During his September 22 remarks at the American Banker Regulatory Symposium in Arlington, Virginia, FDIC Chairman Martin J. Gruenberg called cybersecurity an issue of “highest importance” for the FDIC and discussed the FDIC’s recent initiatives to address cybersecurity as a critical operational risk for large and small banks alike, including:
- A new framework for conducting IT examinations in partnership with the Federal Financial Institutions Examination Council (FFIEC), including “published standards, examination procedures, routine on-site inspections, and enforcement capability.”
- The Cybersecurity and Critical Infrastructure Working Group, an inter-agency liaison with law enforcement to help the banking agencies share information, collaborate regarding examination policy, and coordinate responses to cybersecurity incidents. Chairman Gruenberg announced that the Working Group is undertaking an assessment of the banking sector's overall readiness to address a significant cyber threat.
- The FDIC "Cyber Challenge," an online resource designed to help community banks assess their own preparedness to address a cybersecurity incident.
- A new requirement that community banks’ third-party technology service providers (TSPs) update their client financial institutions on any operational concerns the FDIC identifies at the TSP during an examination, and clarifying the FDIC’s expectations with regard to actions community banks should take when problems are identified at their TSP, including “zero-cost resources that can assist them in assessing their vulnerability to cyber threats.”
Chairman Gruenberg also emphasized that “internet cyber threats have rapidly become the most urgent category of technological challenges facing U.S. banks,” and that cybersecurity “needs to be engaged at the very highest levels of corporate management.”