BankBryanCave.com

Bank Bryan Cave

Cyber Attack

Main Content

Cyber Criminals Don’t Dig Mile Long Tunnels

September 1, 2015

Authors

Jerry Blanchard and David Zetoony

Cyber Criminals Don’t Dig Mile Long Tunnels

September 1, 2015

by: Jerry Blanchard and David Zetoony

Digging a tunnel for a mile so that El Chapo could slip into the shaft through his shower and disappear from a high security Mexican prison is something you might expect a Hollywood screenwriter to come up with. Is it any more remarkable though than a cyber-criminal reaching all of the way around the world to try and slip into a bank’s or a customer of the bank’s computer system in order to initiate a wire transfer?

We live at a time when individuals and criminal gangs can reach across oceans and national boundaries to try and initiate unauthorized transfers of funds. Bankers understand that this is a hot topic and that the risk of cyber-fraud is what is currently keeping  regulators awake at night. While a great deal of attention is now being focused on how to keep cyber criminals out of the bank, recent attacks on various public

Read More

FDIC Examinations and Cyberattack Risk

May 7, 2015

Authors

Jerry Blanchard and David Zetoony

FDIC Examinations and Cyberattack Risk

May 7, 2015

by: Jerry Blanchard and David Zetoony

FDIC bank examinations generally include a focus on the information technology (“IT”) systems of banks with a particular focus on information security. The federal banking agencies issued implementing Interagency Guidelines Establishing Information Security Standards (Interagency Guidelines) in 2001. In 2005, the FDIC developed the Information Technology—Risk Management Program (IT-RMP), based largely on the Interagency Guidelines, as a risk-based approach for conducting IT examinations at FDIC-supervised banks. The FDIC also uses work programs developed by the Federal Financial Institutions Examination Council (FFIEC) to conduct IT examinations of third party service providers (“TSPs”).

The FDIC Office of the Inspector General recently issued a report evaluating the FDIC’s capabilities regarding its approach to evaluating bank risk to cyberattacks. The FDIC’s supervisory approach to cyberattack risks involves conducting IT examinations at FDIC-supervised banks and their TSPs; staffing IT examinations with sufficient, technically qualified staff; sharing information about incidents and cyber risks with regulators and

Read More

When a Bank Should Disclose a Cyber Attack

April 11, 2014

Authors

Lyn Schroeder

When a Bank Should Disclose a Cyber Attack

April 11, 2014

by: Lyn Schroeder

As cyber attacks against financial institutions have become more and more frequent, and the possibility of significant adverse consequences from a single attack have increased, financial institutions have been stepping up cyber security processes for some time. However, many institutions still grapple with the appropriate level of disclosure to shareholders regarding cyber security.

Cyber attacks can come from all directions and in all shapes and sizes—from the stolen employee laptop to a hacked computer system that allows fraudulent transfers from an account. Attacks where the criminals bypass both the computer systems of the bank and its customers and instead access the systems of the bank’s outside service providers can also leave the bank at risk. Which of these attacks or potential attacks merit disclosure?

Read More
The attorneys of Bryan Cave LLP make this site available to you only for the educational purposes of imparting general information and a general understanding of the law. This site does not offer specific legal advice. Your use of this site does not create an attorney-client relationship between you and Bryan Cave LLP or any of its attorneys. Do not use this site as a substitute for specific legal advice from a licensed attorney. Much of the information on this site is based upon preliminary discussions in the absence of definitive advice or policy statements and therefore may change as soon as more definitive advice is available. Please review our full disclaimer.