On September 22, 2014 Chairman Gurenberg (FDIC) gave remarks to the American Banker Regualtory Symposium in Arlington, Virginia. Gruenberg named cybersecurity among three concerns facing the industry as banks make the transition into a period of stronger growth and increased lending. The other two are continued risks posed by a changing interest rate environment, and the need for prudent underwriting and risk management despite temptations to cut corners as loan demand rises. In his remarks he called cybersecurity an issue of “highest importance” for the FDIC and discussed the FDIC’s recent initiatives to address cybersecurity as a critical operational risk for large and small banks including: (1) A new framework for conducting IT examinations in partnership with the Federal Financial Institutions Examination Council (FFIEC), including “published standards, examination procedures, routine on-site inspections, and enforcement capability.” (2) The Cybersecurity and Critical Infrastructure Working Group, an inter-agency liaison with law enforcement to help the banking agencies share information, collaborate regarding examination policy, and coordinate responses to cybersecurity incidents. (3) The FDIC “Cyber Challenge,” an online resource designed to help community banks assess their own preparedness to address a cybersecurity incident. (4) A new requirement that community banks’ third-party technology service providers (TSPs) update their client financial institutions on any operational concerns the FDIC identifies at the TSP during an examination.
Chairman Gruenberg also emphasized “In an increasingly interconnected banking environment, Internet cyberthreats are rapidly becoming the most urgent category of technological challenges facing our banks,” he said. “The large number [of] and sophistication of cyberattacks directed at financial institutions in recent years does require a shift in thinking.”