In response to the heightened cyber-security risk facing the financial services industry and other critical business sectors, FDIC and OCC issued an interagency statement on heightened cyber-security risk. The agencies issued this statement to remind supervised financial institutions of sound cyber-security risk management principles that can reduce the risk of a cyber-attack and minimize business disruptions.
These principles elaborate on standards articulated in the Interagency Guidelines Establishing Information Security Standards as well as resources provided by FFIEC, such as the Statement on Destructive Malware. While preventive controls are important, financial institution management should be prepared for a worst-case scenario and maintain sufficient business continuity planning processes for the rapid recovery, resumption, and maintenance of the operations of an institution. The following are the key highlights of the statement:
- The Department of Homeland Security has indicated there is heightened risk of cyber-attack against U.S. targets because of increased geopolitical tension.
- The current environment provides an opportunity for banks to re-evaluate the adequacy of safeguards to protect against various types of cyber-security risk.
- The attached Heightened Cybersecurity Risk document highlights principles previously articulated by FDIC and other banking regulators including: business resilience, authentication, system configuration, security tool, data protection, and employee training.
- When banks apply cyber-security risk management principles and risk mitigation techniques, they reduce the risk of the success of a cyber attack and minimize the negative impacts of a disruptive and destructive cyber attack.
- Joint Statement
- Guidelines Establishing Information Security Programs
- FFIEC Cyber-Security Awareness Resources
Keywords: Americas, US, Banking, Cyber Risk, Cyber Attack, Business Continuity, Cyber Security, OCC, FDIC
BIS Innovation Hub published the work program for 2021, with focus on suptech and regtech, next-generation financial market infrastructure, central bank digital currencies, open finance, green finance, and cyber security.
In an article published by SRB, Mairead McGuinness, the European Commissioner for Financial Services, Financial Stability, and Capital Markets Union, discussed the progress and next steps toward completion of the Banking Union.
EBA finalized the two sets of draft regulatory technical standards on the identification of material risk-takers and on the classes of instruments used for remuneration under the Investment Firms Directive (IFD).
EC published, in the Official Journal of the European Union, a notification that the European Court of Auditors (ECA) has published a special report on resolution planning in the Single Resolution Mechanism.
BoE published a scenario against which it will be stress testing banks in 2021, in addition to setting out the key elements of the 2021 stress test, guidance on the 2021 stress test, and the variable paths for the 2021 stress test.
PRA published a consultation paper (CP3/21) proposes rules regarding the timing of identity verification required for eligibility of depositor protection under the Financial Services Compensation Scheme (FSCS).
FSB published the work program for 2021, which reflects a strategic shift in priorities in the COVID-19 environment.
FCA announced that 50% firms have started using the new data collection platform RegData, which is slated to replace the existing platform known Gabriel.
Bundesbank published Version 5.0 of the derivation rules for completeness check at the form level, with respect to the data quality of the European harmonized reporting system.
FED finalized a rule that updates capital planning requirements to reflect the new framework from 2019 that sorts large banks into categories, with requirements that are tailored to the risks of each category.