U.S. Regulators Outline Steps Taken after SWIFT Heist
In the wake of the cyberattack that struck international financial messaging network SWIFT earlier this year, U.S. banking regulators say that they are assessing cybersecurity threats facing the country’s financial institutions and the controls in place to defend against attacks. In a letter responding to a request for information from U.S. Rep. Carolyn Maloney (D-N.Y.), officials from the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency (OCC) and the FDIC said the agencies have “taken a number of steps to address information security concerns related to the SWIFT messaging network.” Those measures include issuing a joint statement in June emphasizing the steps financial institutions should take to manage risks associated with interbank messaging and wholesale payment networks, the agencies’ response letter noted.
Along with the joint statement, each agency is taking steps on its own, the letter noted. The Fed—which is a member of the group of central banks that collectively oversee SWIFT—alerted its supervision teams of banks and financial market utilities that use SWIFT to make sure those institutions were “adequately mitigating threats,” the letter noted. Meanwhile, the OCC is drafting specific guidance for its examiners on interbank messaging and wholesale payments system risk management. The guidance will provide examiners with “specific information on key controls and risk management practices that should be assessed as part of supervisory oversight activities,” the letter said. For its part, the FDIC also alerted its examiners about the SWIFT threat and sent guidance to FDIC-supervised institutions on detecting and mitigating the threats.
On Aug. 24, Maloney said in a release she was “encouraged by the initial steps” taken by the regulators. “However, as recent hacks demonstrate, our cybersecurity is only as strong as our weakest link,” she added. “I remain concerned about the potential for future attacks and will be asking for regular updates from our banking regulators on the steps being taken address the risks that these cyberattacks pose to the safety and soundness of U.S. banks and the international payment system,” she said.