Enhancing oversight of banks’ cybersecurity risk, adapting to financial technology (fintech) innovation, and strengthening information security management at the agency are the top three challenges facing the federal insurer of bank deposits, the agency’s inspector general said in a report issued Friday.
The report issued by Federal Deposit Insurance Corp. (FDIC) Inspector General Jay N. Lerner said the challenges were identified by the agency’s Office of Inspector General (OIG) based on (among other things) the OIG’s “experience and observations from our oversight work, reports by other oversight bodies, review of academic and other relevant literature.”
“We considered this body of information in light of the current operating environment and circumstances, as well as our independent judgment,” Lerner wrote.
Rounding out the top challenges are six more, according to the report:
- preparing for crises;
- maturing enterprise risk management;
- sharing threat information with banks and examiners;
- managing human capital;
- administering the acquisitions process;
- improving measurement of regulatory costs and benefits.
“We note that these Challenges will require constant attention and vigilance by the FDIC for the foreseeable future,” Lerner wrote.
Regarding the first of the top three challenges, the report notes that cybersecurity is a “critical risk” facing the financial sector. “Despite increased spending on cybersecurity, banks are encountering difficulties in getting ahead of the increased frequency and sophistication of cyberattacks. The FDIC’s information technology (IT) examinations should ensure strong management practices within financial institutions and at their service providers,” the report states.
On fintech innovation, the report states that the FDIC must keep pace with the adoption of new technology to assess its impact on the banking system’s safety and soundness and stability. “The pace of change and breadth of innovation requires that the FDIC create agile and nimble regulatory processes, so that it can respond to, and adjust policies, examination processes, supervisory strategies, preparedness and readiness, and resolution approaches, as needed,” the report states.
On information security management, the report notes that the agency “maintains thousands of terabytes of sensitive data within its information technology (IT) systems and has more than 180 IT systems that collect, store, or process” personally identifiable information (PII) of agency employees, bank officials, and bank customers. The agency’s systems also hold, the report notes, “sensitive supervisory data” about banks’ financial health, resolution strategies, and resolution activities. “The FDIC must continue to strengthen its implementation of governance and security controls around its IT systems to ensure that information is safeguarded properly,” the report states.