U.S. regulators on Wednesday said they were stepping up efforts to examine financial institutions’ defenses to ward off cyber attacks, as a top FBI official warned of new “increasingly complex” threats to the financial sector.
The top U.S. derivatives regulator said before a Senate panel that his agency, the Commodity Futures Trading Commission, will focus on cybersecurity as it conducts compliance exams for exchanges and clearinghouses to make sure they are protecting themselves from cyber attacks.
Meanwhile, the New York Department of Financial Services issued new guidelines to banks it regulates detailing how their cyber security efforts will be examined.
The increased scrutiny comes several months after the largest U.S. bank, JPMorgan Chase & Co, disclosed a major hack that exposed personal information of 83 million households, and other financial institutions may also have been affected.
“Today’s cyber actors, from nation states to criminal groups and individuals, find themselves virtually unrestrained by time, distance, and physical location,” FBI assistant director Joseph Demarest said at a hearing before the Senate Banking Committee on cybersecurity.
Demarest said the FBI had provided 36 classified threat briefings about certain attacks to financial institutions and government agencies between March 2013 and July 2014, and classified threat briefings in March, April and July 2014 to 145 financial institutions.
CFTC chairman Timothy Massad said before the Senate Agriculture Committee his agency would also focus on the issue. “”The risk is apparent.”
Massad warned, however, that his agency is strapped for cash and cannot do the comprehensive review he would prefer.
“Some of our major financial institutions are reportedly spending more on cybersecurity each year than our agency’s entire budget,” he said.
The Office of the Comptroller of the Currency has included cybersecurity in its bank exams, and the Securities and Exchange Commission released a blueprint earlier this year outlining plans to undertake similar exams.
The New York regulator said his department was interested in the amount of resources devoted to information security, risks posed by shared infrastructure, management of third-party service providers and other factors.
Senator Elizabeth Warren, a Democrat from Massachusetts, also urged regulators at the banking hearing to focus on the risks to financial institutions posed by third parties.
“When we talk about cyber attacks on our financial institutions, we should remember its not just the institutions themselves who are at risk, there is a whole chain of organizations,” she said.