“Regulatory staff from the Federal Reserve, the FDIC and the Office of the Comptroller of the Currency shared their observations and previewed forthcoming regulatory updates on third-party risk management during a meeting with American Bankers Association member bankers in Washington, D.C., this week,” according to the ABA Banking Journal. “The OCC said that its examiners…
The recent Scottrade Bank breach highlights third-party vendor risk, American Banker wrote. “In the bigger picture, not only is vetting and monitoring third parties an increasingly important priority for banks but so is encrypting all sensitive information at all times. New York State regulators have emphasized this in their new cybersecurity rules.”
The Federal Deposit Insurance Corporation’s Office of Inspector General “found that financial institutions failed to include important cybersecurity provisions in their contracts with the third-party firms,” American Banker reported. “Typically, FI contracts with TSPs did not clearly address TSP responsibilities and lacked specific contract provisions to protect FI interests or preserve FI rights,” said the…
Stung by cyberattacks, financial institutions are cracking down on security practices at thousands of vendors—from those that store critical financial data to food-services companies that post weekly lunch menus on a bank’s internal website. Source: Banks Try to Thwart Hackers, Take Aim at Vendors – WSJ
Hackers broke into the computer networks at some of the country’s most prestigious law firms, and federal investigators are exploring whether they stole confidential information for the purpose of insider trading, according to people familiar with the matter. Source: Hackers Breach Law Firms, Including Cravath and Weil Gotshal – WSJ I recall visiting a friend…
Financial Firms Grapple With Cyber Risk in the Supply Chain – The CIO Report – WSJ. Our clients are seeing significantly increased attention to supply chain issues. And it’s not limited to security. BCP, privacy and other areas are receiving significant attention. How much attention? Enough attention that we’ve built a practice offering around it. We…
Life gets tough for financial services’ vendors- really tough. Tough Vendor Rules May Drive Some Bank IT Work Back In-House – American Banker Article. We see this focus in many other jurisdictions as well.
Lockheed Martin has been attacked using counterfeit electronic keys based on virtual keys obtained in the RSA hack. The Lockheed attack is reported to be unsuccessful in the sense that no data was compromised. The attack was detected almost immediately. The attack has resulted in some employees not being able to work. Reading between the…
I was reviewing the FSA’s Final Notice in the Zürich case while preparing for a conference that I will speak at later this month. FSA Final Notices are well written and to the point. They give you an excellent understanding of what happened and why (at least in the mind of the FSA). The Notices…
Next Practices 