Aiming to protect big American banking institutions with $50 billion or more in assets from cyber attacks, three federal banking regulators have proposed a new tough plan outlining new security standards.
“Due to the increasing interconnectedness of the US financial system, a cyber incident or IT failure at one entity may impact the safety and soundness of other financial entities and introduce potentially systemic consequences,” says the draft proposal published recently.
The proposed plan designed by the Federal Deposit Insurance Corp.(FDIC), the Federal Reserve Board and the Office of the Comptroller of the Currency, calls for two-tier security requirements. Standards proposed for institutions managing, maintaining or operating systems that provide key functionality to the financial sector are higher.
The five key areas for large banks include cyber risk governance, cyber risk management, internal dependency management, external dependency management and incident response, cyber resilience and situational awareness.
The plan also makes senior management accountable for implementing cyber risk management frameworks.
The proposed standards “would not apply to community banks,” FDIC chairman Martin J. Gruenberg said. “They … would continue to be subject to current generally applicable guidance and standards.”
The proposed plan comes in the wake of a cyber attack on the Indian banking system and Bangladesh’s central bank.