U.S. Regulator Says Small Banks Could Face Cyber Threat
Community banks often rely on outside providers for information technology services and may lack the resources or expertise to guard against cyber threats, Comptroller of the Currency Thomas Curry said.
He said his office has established a senior position to coordinate with other government agencies and the private sector on systemic cyber concerns, and it has teams of supervisors focused on information-technology security at the largest banks.
“We have much work to do as regulators to make sure the banks and thrifts we supervise are doing everything necessary to protect themselves,” Curry said in prepared remarks for a speech in Washington.
“It’s important to remember that cyber security is a safety and soundness issue, and more specifically, an example of operational risk,” he said.
Curry said that regulators also would be assessing whether they have the right powers to guard against hacking attacks and that, if necessary, they could ask Congress for more authority.
A series of so-called “denial of service” attacks in the last year repeatedly took down the websites of major U.S. banks.
JPMorgan Chase, Wells Fargo, Citigroup and Bank of America were targeted, forcing banks to spend millions to fend off hackers.
In July, the Securities Industry and Financial Markets Association, an industry group, organized a simulated cyber attack to test how banks would respond to such threats. The drill, named Quantum Dawn 2, also looped in a number of U.S. regulatory and security officials.
“This is not a problem that can be addressed by one agency alone or by any one institution acting on its own,” Curry said.
The OCC has been working with many banks and their third-party service providers to anticipate and prepare for attacks, Curry said.