Cyber security
WHAT IS THIS? The aim of cyber security is to protect computer systems from disruption or misdirection of the services they provide. Regulators have stated banks and other financial institutions should be able to return to normal operation no more than two hours after suffering a cyber attack.
Op risk data: WhatsApp fines keep on coming
Also: ‘Five families’ stock-lending cartel pays up; double hit for Wells Fargo. Data by ORX News

Vendors under new scrutiny in CFTC due diligence push
Planned cyber resilience regime will force dealers to subject “critical” tech vendors to stricter audit

Banks call for direct oversight of cloud providers by US regulators
Tri-opoly of cloud vendors “poses systemic risk” to financial sector, say risk managers

Approaching menace: how financial firms are tackling emerging risks
Exploring the changing shape of emerging risks and how integrated risk management is helping companies to meet the challenges head-on
Sizing cyber: banks split on who owns and measures hack threats
Op Risk Benchmarking: G-Sibs split on risk modelling and management for IT disruption and infosec
Op Risk Benchmarking: Inside the G-Sibs
New initiative scrutinises op risk measurement and management practices at the world’s largest banks
Citi cyber chief says AI providing new weapons in hacking wars
Barron-DiCamillo also urges regulators to work with industry best practice, not against it
Futures industry must hone comms after Ion hack
Operational resilience hinges on maintaining communication channels in a cyber outage
Dora ‘critical tech vendor’ designation could cast a wide net
Experts think cloud services, data providers and software firms are all in regulators’ sights
FMIs pose greatest challenge for operational resilience tests
Risk Live: Calls for large-scale industry exercises to plan what happens if major CCPs go down
Compliance can help fintechs grow from adolescence to adulthood
It may slow US banking down, but customer safety is the difference between success and failure
Fed preps new white paper on cyber incident reporting
New proposals due on data capture after Fed dumps bid to use DFAST submissions
After a hack, loose lips won’t sink chips
Ion Group is the latest ransomware victim to stay mum about how it was compromised. No-one benefits from this code of silence
SEC cyber rules risk creating web of confusion and costs
Proposals would require breach notifications, public disclosures and annual cyber assessments
Ion wasn’t deemed a ‘critical’ vendor by most clients
Software firm escaped heavy scrutiny ahead of cyber attack, says US Treasury official
Hacked off: banks demand answers after Ion cyber attack
Clients left in the dark about ransomware attack that disrupted futures trading last month
CFTC chair gloomy over crypto legislation prospects
FIA Boca 2023: Behnam also asks Congress to grant more powers to regulate third-party tech providers
Ice exec rejects cloud for critical infrastructure
FIA Boca 2023: SVP Bland “can’t imagine” outsourcing critical infrastructure; DRW’s Wilson warns of concentration risk
Top 10 operational risks: Focus on third-party risk
Ion hack deals industry painful reminder on drawbacks of outsourcing
Top 10 operational risks: Focus on cyber risk
All firms fear data breach; smaller banks also concerned over IT disruption
One-fifth of CME clearing members hit by Ion hack
Advisory committee heard CFTC believed it could “play a more direct role” in cyber security practices
Top 10 operational risks for 2023
The biggest op risks for the year ahead, as chosen by senior industry practitioners
Top 10 op risks 2023: regulatory risk jumps sharply
Cyber and third-party risks also rise, along with concerns around data management and execution errors
Regulated UK crypto firms fear authorisation Groundhog Day
Industry wants grandfathering in new Treasury framework to avoid business continuity risk