Comptroller Curry Alerts Banks to Increasing Risks from Cyberattacks


Comptroller of the Currency, Thomas J. Curry, made a speech at the Exchequer Club in Washington, D.C. on September 18, 2013 in which he discussed the increasing risks to banks and the financial system from the growing sophistication and frequency of cyberattacks.  The Comptroller pointed out that hackers now can conduct their activity from almost any location and the cost of the tools used by hackers “has dropped precipitously” and sometimes can be obtained without any cost.  At the same time, the operational risks to banks are increasing, said the Comptroller, because banks are increasing their reliance on technology and telecommunications and because banks’ systems are often interconnected, directly or through third-party vendors and servicers.  The Comptroller noted that there is every reason to think that these risks will continue to increase as banks are today “leveraging cloud computing, social media, mobile banking, and new payment solutions and it is impossible to guess what opportunities technology will bring ten years from now.”  The Comptroller also suggested that as the largest banking institutions strengthen their defenses against cyberattacks, hackers may increasingly focus attacks on community banks.

Comptroller Curry stressed the importance to banks that their respective boards and senior management understand the risks posed by cyberattacks and “set the right tone at the top” to inculcate risk management into the culture at their banks.  He also stressed that, to address cybersecurity compliance effectively, banks need to communicate with each other, their regulators and other relevant government agencies.  As an example of how bank regulators are working collectively to consider cybersecurity issues, Comptroller Curry stated that, in his capacity as Chairman of the Federal Financial Institutions Examination Council (“FFIEC”), he has appointed an FFIEC Cybersecurity and Critical Infrastructure Working Group that “is already meeting with intelligence, law enforcement, and homeland security officials” to consider “how best to implement appropriate aspects of the President’s Executive Order on Cybersecurity, as well as how to address the recommendations of the Financial Stability Oversight Council.”

IRS Circular 230 Disclosure: To ensure compliance with requirements imposed by the IRS, we inform you that any U.S. tax advice contained in this informational piece (including any attachments) is not intended or written to be used, and may not be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Goodwin | Attorney Advertising

Written by:


Goodwin on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.