Magazine article American Banker

Banks Fail to Enforce Cybersecurity Standards on Third-Party Providers: FDIC Watchdog

Magazine article American Banker

Banks Fail to Enforce Cybersecurity Standards on Third-Party Providers: FDIC Watchdog

Article excerpt

Byline: Lalita Clozel

WASHINGTON -- Banks are woefully unprepared to face potential cybersecurity threats stemming from third-party technology providers, according to a report issued Wednesday by the Federal Deposit Insurance Corp.'s independent watchdog.

The FDIC's Office of Inspector General found that financial institutions failed to include important cybersecurity provisions in their contracts with the third-party firms.

"Typically," financial institution contracts with technology service providers "did not clearly address TSP responsibilities and lacked specific contract provisions to protect FI interests or preserve FI rights," the report said.

"As a result," the report said, the contracts "provided FIs with limited information and assurance that" the providers would either recover and resume operations in the event of a disruption; or contain, control and report incidents appropriately.

The watchdog's findings were based on a review of 48 contracts between financial institutions and their providers. They involved a total 19 financial institutions chosen through a nonstatistical sampling process, including 15 with assets of $250 million or more. However, the watchdog said, it did not contact financial institutions or the technology providers.

The watchdog found that only eight of the 19 institutions reviewed had completed both a risk assessment and a review of their contract to determine what risks their association with the technology provider might involve.

Nearly half of the contracts, meanwhile, did not require the technology service provider to have a "business continuity plan," or be prepared to quickly resume critical operations if an incident halts them. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.