Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

U.S. regulators to probe financial institutions' cyber defenses

Reprints

(Reuters) — U.S. regulators on Wednesday said they were stepping up efforts to examine financial institutions' defenses to ward off cyber attacks as a top FBI official warned of new "increasingly complex" threats to the financial sector.

The top U.S. derivatives regulator said before a Senate panel that his agency, the Commodity Futures Trading Commission, will focus on cyber security as it conducts compliance exams for exchanges and clearinghouses to make sure they are protecting themselves from cyber attacks.

Meanwhile, the New York Department of Financial Services issued new guidelines to banks it regulates detailing how their cyber security efforts will be examined.

The increased scrutiny comes several months after the largest U.S. bank, JPMorgan Chase & Co., disclosed a major hack that exposed personal information of 83 million households, and other financial institutions may also have been affected.

"Today's cyber actors, from nation states to criminal groups and individuals, find themselves virtually unrestrained by time, distance and physical location," FBI Assistant Director Joseph Demarest said at a hearing before the Senate Banking Committee on cyber security.

Mr. Demarest said the FBI had provided 36 classified threat briefings about certain attacks to financial institutions and government agencies between March 2013 and July 2014, and classified threat briefings in March, April and July 2014 to 145 financial institutions.

CFTC Chairman Timothy Massad said before the Senate Agriculture Committee his agency would also focus on the issue. "The risk is apparent."

Mr. Massad warned, however, that his agency is strapped for cash and cannot do the comprehensive review he would prefer.

"Some of our major financial institutions are reportedly spending more on cyber security each year than our agency's entire budget," he said.

The Office of the Comptroller of the Currency has included cyber security in its bank exams, and the U.S. Securities and Exchange Commission released a blueprint earlier this year outlining plans to undertake similar exams.

The New York regulator said his department was interested in the amount of resources devoted to information security, risks posed by shared infrastructure, management of third-party service providers and other factors.

Sen. Elizabeth Warren, D-Mass., also urged regulators at the banking hearing to focus on the risks to financial institutions posed by third parties.

"When we talk about cyber attacks on our financial institutions, we should remember it's not just the institutions themselves who are at risk, there is a whole chain of organizations," she said.

Read Next