-
WASHINGTON Federal regulators on Tuesday unveiled a much-anticipated tool meant to help institutions assess their own cybersecurity systems.
June 30 -
Multiple banks are reporting fraudulent activity on cards used at hotels owned by real estate magnate, reality TV star, and now controversial presidential candidate Donald Trump.
July 2 -
The executive in charge of protecting JPMorgan Chase & Co.'s computer network from hackers has been reassigned, after a year on the job that included controversy over his handling of a massive data breach and the departure of several top security team members.
June 30 -
The Consumer Financial Protection Bureau is generally coordinating with prudential regulators on supervisory issues to avoid duplicating responsibilities, but communication between the agencies can still be improved, the CFPB's watchdog said Thursday.
July 2
Bank regulators should improve their collection of data on information security incidents at financial institutions and facilitate better information-gathering about industrywide cyber threats, the U.S. Government Accountability Office said Thursday.
The GAO report said although examiners have focused on the information technology systems at individual institutions, most regulators "lacked readily available information on deficiencies across the banking system."
Collecting data on security incidents and examination deficiencies "would better enable regulators to identify and analyze trends across institutions and use that analysis to better target areas for review at institutions," the report said.
The report also specifically called on Congress to authorize the National Credit Union Administration to examine credit unions' third-party technology providers.
The study comes at a time when regulators are intensifying their focus on financial institutions' readiness for cyber-attacks. Earlier this week, the Federal Financial Institutions Examination Council unveiled a guided assessment "tool" for banks and other institutions to gauge their cyber threat and level of readiness.
The GAO said regulators' current risk-based approach to examining institutions for information security flaws could be improved to analyze problems across multiple institutions.
Institution-specific examinations by regulators varied in terms of scrutiny based on the size of the institution and their past performance, the report said. While the largest banks were examined by IT experts, smaller institutions at times were reviewed by examiners with little to no background in IT.
The GAO said that the regulators acknowledged the need for improved IT expertise among staff and had already taken corrective steps. Still, the GAO stressed that having industrywide data would allow regulators to spot trends, which could then lead to more targeted reviews at banks and credit unions.
In responses, officials with the Treasury Department as well as the financial services regulators generally reacted positively to the report and said they were already taking steps to improve monitoring of cyber threats.
Comptroller of the Currency Thomas Curry said in a June 15 letter that the new "cybersecurity assessment tool" will provide his agency "with a repeatable and measurable process for assessing both the level of risk and the maturity of risk management processes within and across institutions."
