FDIC and OCC Issue Statement on Heightened Cyber Security Risk
In response to the heightened cyber-security risk facing the financial services industry and other critical business sectors, FDIC and OCC issued an interagency statement on heightened cyber-security risk. The agencies issued this statement to remind supervised financial institutions of sound cyber-security risk management principles that can reduce the risk of a cyber-attack and minimize business disruptions.
These principles elaborate on standards articulated in the Interagency Guidelines Establishing Information Security Standards as well as resources provided by FFIEC, such as the Statement on Destructive Malware. While preventive controls are important, financial institution management should be prepared for a worst-case scenario and maintain sufficient business continuity planning processes for the rapid recovery, resumption, and maintenance of the operations of an institution. The following are the key highlights of the statement:
- The Department of Homeland Security has indicated there is heightened risk of cyber-attack against U.S. targets because of increased geopolitical tension.
- The current environment provides an opportunity for banks to re-evaluate the adequacy of safeguards to protect against various types of cyber-security risk.
- The attached Heightened Cybersecurity Risk document highlights principles previously articulated by FDIC and other banking regulators including: business resilience, authentication, system configuration, security tool, data protection, and employee training.
- When banks apply cyber-security risk management principles and risk mitigation techniques, they reduce the risk of the success of a cyber attack and minimize the negative impacts of a disruptive and destructive cyber attack.
Related Links
- Notification
- Joint Statement
- Guidelines Establishing Information Security Programs
- FFIEC Cyber-Security Awareness Resources
Keywords: Americas, US, Banking, Cyber Risk, Cyber Attack, Business Continuity, Cyber Security, OCC, FDIC
Related Articles
EC Consults on PSD2 and Open Finance; EU Reaches Agreement on DORA
The European Commission (EC) published a public consultation on the review of revised payment services directive (PSD2) and open finance.
EC Mandates ESAs to Propose Amendments to SFDR Technical Standards
The European Commission (EC) has issued two letters mandating the European Supervisory Authorities (ESAs) to jointly propose amendments to the regulatory technical standards under Sustainable Finance Disclosure Regulation or SFDR.
EBA Examines Supervisory Practices, Issues Deposits Reporting Template
The European Banking Authority (EBA) published its annual report on convergence of supervisory practices for 2021. Additionally, following a request from the European Commission (EC),
US Agency Publications Address Basel, Reporting, and CECL Developments
The Farm Credit Administration published, in the Federal Register, the final rule on implementation of the Current Expected Credit Losses (CECL) methodology for allowances
SEC Extends Comment Period on Climate Risk Disclosures
The U.S. Securities and Exchange Commission (SEC) looks set to intensify focus on crypto-assets and cyber risk and extended the comment period on the proposed rules to enhance and standardize climate-related disclosures for investors.
APRA Reduces Committed Liquidity Facility, Issues Other Updates
The Australian Prudential Regulation Authority (APRA) announced reduction in the aggregate Committed Liquidity Facility and issued an update on the operational preparedness for zero and negative market interest rates.
CMF Consults on Basel Rules, Presents Roadmap to Address Climate Risks
The Commission for the Financial Market (CMF) in Chile published capital adequacy ratios (as of February 2022, January 2022, and December 2021) for 17 banks and for the banking system.
PRA Issues Statement on NPEs and Policy on Trading Activity Wind-Down
The Prudential Regulation Authority (PRA) issued a statement on the European Banking Authority (EBA) guidelines on management of non-performing exposures (NPEs) and forborne exposures.
EBA Updates Standards for 2023 Benchmarking of Internal Approaches
The European Banking Authority (EBA) updated the implementing technical standards that specify the data collection for the 2023 supervisory benchmarking exercise in relation to the internal approaches used in market risk, credit risk, and IFRS 9 accounting.
EIOPA Responds to Stakeholder Views on Blockchain in Insurance
The European Insurance and Occupational Pensions Authority (EIOPA) published a feedback statement on the responses received to the consultation on blockchain and smart contracts in insurance.