Banking regulator warns of tougher cyber checks

Small banks and the networks that serve the financial industry can expect tougher cybersecurity tests, a key regulator told an industry conference on Friday.

“While we won’t go into every provider, we will examine service providers that support a large number of banks and that could, therefore, pose a systemic risk to the financial sector,” said Comptroller of the Currency Thomas Curry, whose office helps oversee banking industry security.


Banks have been under heightened scrutiny after a breach at JPMorgan exposed the names, addresses and emails of 76 million households.

“Not only do financial institutions need to have good controls over their own systems, they need to monitor carefully the ways in which they connect to vendors, how these contractors manage their systems, and how these vendors connect to still other third parties,” Curry added.

Regulators have been threatening to boost cybersecurity regulations as the financial sector moves to establish their own cyber threat info sharing programs. The government has encouraged the industry to adopt cyber information sharing programs.

“I want to caution everyone that even if we do supervise a service provider, that does not alleviate a bank or thrift of its responsibility to understand and manage risks involved in their third-party relationships,” Curry said.

Curry has been pounding the pavement with a similar message for over a year. He’s raised the issue in at least three speeches before industry conferences over the last year.

“Our expectations as supervisors are high in the area of cybersecurity,” he said.