Bank/Thrift Supervision   |    Capital    |    CFPB    |    Deposit Insurance    |    Interchange    |    Mortgage Finance
Municipal Advisors   |    OCC-OTS Merger   |    Preemption    |    QM - QRM    |    Swaps   |    Volcker Rule    |    Full Topics List
Qualified Mortgage - Qualified Residential Mortgage
Consumer Financial Protection Bureau - CFPB
Bank/Thrift Holding Company Supervision
Deposit Insurance
Mortgage Finance
Municipal Advisors
OCC-OTS Merger
Volcker Rule
Corporate Governance
Financial Stability Oversight Council (FSOC)
Office of Financial Research (OFR)
Systemic Risk
Supervision and Oversight
Payment, Clearing and Settlement
Prudential Supervision
Trust & Securities
Asset-Backed Securities
Resolution Authority

Wednesday, June 8, 2016

Agencies Issue Guidance in Response to SWIFT Compromises

In the wake of high-profile compromised communications in the SWIFT communications network, the federal banking agencies issued guidance alerting banks to specific risk mitigation techniques that can minimize the cyber risks associated with interbank networks and wholesale payments systems.

The guidance – which included no new regulatory expectations – emphasized conducting ongoing information security risk assessments and monitoring, protecting against unauthorized access, implementing and testing controls, managing business continuity risk, enhancing employee cybersecurity awareness and sharing information within the industry. For example, to prevent unauthorized access, the agencies recommended limiting the number of network credentials and reviewing access rights frequently.

The agencies said:
Financial institutions should review their risk management practices and controls over information technology and wholesale payment systems networks, including authentication, authorization, fraud detection, and response management systems and processes. The FFIEC members emphasize that participants in interbank messaging and wholesale payment networks should conduct ongoing assessments of their ability to mitigate risks related to information security, business continuity, and third-party provider management.

The guidance came after a widely reported sequence of hacks that used malware to issue unauthorized payment orders through the Society for Worldwide Interbank Financial Telecommunication, or SWIFT, network. SWIFT is used to verify the authenticity of transfer requests. Banks in the Philippines, Bangladesh, Vietnam, Ecuador and other countries are reported to have been hit by fraudulent SWIFT messages.

View the guidance.

No comments:

Post a Comment

Please read our comment policy before making a comment.