Comptroller of the Currency Thomas Curry last week provided an overview of the top cyber-security priorities that the Office of the Comptroller of the Currency will be focusing on for the remainder of 2015.
In remarks at the BITS Emerging Payment Forum, Curry said one of his top priorities is to address the risks that cyber threats pose to banks. This effort “necessarily requires extensive and ongoing coordination” among regulators, the financial sector, and other critical infrastructure sectors, he said.
On an interagency basis, the OCC created the Cybersecurity and Critical Infrastructure Working Group under the umbrella of the Federal Financial Institutions Examination Council "to increase cyber-security awareness, promote best practices in the industry, and to strengthen regulatory oversight of cyber-security readiness," Curry said.
Following an assessment conducted jointly by these agencies last year on cyber-security readiness at more than 500 financial institutions, the FFIEC soon will be releasing a cyber-security assessment tool that financial institutions can use to evaluate their cyber threats. “I want to emphasize that the assessment tool is exactly that; it is a tool to help banks, particularly community banks, to defend against cyber-security threats,” Curry said. “Those threats are real, and they are unlikely to abate any time soon. In fact, they are more likely to increase.”
“I would caution against anyone viewing this effort, and the OCC’s complementary cyber-security examination program, as an unnecessary regulatory burden,” Curry added. “The time to act is now.”
At the same time, FFIEC members are enhancing their incident analysis, crisis management, training, and policy development, while also expanding their focus on technology service providers’ cyber-security preparedness.
To help reduce the burden and expense of regulatory compliance, the OCC and other banking agencies are holding hearings around the country to come up with ways “to cut regulatory burden without jeopardizing safety and soundness and compliance safeguards,” Curry said. “In particular, we are working with our colleagues to find better ways to use technology to provide more accurate and timely information to law enforcement and regulators, while simultaneously reducing cost and burden.”