Cyber threat, not credit, is what keeps today’s bank CEOs up at night

For years, bank executives presumed that the biggest risk facing the industry was bad credit. But that axiom is changing, as cybercriminals become more sophisticated and data security becomes more essential.

“We have been taught as bankers, the No. 1 risk in banking is credit,” U.S. Bancorp CEO Andy Cecere said Tuesday. “I think cyber is closely approaching that.”

A few of his peers, participating in a roundtable discussion in New York on the challenges facing large banks, agreed with that assessment. “The only secure network is one that is powered down and shut off,” said Greg Carmichael, CEO of Fifth Third Bancorp in Cincinnati.

The CEOs blamed what they described as their intensifying fears about cybersecurity on the massive data breach at Equifax this summer as well as other hacks.

U.S. Bancorp CEO Andy Cecere.

Cyber threats, of course, have loomed large over the industry for years. In response, banks have bulked up their defenses, and have been largely successful in fending off the blows of denial-of-service attacks and other attempts to penetrate company hardware.

But the mindset articulated by the CEOs suggested that they think the threats have entered a new phase, and that the industry faces a fundamental, longer-term challenge: finding more accurate and innovative ways to verify customer identities.

After hackers exploited a weakness in Equifax’s system, exposing the personal data of more than 145 million customers, the onus is now on the banking industry to verify that customers who apply for new accounts are, in fact, who they say they are, Wells Fargo CEO Tim Sloan said.

“The new cyber threat to deal with — which we’ve never dealt with before — is how do we ensure that the information from our customers is really accurate? Is it really our customers?” Sloan said, pointing to the “amount of data that is now out there” following the Equifax hack.

“We haven’t dealt with that, and we’re going to all figure it out,” Sloan added.

Several of the executives emphasized the importance of collective action in addressing the growing threat from cybercriminals.

“We have a tremendous amount of data on our customers,” says Grayson Hall, chairman and CEO of Regions Financial. “With that information comes an awful lot of responsibility and accountability.”

The comments — made at an industry conference sponsored by The Clearing House — illustrate some of the most pointed commentary to date on what the massive Equifax breach means for banks’ core businessess.

“The new cyber threat to deal with ... is how do we ensure that the information from our customers is really accurate? Is it really our customers?” — Tim Sloan, Wells Fargo

Equifax revealed the breach in early September, saying that 143 million customers were affected. A month later, that figure was raised to 145.5 million. In early October, former CEO Richard Smith resigned amid the blowback, and was succeeded on an interim basis by Paulino do Rego Barros.

In the weeks that have followed the hubbub, bankers and analysts have scrambled to assess the impact. A big question facing banks has been whether or not customers will respond by freezing their credit, a move that makes it harder to open new accounts.

As bankers reflected on the changing role of the big-bank CEO throughout discussion, other key themes emerged. Among them: the importance of hiring high-tech talent, and also establishing a company culture that is both innovative and ethical.

Sloan, in particular, reflected on his past year as CEO. He took the helm of the embattled San Francisco company about a year ago, after former CEO John Stumpf resigned amid revelations that more than 5,000 employees created more than 2 million fake accounts. That number was later increased to 3.5 million.

“It’s been a challenging environment, I’ll be honest with you — you may have read some things about Wells Fargo,” Sloan said lightheartedly, drawing laughter from the crowd.

Sloan emphasized, however, that the main challenge of the modern big-bank CEO is setting the right tone — both within the company, and for those outside of it.

“You’ve got to set the course and provide a level of optimism in an industry that has gone through a lot of challenges,” he said.

For reprint and licensing requests for this article, click here.
Cyber security Data breaches Consumer banking Authentication Regional banks Bank technology Tim Sloan U.S. Bank Fifth Third Bancorp Wells Fargo Regions Bank Equifax
MORE FROM AMERICAN BANKER