In light of the increasingly heightened cybersecurity risk environment facing the financial services industry and other critical business sectors, on January 16, 2020, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation issued a Joint Statement on Heightened Cybersecurity Risk (the Joint Statement) to remind supervised financial institutions to implement effective response, resilience, authentication, and system configuration controls that mitigate the risk of successful cyberattacks.

The Joint Statement follows the Department of Homeland Security announcement of heightened risk of cyberattacks hostile to U.S. interests due to increased geopolitical tension and the release of a report by staff of the Federal Reserve Bank of New York warning that a major cybersecurity attack could paralyze the entire U.S. financial system.

The Joint Statement emphasizes that financial institutions of all sizes should be prepared for a worst-case scenario and should have effective business continuity processes for rapid recovery, resumption, and maintenance of operations. According to the Joint Statement, institutions should implement and maintain effective cybersecurity controls protecting financial institutions from malicious activity, especially during this period of heightened risk.

The Joint Statement highlights cybersecurity risk principles previously articulated by the federal banking, consumer and credit union supervisors—including business resilience, authentication, system configuration, security tools, data protection, and employee training—and points out that applying existing cybersecurity risk management principles and risk mitigation techniques reduces the disruption and destruction caused by successful cyberattacks.