Boston Fed Takes On Cyber Risks, FinTech Competition

Federal Reserve Bank of Boston President Eric Rosengren delivered a speech yesterday (April 4) at the bank’s 2016 Cybersecurity Conference highlighting the economic and cyber risks financial institutions are facing today.

In his remarks, Rosengren noted that while many of the economic concerns from earlier in the year seem to be receding, the threats from the cyber environment are continuing to grow. To help combat these risks, he emphasized that banking organizations must continue to keep pace with the evolution of these risks and evolve as “new innovations and expectations of convenience introduce new challenges to security.”

In the past, the threat of fraud or criminal activity in banks was primarily a localized problem, but with the onset of online and mobile banking services, banking organizations must now be prepared from a global population of potential attackers, he told the crowd.

“Cybercriminals are looking for the targets of opportunity without regard to geographic location, and the existence of a global population of potential attackers looking for softer targets means increased risks,” Rosengren stated. “Without appropriate controls and defenses, the banking system could be at greater risk of a large loss – but fortunately, institutions of all sizes have been expending significant resources very strategically in this area, and bank supervisory examiners have been verifying that controls are in place.”

But when it comes to the many FinTechs entering the market, Rosengren expressed his concerns that these entities, which are not burdened by regulatory oversight or brick-and-mortar operations, do not fully understand the implications and risks of economic downturns for their lending model.

“Customers are looking for convenience; so, not surprisingly, new applications and devices continue to evolve in new and unexpected ways. However, this rapid evolution generates risks,” Rosengren said.

He pointed out that the proliferation of apps and services that focus primarily on providing convenience to the customer tend to lack a strong focus on the security needed as well. In many cases, the consumer can actually be an entry point cybercriminals seek to exploit rather than the financial institution itself.

“I mention FinTech because clearly banks must continue to evolve with and invest in these financial services innovations, and therefore should be attuned to the cyber risks that come with online and mobile delivery,” he added.