Cyberattacks against U.S. banks will continue to increase in 2016, making cybersecurity oversight and enforcement of anti-money-laundering laws focal points for regulators, says Walter Mix, a former commissioner of the California Department of Financial Institutions.
Mix, who now leads the financial services practice at the consultancy Berkeley Research Group, argues that significant cyberattacks waged against the U.S. payments infrastructure and financial services sector that have come to light the in the past 18 months highlight the need for more cybersecurity regulatory oversight.
The attacks against JPMorgan Chase and other top-tier U.S. financial firms, which were ongoing from 2012 until 2015, have exposed security weaknesses that must be addressed, Mix says during this interview with Information Security Media Group.
"These breaches that occurred were, of course, historic in nature and really were a wake-up call to bankers, regulators and prosecutors alike," he says. "It shows just how easily institutions can be accessed. And ... the bad actors operate on a global basis, and many times gain entry into an institution and operate much like a sleeper cell in the terrorist world, where they can go live at any time and steal the information and sell it on a global basis."
As a result, bankers need to "up their game" when it comes to cybersecurity, Mix says.
"No. 1 is going to be properly implementing the FFIEC [Federal Financial Institutions Examination Council] tool and guidance," Mix says. In June, the FFIEC released its Cybersecurity Assessment Tool, which is designed to help banking institutions of all sizes assess and identify risks and weaknesses in their cybersecurity preparedness programs (see FFIEC Issues Cyber Assessment Tool).
Mix says cybersecurity and compliance with the Bank Secrecy Act are closely connected, "and will be a very, very high priority of the government and the regulatory agencies" next year. "It behooves every board and every management team to get up to speed quickly on these issues and properly design and implement programs relating to cyber and anti-money laundering," he adds.
Predictive Analytics
The former banking regulator also suggests that financial institutions invest in predictive technologies that can detect threats. Plus, banks need to devise ways to ensure they are adequately sharing threat intelligence domestically and internationally, he says.
During this interview (see audio link below photo), Mix also discusses:
Why banks and credit unions that don't enhance their cyber defenses could be subject to litigation; How emerging payments instruments, such as Bitcoin, are spurring the need for more regulatory oversight to ensure AML and BSA compliance; and Why new federal cybersecurity legislation will be a priority in 2016 in the wake of highly publicized bank breaches.Mix heads the financial services practice at Berkeley Research Group, where he advises domestic and international bank clients about corporate governance, risk management, strategic planning and financial advisory assignments. He formerly served as managing director of LECG LLC and The Secura Group, commissioner of the California Department of Financial Institutions and as an executive at Union Bank of California.