(Adds details from second hearing on cybersecurity, background)
By Sarah N. Lynch and Aruna Viswanatha
WASHINGTON Dec 10 U.S. regulators on Wednesday
said they were stepping up efforts to examine financial
institutions' defenses to ward off cyber attacks, as a top FBI
official warned of new "increasingly complex" threats to the
financial sector.
The top U.S. derivatives regulator said before a Senate
panel that his agency, the Commodity Futures Trading Commission,
will focus on cybersecurity as it conducts compliance exams for
exchanges and clearinghouses to make sure they are protecting
themselves from cyber attacks.
Meanwhile, the New York Department of Financial Services
issued new guidelines to banks it regulates detailing how their
cyber security efforts will be examined.
The increased scrutiny comes several months after the
largest U.S. bank, JPMorgan Chase & Co, disclosed a
major hack that exposed personal information of 83 million
households, and other financial institutions may also have been
affected.
"Today's cyber actors, from nation states to criminal groups
and individuals, find themselves virtually unrestrained by time,
distance, and physical location," FBI assistant director Joseph
Demarest said at a hearing before the Senate Banking Committee
on cybersecurity.
Demarest said the FBI had provided 36 classified threat
briefings about certain attacks to financial institutions and
government agencies between March 2013 and July 2014, and
classified threat briefings in March, April and July 2014 to 145
financial institutions.
CFTC chairman Timothy Massad said before the Senate
Agriculture Committee his agency would also focus on the issue.
""The risk is apparent."
Massad warned, however, that his agency is strapped for cash
and cannot do the comprehensive review he would prefer.
"Some of our major financial institutions are reportedly
spending more on cybersecurity each year than our agency's
entire budget," he said.
The Office of the Comptroller of the Currency has included
cybersecurity in its bank exams, and the Securities and Exchange
Commission released a blueprint earlier this year outlining
plans to undertake similar exams.
The New York regulator said his department was interested in
the amount of resources devoted to information security, risks
posed by shared infrastructure, management of third-party
service providers and other factors.
Senator Elizabeth Warren, a Democrat from Massachusetts,
also urged regulators at the banking hearing to focus on the
risks to financial institutions posed by third parties.
"When we talk about cyber attacks on our financial
institutions, we should remember its not just the institutions
themselves who are at risk, there is a whole chain of
organizations," she said.
(Reporting by Sarah N. Lynch and Aruna Viswanatha; Editing by
Meredith Mazzilli)