Safety and Soundness: Cybersecurity and Payments Risk

November 29, 2017

Cybersecurity remains a key risk in the financial industry, and bankers continue to rate this as a top risk facing their firms.  As cybersecurity threats are increasing, wire fraud is also increasing across the Tenth District.  We want to take this opportunity to remind financial institutions of sound risk management practices and supervisory expectations regarding electronic funds transfers.
Strong policies and procedures for wires and electronic payments are essential to preventing unauthorized funds transfers. It is crucial that bank personnel are trained to consistently follow policies and procedures.  Bank management should also ensure internal and external audits are conducted to review policies and procedures and to confirm that bank employees are routinely following these guidelines.  Given that many wire frauds are conducted through social engineering, banks should provide social engineering training for all employees.  This includes conducting social engineering testing of staff to ensure employees understand expectations.  

Given the increase in wire fraud and the need to contact law enforcement agencies when fraud is suspected, bank management should identify the bank's local FBI and Secret Service agent contacts by visiting the corresponding websites (see below).

These contact names should be included in disaster recovery and incident response plans and should be regularly updated.  Furthermore, in the event of an international wire fraud, bank management should be aware of Wire Fraud Kill Chain Procedures  that may help a bank recover funds.

Additional resources include:

Cybersecurity of Interbank Messaging and Wholesale Payment Networks

The Cybersecurity Assessment Tool

The Cybersecurity Assessment Tool FAQ

If you have any questions or would like additional information, please contact your designated Reserve Bank Central Point of Contact at (800) 333-1010.