The Treasury Department says it is aiming to step up its oversight of banks’ cyber resiliency efforts in fiscal year 2018 as part of its supervising priorities.
The department’s Office of the Comptroller of the Currency (OCC) report, which dictates policy objectives for the next fiscal year, calls on supervisors to assess cyber risks for mid-size banks’ operations and determine the resiliency of systems installed by banking sector service providers.
Supervisors for mid-size and community banks are directed to oversee the assessment of information security, data protection and potential cyber risks associated with third-party service providers.
The Treasury Department will also deploy cyber supervisors to examine systems development life cycle, user access rights and system resiliency for midsize and community banks. Bank supervisors must also evaluate mitigation plans for cyber operational risks.
One of the top priorities for Treasury Department supervisors in fiscal year 2018 is assessing the cyber security risk management of the banking sector’s largest service providers, according to the report.
Supervisors must complete the Federal Financial Institutions Examination Council’s Technology Service Provider Cybersecurity Assessment Tool as part of the resiliency examination process.
The OCC also directs supervisors to conduct reviews of service providers’ increased use of cloud computing for critical services, advances in skimming technology, relevant delays in the implementing chip technology and acknowledgement of recent cyber threats to bank systems.
The eight-page supervision operating plan was released on Sept. 29.