Information security
On cyber risk, regionals have no appetite for disruption
Smaller lenders fear outages and other IT bungles, as do regulators. So, what are they doing about it?
Maximum insecurity: banks tool up to meet cyber threat
Lenders confront “existential” threat of data leaks with bigger teams and better controls
FDIC security woes make banks sweat over supervisory data
Fears over confidential reporting after inspection urges regulator to address cyber “weaknesses”
US compliance teams face more intrusive Fed supervision
Regional banks look at enhanced data management to handle growing numbers of MRA notices
New threats, old foibles prompt banks to switch GRC vendors
Op Risk Benchmarking: more than half of participants are reviewing or switching systems
Op risk data: WhatsApp fines keep on coming
Also: ‘Five families’ stock-lending cartel pays up; double hit for Wells Fargo. Data by ORX News
Vendors under new scrutiny in CFTC due diligence push
Planned cyber resilience regime will force dealers to subject “critical” tech vendors to stricter audit
Banks call for direct oversight of cloud providers by US regulators
Tri-opoly of cloud vendors “poses systemic risk” to financial sector, say risk managers
Approaching menace: how financial firms are tackling emerging risks
Exploring the changing shape of emerging risks and how integrated risk management is helping companies to meet the challenges head-on
Sizing cyber: banks split on who owns and measures hack threats
G-Sibs split on risk modelling and management for IT disruption and infosec
Op Risk Benchmarking: Inside the G-Sibs
New initiative scrutinises op risk measurement and management practices at the world’s largest banks
Banks frequently breach appetite for top op risks
Op Risk Benchmarking: Five G-Sibs breached appetite in past year across four risk types, new research reveals
Citi cyber chief says AI providing new weapons in hacking wars
Barron-DiCamillo also urges regulators to work with industry best practice, not against it
Banks’ internal watchdogs bark back at ChatGPT
Generative AI has plenty of uses in finance, but banks must first overcome compliance headaches
Futures industry must hone comms after Ion hack
Operational resilience hinges on maintaining communication channels in a cyber outage
Dora ‘critical tech vendor’ designation could cast a wide net
Experts think cloud services, data providers and software firms are all in regulators’ sights
FMIs pose greatest challenge for operational resilience tests
Risk Live: Calls for large-scale industry exercises to plan what happens if major CCPs go down
Compliance can help fintechs grow from adolescence to adulthood
It may slow US banking down, but customer safety is the difference between success and failure
Fed preps new white paper on cyber incident reporting
New proposals due on data capture after Fed dumps bid to use DFAST submissions
Hurdles to cross-border data sharing impede AML fight
Expansion of national initiatives hampered by data-privacy and information-security fears
After a hack, loose lips won’t sink chips
Ion Group is the latest ransomware victim to stay mum about how it was compromised. No-one benefits from this code of silence
SEC cyber rules risk creating web of confusion and costs
Proposals would require breach notifications, public disclosures and annual cyber assessments
Ion wasn’t deemed a ‘critical’ vendor by most clients
Software firm escaped heavy scrutiny ahead of cyber attack, says US Treasury official
Hacked off: banks demand answers after Ion cyber attack
Clients left in the dark about ransomware attack that disrupted futures trading last month