Financial institutions are facing an “urgent” threat of hacks and cyberattacks causing regulators to take a closer look at banks’ efforts to combat such concerns, the Federal Deposit Insurance Corporation (FDIC) Chairman recently cautioned.
At the American Banker Regulatory Symposium, FDIC Chairman Martin Gruenberg told attendees that the rise of cyberattacks targeting banks has triggered a need for regulators to assess the efforts of institutions to fight back or prevent such attacks.
Working in partnership with the Federal Financial Institutions Examination Council (FFIEC), the FDIC has developed a framework for conducting IT examinations to cover “a broad spectrum of technology, operational, and information security risks,” Gruenberg explained, featuring published standards, examination procedures, routine on-site inspections, and enforcement capability.
Because “Internet cyber threats have rapidly become the most urgent category of technological challenges facing our banks,” cybersecurity is no longer just an issue for the IT department, Chairman Gruenberg said. “Instead, it needs to be engaged at the very highest levels of corporate management.”
He noted that a new group formed by the FFIEC, the Cybersecurity and Critical Infrastructure Working Group – which liaises with the Department of Homeland Security – will soon release a report assessing the banking sector’s overall readiness to address a significant cyberthreat.
The FDIC’s own efforts to combat cyberthreats include a “Cyber Challenge” online resource with videos and a simulation exercise as well as the institution of a requirement that third-party technology service providers (TSP) update client financial institutions on any operational concerns the FDIC identifies at a TSP during an examination.
Given that cybersecurity “has become an issue of the highest importance not only at the FDIC, but for the FFIEC and its member agencies as well as the federal government as a whole,” Chairman Gruenberg said the FDIC “encourage[s] banks to practice responding to cyber threats as part of their regular disaster planning and business continuity exercises.”
To read the prepared remarks of Chairman Gruenberg, click here.
Why it matters: Chairman Gruenberg characterized the current economic period as one of transition, as banks continue to recover from the financial crisis by repairing balance sheets, building capital, and enhancing liquidity. “However, with these opportunities the industry will face new risk management challenges that will require the attention of their senior management and boards,” he added. Financial institutions should take note of the three areas of ongoing supervisory focus highlighted by the Chairman: in particular, the rising threat of cyberattacks and the need to engage the highest levels of corporate management on the issue. Case in point: JPMorgan Chase & Co. just revealed in a filing with the Securities and Exchange Commission that a cyberattack on the institution compromised information from 76 million households and 7 million small businesses, including names, addresses, phone numbers and e-mail addresses, as well as internal JPMorgan Chase information about the users – one of the largest corporate breaches reported to date.
