U.S. banks are facing a growing threat from cyber attackers and making defense against them more complex by relying on third-party firms for support, according to a report released Thursday by Joseph Otting, the Trump administration appointee who took over a key banking regulator in November.
More sophisticated hackers are finding “back doors into client businesses’” through firms they do business with, the Office of the Comptroller of the Currency said in its Semiannual Risk Perspective. Attackers are stealing customer information and intellectual property, and are misappropriating funds, the national bank regulator said in the report.
“Cyber risk is the one that I think keeps executives and regulators up at night,” said Otting, who was chief executive officer of OneWest Bank when Treasury Secretary Steven Mnuchin was its chairman. The threat “requires constant vigilance,” and the OCC has been reviewing banks’ ability to respond to emergencies, he told reporters on a conference call.
Other developments noted since the last report included an ongoing slide in loan underwriting standards in the face of aggressive competition and increasing concentrations of commercial real estate. Some banks need stronger management of that concentration, the OCC said. And in the wake of Wells Fargo & Co.’s scandals over handling of customer accounts, the agency also noted that “weaknesses in the governance of product sales, delivery, and service result in elevated levels of operational risk for some banks.”