Subscribe to our mailing list

* indicates required







We seek to provide information, insights and direction that may enable the Financial Community to effectively and efficiently operate in a regulatory risk-free environment by curating content from all over the web.


Stay Informed with the latest fanancialish news.




Big Banks

Regulators to Toughen Cybersecurity Standards at Nation’s Biggest Banks

October 19, 2016

Federal regulators unveiled an initial plan to bolster the ability of the country’s largest banks to withstand a major cyberattack, a move aimed at protecting the U.S. financial system in the event of a technology failure.  The plan, released jointly by the Federal Reserve, the FDIC, and the Office of the Comptroller of the Currency, would strengthen the way agencies oversee how large U.S. banks and foreign banks operating in the U.S..


The draft plan would impose the toughest restrictions on firms considered to pose the greatest risk to the financial system. Those firms would have to prove they can get their core operations running within 2 hours of a cyberattack or major IT failure. The new rules also would apply to nonbank financial companies deemed systemically risky by a panel of regulators headed by Treasury Secretary Jacob Lew.


Deputy Treasury Secretary Sarah Bloom Raskin, speaking Tuesday at a Wall Street Journal Pro Financial Regulation conference, said cybercrime in the financial sector “hits directly on this notion of interconnectedness” and “goes right to the right heart of what we think of as potentially systemic.”  This concept is spelled out in the draft plan, which states:  “Due to the increasing interconnectedness of the U.S. financial system, a cyber incident or IT failure at one entity may impact the safety and soundness of other financial entities and introduce potentially systemic consequences.”


The 3 agencies involved already examine their respective banks’ information security practices during regular supervisory reviews. But regulators say the new standards will help to strengthen cybersecurity practices while reducing the potential harm from an attack or IT failure on the financial system.


The proposed standards would require financial firms to develop and maintain a cybersecurity risk management plan approved by their boards and incorporated into their business strategies. It also would require banks to use the cyberdefenses in their business units and incorporate them into company audits.


The public has 90 days to comment on the initial proposal - comments due on 1/17/17.