In response to the heightened cyber-security risk facing the financial services industry and other critical business sectors, FDIC and OCC issued an interagency statement on heightened cyber-security risk. The agencies issued this statement to remind supervised financial institutions of sound cyber-security risk management principles that can reduce the risk of a cyber-attack and minimize business disruptions.
These principles elaborate on standards articulated in the Interagency Guidelines Establishing Information Security Standards as well as resources provided by FFIEC, such as the Statement on Destructive Malware. While preventive controls are important, financial institution management should be prepared for a worst-case scenario and maintain sufficient business continuity planning processes for the rapid recovery, resumption, and maintenance of the operations of an institution. The following are the key highlights of the statement:
- The Department of Homeland Security has indicated there is heightened risk of cyber-attack against U.S. targets because of increased geopolitical tension.
- The current environment provides an opportunity for banks to re-evaluate the adequacy of safeguards to protect against various types of cyber-security risk.
- The attached Heightened Cybersecurity Risk document highlights principles previously articulated by FDIC and other banking regulators including: business resilience, authentication, system configuration, security tool, data protection, and employee training.
- When banks apply cyber-security risk management principles and risk mitigation techniques, they reduce the risk of the success of a cyber attack and minimize the negative impacts of a disruptive and destructive cyber attack.
- Joint Statement
- Guidelines Establishing Information Security Programs
- FFIEC Cyber-Security Awareness Resources
Keywords: Americas, US, Banking, Cyber Risk, Cyber Attack, Business Continuity, Cyber Security, OCC, FDIC
IAIS published technical specifications, questionnaires, and templates for 2020 Insurance Capital Standard (ICS) and Aggregation Method data collections.
BIS announced that it will establish new Innovation Hub centers across Europe and in North America in cooperation with member central banks.
FED updated the reporting form for FR 2052a, which is used to monitor the overall liquidity profile of certain supervised institutions.
PRA published a statement that sets out its views on certain amendments made to Capital Requirements Regulations (CRR and CRR2) via EU Regulation 2020/873 (CRR "Quick Fix"), including some guidance for firms.
The Climate Financial Risk Forum (CFRF), which is a joint climate risk forum of FCA and PRA, published a guide written by the industry for the industry to help firms approach and address climate-related financial risks.
IAIS published an application paper on liquidity risk management for insurers.
EBA published its response to the EC consultation on a new Digital Finance Strategy for Europe.
EIOPA responded to the EC consultation on a new digital finance strategy for Europe.
ESMA published its response to the EC consultation on the new digital finance strategy for EU.
FSB published, for consultation, a report on evaluation of the too-big-to-fail (TBTF) reforms for systemically important banks.