Resolution following cybersecurity incident presents unique challenges, regulator notes

A resolution of a financial institution failure driven by a cybersecurity “incident” would present unique operational, confidence and other challenges that regulators are not necessarily equipped to handle, the head of the federal insurer of bank deposits indicated Monday.

In a speech to the Cross Border Resolution & Regulation Colloquium of the Institute of International Finance (IFF)-Bank Policy Institute (BPI) in London, Federal Deposit Insurance Corp. (FDIC) Chairman Jelena McWilliams said her agency’s “resolution toolkit” is well-suited to handle financial impairments, “but might not be as useful when dealing with the underlying operational issues that a cyber incident might cause,” she said. “Work in this area is critical and ongoing.”

McWilliams told the group that the FDIC is assessing challenges presented by cybersecurity incidents, including:

  • potential abruptness of a disruption, and resulting compression of ordinary recovery and resolution planning timelines;
  • uncertainties regarding the severity of impact, and prospects and timing for restoration of systems or data after a cyber incident;
  • reliability and accessibility of information ordinarily relied upon to conduct a resolution.

“A resolution driven by a cyber incident likely would be distinct from the historical experience of the FDIC in resolving banks in a number of ways,” McWilliams said, “and would present unique operational, market confidence, and other challenges that we are considering currently.”

FDIC Chairman Jelena McWilliams remarks to the Institute of International Finance (IIF)-Bank Policy Institute (BPI) Cross Border Resolution & Regulation Colloquium, London, England