Regulators Call For Better Bank Cybersecurity Oversight

Regulators Want To Streamline Cybersecurity Oversight For U.S. Banks

U.S. regulators are saying cyberattacks pose the greatest risk to U.S. banks in upcoming years, but the regulation and testing processes are convoluted and complicated for institutions in both spaces to assess, according to a report by the Financial Times.

Several regulators want to come up with a multi-agency cybersecurity approach that tests banks in a coordinated way. Right now, different regulators look at different pieces of the same bank. This means banks have to deal with numerous questions from different regulators who aren’t potentially seeing the big picture of the bank’s cyber weaknesses.

Regulators say cyberattacks could cause havoc to financial systems, crashing payment systems, exposing confidential customer data and generally posing a threat to the banking industry, which relies much more heavily on data than it used to.

When examining a bank’s credit risks, regulators take a cooperative approach that involves the Federal Reserve, the Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency, which work under the Shared National Credit Review. Cybersecurity regulators want a similar approach.

“At the moment banks face thousands of questions from multiple regulators every year,” a person with knowledge of the matter told the news outlet. “Under the new plans this would come down to hundreds, and because the regulators are putting their heads together, the new tests are likely to be more stringent too.”

Many regulators are saying that since many banks have shored up capital reserves and reduced risks since the financial crash, that cyber threats are the most significant risk to financial institutions.

JPMorgan Chase CEO Jamie Dimon said all of the different testing from multiple agencies makes it “very complicated” to comply with requests.

Many regulators as well as high-ranking officials in the industry are asking for a new way to do things.

“There are going to be hacks. The real question is how quickly you can identify and isolate the problem, and then recover the data,” one official said.