SIFI overseer turns attention to cyber resilience

The federal body known most for designating certain insurers as “systemically important financial institutions” subject to enhanced oversight has turned its attention to cybersecurity.

In its annual report released last week, the Financial Stability Oversight Council said that “financial services sector companies and industry groups, executive branch agencies, financial regulators and others have made notable progress in improving cybersecurity and resilience throughout the system.

“Continuing to advance these and other efforts should remain a top priority for business and government leaders, and the council makes several recommendations for doing so which build on recommendations made in last year's annual report,” FSOC added.

Among other things, FSOC recommended that the Departments of Treasury, Homeland Security, Justice and Defense and financial regulators “strongly support efforts to implement” the Cybersecurity Act of 2015, which promotes information sharing on data breaches.

In addition, FSOC recommended that financial regulators “endeavor to establish a common risk-based approach to assess cybersecurity and resilience at the firms they regulate.”

FSOC also addressed the issue of a “significant cybersecurity incident” affecting the financial services sector with implications for the stability of the economy. It recommended that agencies and financial companies “further explore how best to concurrently manage the financial stability and technical impacts of a significant cybersecurity incident. Ultimately, effective response to a significant cybersecurity incident affecting the financial services sector will depend on technical, financial stability and business response efforts,” said FSOC.