A top U.S. banking regulator is cautioning firms to ensure they have robust policies to protect themselves from cyberattacks, saying it is seeing an uptick in ransomware attacks, it said in a report issued Monday.
The Office of the Comptroller of the Currency said banks must have in place “robust” systems to identify threats and vulnerabilities in their technology, and should back up key systems and records in isolation to guard against hackers looking to disrupt systems for a payout.
In its semiannual risk report, the OCC also cautioned banks to be vigilant about third-party relationships, noting bad actors are increasingly exploiting outside vulnerabilities to conduct “malicious cyber activities.”
The OCC also said credit risk remains moderate for banks, as loan portfolios have weathered the pandemic due to good risk management by banks and government relief programs. However, the OCC noted that banks face some challenges helping clients navigate the conclusion of some of those programs, like the Paycheck Protection Program, leaving banks with heightened compliance responsibilities.
On climate, the OCC said it was continuing to work to build a new climate risk framework for nationals banks it supervises, which it plans to first roll out with the nation’s largest, most complex firms.