Although cyber attacks are increasing in frequency, there tend to be different ideas as to mitigating the risks. Find out what the government is doing to help lessen the threat of cyber attacks and how you can help.

Starting Process Now

Because a study performed by The Depository Trust & Clearing Corporation (DTCC) shows cyber risk ranked as the biggest risk to the worldwide financial system, the U.S. government is looking to set nationwide standards for cyber security. Cyber attacks are on the rise, affecting internal data and causing financial and reputational losses for companies and clients worldwide. As a result, regulatory agencies are becoming more involved in combating cyber threats. The agencies want to focus on unifying standards for cyber security so financial institutions are consistent in how they reduce the risk of cyber attacks.

Establishing Standards

In October 2016, the Federal Reserve Board, the Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency approved an advance notice of proposed rulemaking (ANPR) and asked for public input on pending cyber security risk management and resilience standards to be put in place for large, interconnected entities the agencies oversee. The standards would also be enforced for services third parties provide for the firms.

The cyber security standards would apply to depository institutions and depository institution holding companies with total consolidated assets meeting or exceeding $50 billion, the U.S. operations of foreign banking organizations with U.S. assets meeting or exceeding $50 billion, and financial market infrastructure companies and nonbank financial companies supervised by the Federal Reserve Board. The standards would not be enforced for community banks.

The cyber security standards would be tiered, including higher standards for systems providing key functions for the finance industry. The government agencies are deciding whether firms providing such systems should be required to substantially reduce their risk of having the systems disrupted or fail because of a cyber attack.

Comment by Mid-January

Federal agencies released an ANPR to gain public input on every aspect of the proposed cyber security standards before moving forward with a more detailed proposal for consideration. The agencies are also requesting public input on suggested methodologies that may be used for quantifying cyber risk and comparing cyber risk in different areas in the finance industry. Input on the ANPR is due January 17, 2017.

Cyber security standards are becoming a necessary part of government action. Remain updated on this and other current events in the finance industry by staying in touch with CarterWill Search & Flex.