Dec 04 2014

Federal, State Regulators Plan Robust Cyber Training for Bank Examiners

Enhanced training will help examiners better determine if banks are prepared to handle growing cyberthreats.

Federal and state agencies charged with regulating the nation’s banks are pulling out the stops to ensure that financial institutions are equipped to handle cyberthreats.

At New York’s Department of Financial Services, plans are underway to boost training for bank examiners, and the department plans to hire several professionals who “have more of a cyberbackground than the average examiner,” department Superintendent Benjamin Lawsky told The Wall Street Journal.

In Illinois, the state’s Department of Financial and Professional Regulation offers examiners training courses on a variety of IT- and cyber-related topics, including network security and corporate account takeovers, the WSJ also noted. This type of fraud occurs when cyberthieves steal employees’ sensitive credentials and use that information to hijack corporate systems and carry out fraudulent transactions.

Federal regulators are taking similar measures.

The Federal Deposit Insurance Corp. requires all new examiners to take cybersecurity courses. Examiners receive an introduction to security, where they learn about cyberthreats such as spoofing attacks and text-message malware. The Federal Reserve is also training front-line examiners to bolster their IT expertise.

Speaking at the American Banker Regulatory Symposium in September, FDIC Chairman Martin Gruenberg said that “the FDIC has developed a framework for conducting IT examinations that covers a broad spectrum of technology, operational, and information security risks.” That framework includes “published standards, examination procedures, routine on-site inspections and enforcement capability.”

Starting this year, the agency is requiring third-party technology service providers (TSPs) to inform the banks they serve of any operational issues the FDIC identifies during examinations.

Through its Cyber Challenge, the FDIC helps community banks assess their cybersecurity preparedness using videos, simulation exercises and online resources.

“In an increasingly interconnected banking environment, Internet cyberthreats have rapidly become the most urgent category of technological challenges facing our banks,” Gruenberg said. “The large number and sophistication of cyberattacks directed at financial institutions in recent years requires a shift in thinking. Cybersecurity is no longer just an issue for the IT department. Instead, it needs to be engaged at the very highest levels of corporate management.”

The revelation this summer of a massive data breach at JPMorgan Chase that affected 76 million households has spurred ongoing efforts to boost cybersecurity among the nation’s financial institutions.

Cyber Summit for Banks

On Wednesday, the Conference of State Bank Supervisors (CSBS) helped facilitate a one-day cybersecurity summit in Texas for CEOs and senior executives to learn about the cyberthreat landscape, the collection and sharing of cyberthreat intelligence and best practices in cybersecurity management, said Rockhelle Johnson, a spokeswoman for CSBS.

The organization plans to work with other states in 2015 to host similar events. Wednesday’s summit was the kickoff event.

“The goal of the summit is for community bank CEOs and senior executive leadership to walk away more informed about the current cyberthreat landscape, steps CEOs should take in managing their banks cybersecurity and information sharing resources that are available to them,” Johnson said.

StateTech Magazine Top 50 Bloggers 2014