Treasury Deputy Secretary Sarah Bloom Raskin served as the moderator of a panel on “Cybersecurity in a World of Evolving Technology” before the Women in Finance and Technology Symposium in Washington, D.C., last week. With the ever-present concern regarding and rampant media coverage of hackers, money laundering, identity fraud, and the general safety and soundness of banking institutions, the focus on cybersecurity has been a consistent drumbeat from regulators in recent years.
Ms. Raskin emphasized that cybersecurity is an area in which multiple regulators may be involved. Therefore, it is incumbent on regulators to ensure that they are imposing standards and guidelines that are consistent. Doing so allows financial institutions to implement policies and procedures that will be the most effective and, because such they are less likely to change as frequently after having been properly vetted and coordinated, institutions can implement the policies and procedures with a greater measure of certainty with regard to the total cost. This coordination must take place between both state and federal regulators for a single institution and should also occur:
- Between regulators of different institutions (e.g., banks vs. credit unions vs. insurance companies);
- Across state borders so that state agencies across the country can identify risk areas and harmonize best practices for the specific types of institutions for which the regulator is responsible; and
- Between the prudential regulators and, where appropriate, law enforcement and intelligence agencies. Other members of the panel representing industry participants strongly agreed with this strategy, suggesting that to do otherwise risked a “proliferation of standards.”
In addition to the coordination of regulators, other topics for increasing cybersecurity included an enterprise-wide focus that was implemented from the top-down and a review of third-party service providers, as well as the contractors for such third-party providers.