FDIC Consumer News - Winter 2016
What Banks and Bank Regulators are Doing to Protect Customers From Cyberthreats
In today's world, financial institutions must be aware of current cyberthreats and take appropriate precautions in order to protect their customers' money and personal information. "Banks are tempting targets for cyberthieves who want to commit financial fraud," said Jeff Kopchik, a senior policy analyst with the FDIC. "But what customers need to remember is that banks and regulators are working together to prevent these crimes."
Banks have employees or use outside firms that work to prevent cyberfraud. Also, financial institutions must continually improve their information security programs so they can effectively respond to the latest cyberthreats.
In addition, the FDIC and other regulators work with financial institutions to help protect customer information and money. Since 2001, federal law and regulations have required that financial institutions have programs to ensure the security and confidentiality of customer information. Federal and state bank examiners also regularly conduct on-site examinations of FDIC-insured institutions and their outside firms to ensure that they comply with these and other regulations.
Banking regulators also work with institutions to share overviews of the cyberthreat landscape and discuss steps they can take to be prepared. For example, in 2015, the FDIC produced an educational video on cybersecurity to help boards of directors and senior management at banks protect against potential threats. That same year, the regulators unveiled a voluntary "cybersecurity assessment tool" to help institutions identify risks and assess their preparedness.
"Banks may use any risk assessment tool they choose. FDIC examiners are available to discuss the results with bank management and help them focus on areas that need improvement," said Mark Moylan, FDIC deputy director for operational risk. "We view this communication as an important part of our strategy to help ensure the safety of customer financial information."
The FDIC also recommends that institutions join industry organizations that provide reliable and timely information designed to help institutions protect critical systems from cyber threats.
"Cybercriminals are constantly looking for new ways to commit financial fraud against a bank and its customers," Kopchik said. "That is why the FDIC devotes significant resources to financial institution compliance with federal information security laws and alerts bank management about the newest cyber threats and effective countermeasures. It's part of the FDIC's mission to maintain stability and public confidence in the nation's financial system."