Comptroller of the Currency Thomas Curry says banking institutions need to be better prepared to address the cyber-risks associated with rolling out new payments systems.
See Also: Breaking Down Ease-of-Use Barriers to Log Data Analysis for Security
He also calls for closer regulatory scrutiny of non-bank financial services and payments providers. At the June 3 Emerging Payments Forum, hosted by BITS, the technology policy division of the Financial Services Roundtable, he hinted that retailers should be more closely monitored as well.
“The same technologies many of you in this room have employed to provide new and efficient delivery channels for your customers are also being used aggressively by hackers and criminal elements, which brings me to the all-important question of cybersecurity,” Curry told banking executives at the forum. “Cybercriminals will also probe emerging payments systems for vulnerabilities that they can exploit to engage in money laundering, which has broad national security implications.”
Banking institutions must be well-informed about the risks tied to emerging retail and wholesale payments methods, such as mobile payments and digital currencies.
And he called for more regulatory oversight of non-bank payments players, such as ApplePay and Google Wallet, with which banking institutions have already built payments relationships.
“Regulation adds significant value in the areas that we’re discussing today,” he said. “Efforts are well under way to bring e-commerce and emerging payments systems deployed by non-bank players under greater regulatory scrutiny.”
Curry also said banks and credit unions must take steps to ensure cybersecurity throughout the payments chain, including at merchants. Banks represent “the industry’s collective interest in protecting the security of the payments system,” he added.
Role of Dodd-Frank
Using authority granted by the Dodd-Frank Wall Street Reform and Consumer Protection Act, banking regulators can do more to oversee e-commerce and emerging payments players to “ensure a more level playing field and protections for customers of non-banks,” Curry said.
“In addition to ensuring that banks adhere to various regulatory standards and policy guidance, regulators provide an additional set of highly trained eyes to the process of determining what risks banks face and how well they manage those risks,” he added. By bringing more regulatory oversight to other financial players, regulators can help to better ensure risks they face are being adequately addressed, he explained.
The Office of the Comptroller of the Currency in 2013 established the Payments Systems Risk Policy group, which is led by Kathy Oldenborg and is part of the OCC’s Operational Risk Division. The group provides examination support, training, and guidance to OCC examiners and acts as an educational resource for banking institutions that need to learn more about traditional payment structures and their cybersecurity risks across the retail and wholesale payments landscape, Curry noted.
“We also established a Critical Infrastructure Policy group, which develops and coordinates the OCC’s cybersecurity policy initiatives,” he said. The creation of that group has been an important component of Curry’s role with the OCC and as acting chairman of the Federal Financial Institutions Examination Council, of which the OCC is one of five regulatory agencies. He said the group was created to “address the risks that cyberthreats pose to individual banks and the banking system.”
“We created an interagency Cybersecurity and Critical Infrastructure Working Group under the FFIEC umbrella to increase cybersecurity awareness, promote best practices in the industry, and to strengthen regulatory oversight of cybersecurity readiness,” Curry added.
View the original content and more from this author here: http://ift.tt/1FuQbvd
from cyber security caucus http://ift.tt/1JovsAo
via IFTTT
No comments:
Post a Comment