Keyes Security Blog

The New York Department of Financial Services sent out several guidance letters to industries in response to COVID-19.

The "Guidance to Department of Financial Services (“DFS”) Regulated Institutions Engaged in Virtual Currency Business Activity and Request for Assurance Relating to Operational and Financial Risk Arising from the Outbreak of the Novel Coronavirus (COVID-19)" addresses operational and financial risks that the state of NY seeks to assess from industries operating in the state.

NY is asking businesses to devise a plan and submit a letter of assurance containing the following at a minumum:

  1. Preventative measures tailored to the institution’s specific profile and operations to mitigate the risk of operational disruption, which should include identifying the impact on customers, and counterparts;
  2. A documented strategy addressing the impact of the outbreak in stages, so that the entity’s efforts can be appropriately scaled, consistent with the effects of a particular stage of the outbreak;
  3. Assessment of all facilities, systems, policies and procedures necessary to continue critical operations and services if members of the staff are unavailable for longer periods or are working off-site, including the effectiveness and security of remote access;
  4. An assessment of potential increased risk of cyber-attacks and fraud due to an outbreak;
  5. Employee protection strategies, critical to sustaining an adequate workforce during the outbreak, including employee awareness and steps that employees can take to reduce the likelihood of contracting COVID-19;
  6. Assessment of the preparedness of critical third-party service providers and suppliers;
  7. Development of a communication plan to effectively communicate with customers, counterparties and the public, and to deliver important news and instructions to employees, along with establishing forums for questions to be asked and addressed;
  8. Testing the plan to ensure its policies, processes and procedures are effective; and
  9. Governance and oversight of the plan, including identifying the critical members of a response team, to ensure ongoing review and updates to the plan, including the tracking of relevant information from government sources and the institution’s own monitoring program.

In addition to operational risks, business risk management plans in response to coronavirus should incorporate the following financial concerns:

  1. Assessment of the valuation of assets and investments that may be, or have been, impacted by COVID-19;
  2. Assessment of the overall impact of COVID-19 on the earnings, profits, capital, and liquidity of your institutions; and
  3. Assessment of reasonable and prudent steps to assist those adversely impacted by COVID-19.  See DFS Guidance to New York State Regulated Banks, Credit Unions and Licensed Lenders Regarding Support for Businesses Impacted by the Novel Coronavirus.

Specifically, the risk to virtual currency businesses during this time.

Businesses face a very real threat of bad actors attempting to take advantage of the disruption to operations and dispersion of personnel working remotely. If you or your business needs assistance keeping your cybersecurity posture during this crisis, the Keyes Security team is ready to provide you with professional consulting and vulnerability management.