North American regulators have unveiled a new cybersecurity standard to bolster the ability of the country’s largest banks to withstand a major cyberattack, a move aimed at protecting the US financial system.
The plan, released jointly by the Federal Reserve, the Federal Deposit Insurance Corp. and the
Office of the Comptroller of the Currency, would strengthen the way agencies oversee how large US banks and foreign banks operating in the US with $50 billion or more in assets manage and address threats to cybersecurity – according to the WSJ.
“It’s kind of remarkable to sit and think that in the course of just a generation… we’ve gone from a situation where institutions had no dependence on IT to … [what] feels like an utter, dependence on IT,” said Richard Cordray, head of the Consumer Financial Protection Bureau and a member of the FDIC board at a meeting to discuss the proposal.
The draft plan would impose the toughest restrictions on firms considered to pose the greatest risk to the financial system. Those firms would have to prove they can get their core operations running within two hours of a cyberattack or major IT failure. The new rules also would apply to nonbank financial companies deemed systemically risky by a panel of regulators headed by Treasury Secretary Jacob Lew.
Regulators have been wrestling with how to shield financial firms from increasing cybercrimes following a series of attacks that have cost the industry billions of dollars and have shaken American consumers’ confidence.
The draft plan is aimed at “increasing their operational resilience and reducing the impact on the financial system of a cyber event experienced by one of these entities,” FDIC Chairman Martin Gruenberg said at the board meeting.
The proposed standards would require financial firms to develop and maintain a cybersecurity risk management plan approved by their boards and incorporated into their business strategies. It also would require banks to use the cyberdefenses in their business units and incorporate them into company audits.
Under the proposal, institutions also would be required to establish and implement a plan that would allow them to continue to perform core business functions during a cyberattack.
The post Regulators increase cybersecurity standards at biggest banks appeared first on Payments Cards & Mobile.