintain a Transaction Monitoring Program and a Watch List Filtering Program. The purpose of these programs will be to monitor and filter transactions for potential violations to the Bank Secrecy Act (BSA) or Anti-Money Laundering (AML) regulations. This will also work to prevent transactions with sanctions entities.

The American Bankers Association had an interesting chart in their ABA Banking Journal last month, highlighting the Top 6 Risks Expected for 2017. Similar to the predictions we made in our article 10 Financial Industry Trends You Cannot Ignore, Cybersecurity has reached the top of the list, growing 4% from last year’s 66%.

Last month at our 2016 User Conference, Bharat Nair spoke about some exciting changes in the works for our Information Technology Risk Assessment solution. Changes like the new contextual questionnaire format will allow you and your team to complete risk assessments for technologies in just a fraction of the time you normally spend. The new threat and control architecture helps you think strategically about activities you may be missing, while streamlining the documentation within the system with common controls. Built with multi-framework and multi-industry support, we have created a module that delivers both efficiency and strategy in a whole new way.