Compliance

FS-ISAC will test banks' cybersecurity defenses in "hyper-realistic" simulations of malware, phishing and ransomware attacks.

After a yearlong investigation by the Securities and Exchange Commission, large investment banks including BofA, Citi and Deutsche admitted they failed to monitor their employees on certain messaging channels such as WhatsApp.

The company has built an ability to connect employees' communications to their behavior, to root out any policy violations and show regulators a bank is doing enough to comply.

The Tennessee company said the cyberattack took place in late January and early February.

The breach was quickly followed by fake text and app messages to customers that appeared to come from the challenger bank.

Morgan Stanley will pay $35 million to settle Securities and Exchange Commission allegations that one of its units failed to secure the personal data of millions of customers when replacing company hard drives and servers.

The Office of the Comptroller of the Currency has stopped requiring the bank to provide quarterly progress reports about its efforts to mitigate cloud computing risks.

The agency in charge of regulating cybersecurity incident reports asked firms Monday to give their input on how the developing set of rules should work.

Shortcomings in security testing and monitoring of clients could also trip up payment industry players who need to meet new requirements by 2025.

In an exclusive interview, the moderate Virginia Democrat and co-chair of the Community Development Financial Institution Caucus touched on the future of community development, cybersecurity and nonbank regulation.