OCC BULLETIN 2016-18
Subject: Cybersecurity of Interbank Messaging and Wholesale Payment Networks
Date: June 7, 2016
To: Chief Executive Officers of All National Banks, Federal Branches and Agencies, and Federal Savings Associations; Technology Service Providers; Department and Division Heads; All Examining Personnel; and Other Interested Parties
Description: FFIEC Statement
The Federal Financial Institutions Examination Council (FFIEC), on behalf of its members,1 today issued the attached statement, in light of recent cyber attacks, to remind financial institutions of the need to actively manage the risks associated with interbank messaging and wholesale payment networks. Financial institutions should review their risk management practices and controls over information technology (IT) and wholesale payment systems networks, including authentication, authorization, fraud detection, and response management systems and processes. The statement emphasizes that participants in interbank messaging and wholesale payment networks should conduct ongoing assessments of their ability to mitigate risks related to information security, business continuity, and third-party provider management.
In accordance with existing regulatory expectations and FFIEC guidance, national banks and federal savings associations should take appropriate risk mitigation steps, including
Please contact the Operational Risk Division at (202) 649-6550.
Bethany A. Dugan
1 The FFIEC comprises the principals of the following: The Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, Consumer Financial Protection Bureau, and State Liaison Committee.