WBK Industry - Federal Regulatory Developments

OCC Identifies Cybersecurity as an Increasing Risk to Banks in Semiannual Risk Perspective

The Office of the Comptroller of the Currency (OCC) recently released its Semiannual Risk Perspective for Fall 2017, assessing the risks facing national banks and federal savings associations as of June 30, 2017.  A key risk identified by the OCC was cyber threats, which the OCC warned are increasing in both speed and sophistication.

The OCC described phishing as a primary method of data system breach.  Relatedly, the OCC warned that “watering holes,” or infected websites, can pass malware to visitors, enabling criminals to gather information or access corporate networks.  These methods are often used as a gateway to perform other crimes, such as loading ransomware onto bank computers, access confidential information, affect payments, or conduct espionage.  In addition, the OCC noted that the use of unpatched or unsupported software and hardware risks the exposure of data or can enable breaches.

The OCC further warned that information technology companies and other third parties can be provide back doors to allow access into their clients’ business operations.  It noted that many of the large data breaches that have occurred in the past year involved such third parties.

The OCC also identified strategic risks, such as competitive pressures from financial technology companies entering the traditional banking industry.  These competitive pressures are influencing the credit environment.

Finally, the OCC turned to compliance risk.  It reported that compliance risk remains high in managing money-laundering risks.  The OCC also reported risks involved in changing policies and procedures to implement amended consumer protection requirements.

The OCC’s Semiannual Risk Perspective for Fall 2017 is available here:  https://www.occ.gov/publications/publications-by-type/other-publications-reports/semiannual-risk-perspective/semiannual-risk-perspective-fall-2017.pdf.