FSOC Cautions Industry About Cybersecurity Risks

Manatt, Phelps & Phillips, LLP
Contact

Manatt, Phelps & Phillips, LLP

Cybersecurity threats are the biggest challenge facing the financial services industry, the Financial Stability Oversight Council (FSOC) declared in its annual report, calling on federal regulators to ensure that banks are taking appropriate steps to protect their businesses.

What happened

Established by the Dodd-Frank Wall Street Reform and Consumer Protection Act, the FSOC is made up of representatives from each of the federal financial regulators. As in prior years, the report highlighted the major risks currently facing financial institutions.

At the top of the list: cybersecurity. The threat of cyber incidents continues to grow, the FSOC cautioned, and federal regulators need to ensure that the industry is taking all necessary precautions. To improve safety and mitigate risks, the report posits several suggestions.

Emphasizing “the necessity of sustained senior-level attention” to cybersecurity risks, the FSOC recommended the creation of a council of senior executives specifically focused on cybersecurity. This council could address ways that cyber incidents could impact business operations and market functioning, liaise with principal-level government counterparts on cybersecurity issues, identify specific vulnerabilities in the financial sector’s ability to provide critical products and services, and propose standards for cybersecurity and operational resistance, the report notes.

Information sharing across the private and public sectors can also help with operational risks, the FSOC said. “Sharing cybersecurity information, including ‘indicators’ of potential threats, can have a number of security benefits,” the report explains. “For example, one type of indicator can be used to reduce the time needed to discover that a compromise has occurred so that further damage can be avoided. Another can block attacks using known malware.”

Appropriate standards need to be in place for financial institutions, with the FSOC recommending use of the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity. “Baseline protections aid in the establishment of cybersecurity risk management programs to increase situational awareness, elevate cyber-risk governance practices, and reduce supply-chain risk,” the report states.

Adding even more value, use of the NIST framework will help establish a “common lexicon” among financial institutions for discussing cybersecurity issues, both in the United States and with international counterparts, the FSOC said.

Not surprisingly, the FSOC spilled some ink on third-party service providers, urging banks to include such entities, as well as any vendor contracts, in their cybersecurity plans and policies. The report “encourages additional collaboration between government and industry on addressing cybersecurity risk related to third-party service providers, including an effort to promote the use of appropriately tailored contracting language.”

Cybersecurity is not the only topic addressed in the report, which also discusses developments in the industry. While praising the benefits of innovation (reducing transaction costs and increasing credit availability, for example), the FSOC warned that new applications of technology “can be disruptive and can create risks and vulnerabilities that are difficult to anticipate.” In light of these uncertainties, the FSOC urged financial regulators “to continue to identify and study new products and services in order to understand how they are used and can be misused, monitor how they affect consumers, regulated entities, and financial markets, and coordinate regulatory approaches, as appropriate.”

Specifically referencing virtual currencies, distributed ledger technologies and marketplace lending, the report notes that federal regulators “should also evaluate the potential effects of new products and services on financial stability, including operational risk.”

To read the FSOC’s 2017 report, click here.

Why it matters

The federal banking regulators reinforced the cybersecurity risks facing the industry and offered several suggestions to help mitigate that risk and improve safety for financial institutions.

 

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Manatt, Phelps & Phillips, LLP | Attorney Advertising

Written by:

Manatt, Phelps & Phillips, LLP
Contact
more
less

Manatt, Phelps & Phillips, LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.