Bank Examiners Told to Address Swift Risks

WASHINGTON — Federal financial regulators are incorporating lessons learned from the Swift hacks in their examinations, they told a lawmaker in a joint letter last week.

"The safety and soundness of the financial industry is dependent on secure payment systems," said the letter, which was signed by Federal Reserve Chair Janet Yellen, Comptroller of the Currency Thomas Curry and Federal Deposit Insurance Corp. Chairman Martin Gruenberg . "The agencies continue to focus on information security and payment systems risk as part of our ongoing supervisory oversight processes."

In response to an inquiry from Rep. Carolyn Maloney, D-N.Y., the regulators asserted they had taken several steps to ensure that banks were taking precautionary measures in response to recent infiltrations of the Swift network, which allowed hackers to steal funds from at least three foreign banks, including $81 million from the central bank of Bangladesh.

The Fed is involved with international regulators in "monitoring Swift's response" to the hacks, the letter said. The agency also sent an internal alert in May asking its teams that supervise bank and financial utilities "to make sure institutions were adequately mitigating the threats."

Meanwhile the OCC said it is in the process of issuing guidance for examiners on interbank messaging and wholesale payment systems. "As part of ongoing supervision activities, the OCC's onsite examination teams regularly address emerging issues, such as the recent reports of cyber-attacks involving Swift," the agency said in the letter.

The FDIC also alerted its examiners of the Swift attack, the letter said. The agency instructed them in May to conduct an "expanded review of cyber controls related to Swift or any wholesale payment system," in their examinations, according to the letter. And it also sent targeted guidance to institutions its supervises on "detecting and mitigating" the threat of similar breaches.

In June, the regulators had issued a joint statement through the Federal Financial Institutions Examinations Council, urging banks to evaluate the risks caused by interbank messaging and wholesale payments network.

"Financial institutions should review risk management practices and controls related to information technology systems and payment networks," the regulators said in their letter to Maloney.

For reprint and licensing requests for this article, click here.
Law and regulation Bank technology Data breaches
MORE FROM AMERICAN BANKER