Cybersecurity Threats - What is the Regulatory Impact?

As cybersecurity threats continue to increase, your bank’s regulatory risk grows as well. By moving IT from the back room to the boardroom, regulators are recognizing the impact that technology has on the overall safety and soundness of a financial institution. If a cyber breach or event occurs, it will prompt additional regulatory attention. Furthermore, regulators continue to consider ways to factor a bank’s IT rating into the CAMELS management rating given the detrimental impact cyber events have on an organization.

Cybersecurity breaches and technology risk management weaknesses can result in more frequent regulatory supervision, and your bank may be placed under an enforcement action as well. Increased regulatory visits and examinations require significant internal resources and take management’s focus from its primary objective of meeting the needs of customers and enhancing shareholder value due to attention required to manage regulatory risks. If an enforcement action is placed on your organization, it will likely impact your ability to execute strategic decisions such as mergers, acquisitions or other key initiatives.

In addition, a more comprehensive approach is being taken by regulators when assessing a bank’s IT program. Regulators are not reviewing the bank’s IT rating in isolation. The IT rating is receiving more consideration in assessing how effectively management and the board are protecting the organization from overall risk.

A well-developed strategic plan for managing technology risk that is successfully executed throughout the organization will not only keep your bank and customers safe, but it will also ensure you are maintaining strong regulatory relationships that will support your ability to execute your strategic initiatives.

For more information, contact BankOnIT at 800-498-8877, option 2, or at

About the author: Sara Nielsen is senior vice president at BankOnIT. Sara has served on the management team for a multibillion dollar asset sized bank, and prior to joining BankOnIT, she worked over 13 years for the Federal Reserve Bank of Kansas City as a manager in the financial institution Examinations and Inspections Department with responsibility for overseeing the Reserve Bank’s Information Technology Examination Program.

Sara is an information technology regulatory expert who has spoken at numerous conferences and events. Her regulatory experience allows her to provide industry education on technology changes, cyber threats and their impact on banks and banking regulation.