US promotes new cybersecurity standards for financial industry

Wall Street banks and other financial companies in the United States should follow new cybersecurity standards agreed upon by world leaders, the government said Tuesday.

The Federal Reserve and Treasury Department announced their support of the guidelines, which are targeted at directors of companies and senior officials in relevant agencies.

{mosads}The standards, set forth by the Group of Seven industrial nations, are the latest response by policymakers around the world to the growing threat of cyberattacks on the financial system.

The G7 countries published the nonbinding guidelines in a three-page document. The G7 members are the United States, Britain, Canada, France, Germany, Italy, and Japan.

The standards are laid out in a way that allows a board member of a bank, for example, to pick up the document and make sense of how to apply the guidelines, a Treasury official said.

Coordinating around the globe.

Sarah Bloom Raskin, Treasury deputy secretary, stressed the importance of working together to protect the financial industry, calling the agreement a “singular and historic accomplishment.”

She called on top managements of banks and other financial companies, as well as key officials within government agencies that oversee the industry, to take heed of the standards.

“I encourage private and public sector leaders alike” to use the guidelines, Raskin said.

Stanley Fischer, Federal Reserve vice chairman, emphasized cooperation between countries.

“The international financial architecture is only as strong as its weakest link and that is why the United States should work with our partners around the world,” he said. “These elements are a crucial step in further hardening each link in the chain of our global financial system.”

Defending against cyberattacks.

The cybersecurity guidelines, which are not legally enforceable, are made up of eight elements that financial companies and government agencies are able to tailor to their specific needs.

“The elements serve as the building blocks upon which an entity can design and implement its cybersecurity strategy and operating framework,” the document published Tuesday said.

Establishing a cybersecurity strategy, designating personnel responsibilities, identifying risks, and sharing information with authorities are among the key action items in the standards.

The financial sector has been facing increasingly sophisticated cyberattacks in recent years, including several hacks of SWIFT, the global financial messaging system. The government has also been dealing with cyberattacks, including a major one earlier this year when $81 million was stolen from an account with the Federal Reserve Bank of New York.

Taking steps in the industry.

Before the guidelines Tuesday, the financial industry had already been working with regulators, and banks and other financial companies have stepped up their own cybersecurity efforts.

Doug Johnson of the American Bankers Association said the industry expected the standards, adding that companies will find them useful in preparing for tougher cybersecurity rules.

“None of the elements in the guidelines are surprising,” Johnson, who heads cybersecurity policy for the trade group, told The Hill Extra. “We have been working with the agencies. The guidelines will be helpful, as they set forth the highest level expectations for the industry.”

Tom Price of the Securities Industry and Financial Markets Association, whose members include large banks and brokers, said the trade group welcomed the cybersecurity guidelines.

“SIFMA commends the initiative taken by the G7 to improve global coordination and consistency in the fundamental elements governing cybersecurity in the financial sector,” Price, managing director of operations for the trade group, said in an emailed statement to The Hill Extra.

See more exclusive content policy and regulatory news on our subscription-only service, The Hill Extra.