Fed official: banks must recover from cyber attack in two hours
“If you’re waiting for us to give you regulation, you’re behind the curve,” says Fed’s Ferlazzo
Financial institutions should be capable of a two-hour return to operations (RTO) following a cyber attack, a senior banking supervisor said on Tuesday (June 20).
The two-hour RTO was contained in an advanced notice of proposed rulemaking issued in November 2016 by the Fed and two other US prudential regulators – the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation.
Regulators are still considering whether to impose the two-hour RTO despite criticisms
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
More on Operational risk
Power play: how geopolitics is shaping op risk at G-Sibs
Op Risk Benchmarking: Geopolitics is a top five fear for G-Sibs, but most banks lack specialist risk staff and classical tools
Automating regulatory compliance and reporting
Flaws in the regulation of the banking sector have been addressed initially by Basel III, implemented last year. Financial institutions can comply with capital and liquidity requirements in a natively integrated yet modular environment by utilising…
No tick-the-box approach to compliance risks
Op Risk Benchmarking: G-Sibs share fear of regulatory run-ins, but lack common stance on modelling, KRIs and more
Bread-and-butter op risks at the top table
Op Risk Benchmarking: As G-Sibs are forced to do more, how can they avoid doing more wrong?
Op Risk Benchmarking: Inside the G-Sibs
New initiative scrutinises op risk measurement and management practices at the world’s largest banks
Sizing cyber: banks split on who owns and measures hack threats
Op Risk Benchmarking: G-Sibs split on risk modelling and management for IT disruption and infosec
Banks frequently breach appetite for top op risks
Op Risk Benchmarking: Five G-Sibs breached appetite in past year across four risk types, new research reveals
Investment banks: the future of risk control
This Risk.net survey report explores the current state of risk controls in investment banks, the challenges of effective engagement across the three lines of defence, and the opportunity to develop a more dynamic approach to first-line risk control
