GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?

Table of Contents

Lead Story

Blazing tech trails for commerce

Ann Train


Industry Update

Fed, FDIC, OCC toughen up on FI cybersecurity

U.S. Supreme Court to rule on credit card surcharging

ATM industry shifts EMV into high gear

Retailers pin hopes on early holiday shoppers


Fewer Americans unbanked;more using prepaid cards

Patti Murphy
ProScribes Inc.

What Is Money20/20? - Part One

Brandes Elitch
CrossCheck Inc.


Street SmartsSM:
Be bold, be innovative, be different

John Tucker
1st Capital Loans LLC

Payment trends to watch in 2017

Oren Levy
Zooz Inc.

Which merchants fit you best?

Jeff Fortney
Clearent LLC

Pot shop processing remains risky business

Theodore F. Monroe
Attorney at Law

Company Profile

Residual Sheriff LLC.


Nancy Drexler

New Products

End-to-end, omnichannel payment platform

Worldpay Total
Worldpay US Inc.

Ready-to-deploy infrastructure for payfacs

Network Merchants Inc.


Telephone prospecting: How good are you?


Letter From the Editors

Readers Speak

Resource Guide


A Bigger Thing

The Green Sheet Online Edition

November 14, 2016  •  Issue 16:11:01

previous next

Fed, FDIC, OCC toughen up on FI cybersecurity

The Federal Deposit Insurance Corp., Federal Reserve and Office of the Comptroller of the Currency co-authored a new set of guidelines designed to protect critical banking infrastructure. Escalating cyberattacks combined with increasing dependence on connected technologies have raised threat levels across the banking sector, the agencies stated.

Their recommendations, published Oct. 19, 2016, are detailed in Enhanced Cyber Risk Management Standards, an advance notice of proposed rulemaking (ANPR) that addresses cyber risk, internal dependency and external dependency management, as well as incident response, cyber resilience and situational awareness.

The ANPR recommends a tiered approach to implementing the new security guidelines, directing its strictest policies to large financial institutions with total consolidated assets of $50 billion or more.

"A cyber-attack or disruption at one or more of these entities could have a significant impact on the safety and soundness of the entity, other financial entities and the U.S. financial sector," the authors wrote. "The agencies are considering applying the enhanced standards to these entities on an enterprise-wide basis because cyber risks in one part of an organization could expose other parts of the organization to harm."

New threat landscape

Increasing reliance on connected technologies in commercial and private sectors has raised threat levels across depository institutions, particularly the seven largest and most complex financial institutions, according to recent reports.

"As technology dependence in the financial sector continues to grow, so do opportunities for high-impact technology failures and cyber-attacks," the ANPR authors wrote. "Due to the interconnectedness of the U.S. financial system, a cyber incident or failure at one interconnected entity may not only impact the safety and soundness of the entity, but also other financial entities with potentially systemic consequences."

The authors additionally noted the expanded role of third-party service providers in financial services. "Third parties that provide payments processing, core banking, and other financial technology services to these participants in the financial sector also provide services that are vital to the financial sector," they wrote. They also recommended that third-party service providers and nonbank financial companies be held to the same rigorous standards and scrutiny as the financial institutions they serve.

Enhancing existing rules

The three-party cybersecurity initiative is designed to enhance existing regulatory guidance and oversight, of which there is no shortage in the financial services sector. The ANPR cites the following government agencies and guidelines tasked with protecting U.S. banking infrastructure:

Public comments welcome

Enhanced Cyber Risk Management Standards is available for public review and commentary until Jan. 17, 2017. The agencies are considering a variety of approaches, from policy statements to detailed regulations, to beef up existing regulatory and compliance frameworks.

The authors are encouraging the public to respond to the proposal during the open review period. They plan to publish pertinent feedback in a broader, more detailed report, followed by a second round of public review and consideration prior to a final ruling.

For a copy of the ANPR and detailed instructions for submitting commentary, visit

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Impact Paysystems | Electronic Merchant Systems | Board Studios