In February 2016, financial messaging system Swift inadvertently let hackers steal $81 million from Bangladesh’s account at the Federal Reserve Bank of New York. As a result of this and other cyber attacks against Swift’s users, U.S. banking regulators are increasing their oversight of the Belgium-based company and the financial institutions it serves.
Response to Cyber Attack on Swift
In a letter dated May 23, 2016, Rep. Carolyn B. Maloney (D., N.Y.), who serves on the House Financial Services Committee, asked regulators what steps they were taking as a result of the cyber attack that drained tens of millions of dollars from the accounts of clients in Bangladesh and Ecuador. In a letter dated August 17, 2016, signed by Fed Chairwoman Janet Yellen, Comptroller of the Currency Thomas Curry, and FDIC Chairman Martin Gruenberg, regulators responded by detailing the steps being taken to stop further breaches. Although Maloney felt encouraged by the action taking place, she remains concerned about future cyber attacks.
Alerts to Financial Institutions
The FDIC sent an internal alert to examiners on May 18, 2016, providing guidance on cyber controls for Swift and other wholesale payment systems at examinations. On May 25, the Fed issued an internal alert to banking supervisors outlining ways to reduce threats against institutions working with Swift. The FDIC also sent banks guidance on June 1 for reducing cyber threats and malware used for targeting Swift software. In addition, on July 21, the OCC gave a supervision tip to examiners, providing background on the cyber attacks and actions the examiners should take.
Swift’s Unexamined Cyber Security
Because Swift’s security was rarely thought about for decades, The New York Fed believed communication authenticated by Swift was genuine and binding. However, hackers have been finding entryways through Swift’s customers, letting hackers submit fraudulent messages through the system.
Changes in Cyber Security for Swift’s Customers
Since cyber security is an ongoing challenge for the finance industry, Swift is encouraging its customers to increase their security. The company is actively working with banks and regulators to stop increasingly elaborate cyber threats.