April 16, 2014

OCC's Curry points to third-party cyber risks

April 17, 2014 – Federal banking regulator Thomas Curry underscored the growing cyber threats for small institutions and related concerns at his agency over banks' reliance on third-party relationships during a speech Wednesday before an electronics industry conference.

"The fact is, we live in a world where consumers use their cellphone to deposit checks, pay bills over the Internet, and make purchases at the mall by swiping a credit card, and they're very sensitive to any suggestion that those systems might not be secure," said Curry, head of the Office of the Comptroller of the Currency.

Curry said consumers "probably don't give much thought" to what happens on the operations side with payment and settlement systems and processing software. "Yet the impact of a cyberattack on those systems could be even more disruptive than a data leak at a large retail store," he said.

He also noted OCC's ongoing concerns about banks' reliance on third-party relationships and increased hacking threats to small institutions as the larger ones strengthen their defenses.

Credit unions are subject to robust regulatory compliance requirements in the area of cyber threats as well as third-party vendor relationships. The agency point to these and more in its Letter to Credit Unions 14-CU-02, which provides an overview of the agency's supervisory focus for 2014.