Regulators aim to strengthen industry’s cyber defenses
Federal regulators are looking to set up new standards for big banks’ planning and testing for possible cyberattacks. The aim is to bolster the banking industry’s defenses amid concern over periodic security breaches at U.S. banks.
The move announced Wednesday by the Federal Reserve, the Federal Deposit Insurance Corp. and a Treasury Department banking agency is designed to get banks’ senior executives and directors to pay closer attention to cybersecurity, agency officials said.
Fed Chair Janet Yellen has said that cybercrime is a “very significant threat.”
The proposal, open to public comment for three months, would apply to banks with $50 billion or more in assets. That would affect several dozen major banks and a few big insurance companies, all deemed to be so interconnected with the financial system that a cyberattack against one of them could shake the system’s stability.
In a stunning incident early this year, hackers diverted $101 million from the Bangladesh central bank’s account at the New York Federal Reserve.
The theft amplified worries about the security of the SWIFT global moneytransfer system, which is overseen by the Fed and other central banks. Belgium-based SWIFT, formally the Society for Worldwide Interbank Financial Telecommunication, is a cooperative that manages the international transfer system among banks. The hackers in the Bangladesh bank case apparently got the money by stealing the central bank’s SWIFT access codes.
The rules proposed by the three agencies would pile on a second set of stricter standards for big banks’ computer systems that are considered critical to the functioning of the financial industry.
The banks should establish goals for how long it would take them to recover from a cyberattack, and should assess the potential for malware or corrupted data to spread through connected computer systems, the regulators said.
The proposal doesn’t require the banks to submit their cybersecurity plans for approval or to notify the regulators if they suffer a data breach.