Fraud incidents have increased by over 130 percent in the past year, resulting in significant monetary and reputational losses for financial institutions. Many of these incidents — including high-profile crimes such as the Society for Worldwide Interbank Financial Telecommunication (“SWIFT”) attacks from last year — involved the exploitation of governance deficiencies and ineffective operating models.1
Maintaining proper governance for risk management has been a major point of focus for industry groups and regulators, including the Office of the Comptroller of the Currency, the Basel Committee on Banking Supervision, the Committee of Sponsoring Organizations of the Treadway Commission, and the … Read more
President Trump made many statements during the campaign regarding actions he plans to take to reverse Obama administration sanctions policies. These included revisiting the agreement to ease sanctions on Iran, rolling back the sanctions program against Russia, and reversing the Obama administration’s policy of easing sanctions on Cuba. However, we believe that reversing course on these policies is much easier said than done.
For example, several of the Obama administration’s sanctions policies – including those involving Iran and Russia – were part of multilateral actions rather than unilateral sanctions programs, so breaking from such agreements will be difficult. Iran … Read more
On September 13, 2016, the New York State Department of Financial Services (DFS) proposed a broad set of cybersecurity regulations for banks, insurers, and other financial institutions. The proposal is largely consistent with existing guidance (e.g., under the NIST Cybersecurity Framework or the FFIEC IT Handbook), but it goes further in some ways.
The proposed rule is the result of DFS’ focus on cybersecurity over the past several years, in which DFS conducted three industry surveys, held cybersecurity discussions with various financial institutions, and issued a letter to US regulators asking for feedback on potential cyber-specific requirements.… Read more
Attackers last February reportedly stole $81 million from the Bangladesh Central Bank by obtaining and exploiting the bank’s credentials for the Society for Worldwide Interbank Financial Telecommunication (SWIFT) network. The attack – one of the biggest bank robberies in history – exploited weaknesses in cyber, fraud, and possibly insider threat controls, illustrating the need for banks to combine financial crime risk areas that were previously either siloed, or at best tenuously connected.
Specifically, the attackers exploited cyber weaknesses by designing custom malware tailored to bypass controls and network logging systems used by the Bangladesh Central Bank. The attackers also … Read more
The Consumer Financial Protection Bureau (CFPB) released recommendations in March for how banks and credit unions can better protect elderly customers from financial exploitation. The CFPB issued its recommendations as the elderly population continues to rapidly grow, positioning banks and credit unions for a significant increase in elder financial exploitation (EFE) attacks.
Other regulatory bodies have taken notice of this growing threat as well and are putting forth regulations and guidance of their own. For example, the Financial Industry Regulatory Authority (FINRA) last year proposed a regulation requiring broker-dealers to take action in response to suspected EFE.
EFE is … Read more