This just in. Pretty interesting stuff. In this latest article posted on Bank Info Security, commentary about a new OCC report suggests that OCC warns of infrastructure risks in banking and notes that fraud as a result of cybersecurity risk isn’t necessarily the top priority. Rather, deeper intrusions into banking networks and the payments infrastructure “demand that risk mitigation become a priority.” The reports goes on to say bankers should ensure that risk management of third-party relationships (aka vendor management) is commensurate with the breadth, complexity and criticality of these arrangements. Reference is also made to the 2013-29 OCC bulletin issued last fall.
What made us really sit up and notice was the following. Aviah Littan, ex-head of NSA, put it bluntly, saying that regulators are going to have to get heavy handed in order to ensure community banks understand the risks and act appropriately. These comments come as more than 500 community banks (up to $10 Billion in assets) are slated to be examined under the FFIEC’s new Cybersecurity Risk Assessment program. There’s a whole new wave of regulation being formulated around cybersecurity and network vulnerability and it we expect it will most definitely impact your third party and vendor risk management program with new requirements. Stay tuned into Channel VendorINSIGHT and we’ll keep you abreast of how our system will continue to evolve to meet these new requirements.