Some items on our site have recently moved. Visit our News Hub for selected articles, special reports, podcasts and other resources.
Fed's ex-regulatory czar Tarullo warns of "nightmare scenario" from cyberattack
23 May 2019 12:34 pm by Brian Baker
Daniel Tarullo, the former US Federal Reserve governor most responsible for crafting post-financial crisis Washington policies, said a cyberattack on a bank could set off widespread panic by eradicating ownership records held by the institution.
“The nightmare scenario is: someone penetrates the information systems of large institutions and wipes out the records of who owns what,” Tarullo, the Fed’s vice chairman for supervision during the Obama administration, said at a Washington event this week. “It doesn’t matter how much capital the bank has at that point. You’ve got the equivalent of financial pandemonium when no one knows who owns what.”
He said stress tests that try to determine whether banks have enough capital to absorb economic shocks are “really not directed at big cybersecurity risks. We need to have a whole different approach.”
US capital requirements that carry out Basel III standards seek to protect against market risk, credit risk and some forms of operational risk, Tarullo said.
“The big cyber risk is not somebody penetrates a system and steals a couple of hundred million dollars,” he said. “Capital does help protect against that.”
A Fed spokesman had no immediate comment.
Fed Chairman Jerome Powell has said the central bank is incorporating cybersecurity into its inspections of individual banks while trying to be mindful of the burden it might place on small community banks.
“There is always the feeling with cyber that you’re just not doing enough,” he said in February.
Kevin Stiroh, the Federal Reserve Bank of New York’s supervisory chief, last month said a key supervisory focus is the resilience of banks’ core business services in the event of a cyberattack.
“In terms of governance, we expect effective oversight from boards of directors,” he said.
Banks should try to improve their exposure, monitoring of potential threats, and ability to recover from an attack, Stiroh said. They also should ensure the resilience of outside contractors.
Fed’s cyber priority
Fed officials have said combating cyber risks is a top priority. Tarullo’s successor, Randal Quarles, said in a prepared speech last year that the Fed “is committed to strategies" that will bring measurable "enhancements to the cyber resiliency of the financial sector.”
Quarles urged firms to share threat information with an industry group focused on cyber risks.
The Fed’s financial stability report issued this month, which flags possible systemic risks, contained two sentences and a footnote on cyber issues in a 60-page document.
“While this framework provides a systematic way to assess financial stability, some potential risks do not fit neatly into it because they are novel or difficult to quantify,” the report said. “For example, cybersecurity and developments in crypto-assets are the subject of monitoring and policy efforts that may be addressed in future discussions of risks.”
A footnote added: “This report does not currently report a standard set of metrics for determining the cyber resiliency of systems that are deemed to be critical to maintaining U.S. financial stability. Nonetheless, the Federal Reserve is using the available information and working with the relevant domestic agencies to develop resiliency expectations and measures”.
06 May 2021 12:00 am by Jack SchicklerGetting senior Euronext, Cboe and BNY Mellon executives to advise on how to boost EU capital markets.
20 Apr 2021 12:00 am by Neil RolandState and local officials are asking federal regulators to go back to the drawing board on money-market mutual fund.
WTI oil futures nosedive in 2020 likely resulted from flood of US ETF investors, limited storage capacity, BIS study says13 Apr 2021 12:00 am by Neil RolandUnprecedented plunge of West Texas Intermediate crude-oil futures April 2020 stemmed from both small investors’