Stephen Scharf, Managing Director and Chief Security Officer, DTCC
Earlier this year, the CEOs of eight banks – Bank of America, BNY Mellon, Citigroup, Goldman Sachs, JPMorgan Chase, Morgan Stanley, State Street and Wells Fargo – came together to further identify ways to enhance the safety and soundness of the critical infrastructure underpinning much of the U.S. financial system. The collaboration produced the Financial Services Analysis and Resiliency Center (FSARC), a new, not-for-profit organization dedicated to identifying, analyzing, assessing and coordinating activities to mitigate the threats and risks of cyber attacks.
FSARC, which falls under the auspices of The Financial Services Information Sharing and Analysis Center (FS-ISAC), is open to entities that have been classified as critical infrastructure in the Financial Services Sector by both DHS and Treasury. FSARC members will work collaboratively with their industry partners and the U.S. Government to address one of the top challenges confronting the sector. The FSARC is affiliated with FS-ISAC and complements the mission of FS-ISAC, which supports improved intelligence for the entire financial sector.
“We know from experience that sharing cyber threat intelligence is one of the most effective strategies to defend against attack,” said Stephen Scharf, Managing Director and Chief Security Officer, DTCC. “This lesson has been reinforced time and again and is now considered an industry best practice.”
Cyber Attacks a Top Concern
While all industries face the growing threat of cyber attack, the issue is particularly acute for the financial industry due to the interconnected nature of global markets and its ability to impact the broader economy.
According to DTCC’s most recent Systemic Risk Barometer, which measures and tracks risk trends among financial institutions globally, cyber risk is the top overall risk, with 22% of respondents citing it as the single biggest threat to the financial services industry. More than half of respondents (56%) rated it a “Top Five” concern. The data is consistent with other findings, including a report this year by Verizon, which found that the financial industry experienced nearly 1,400 cyber breaches in in 2015 against the – or nearly four incidents per day.
Policymakers Take Action
Banks continue to intensify efforts to protect themselves against cyber attacks. The creation of the FSARC is the latest step in the financial industry's ongoing commitment to maintaining the integrity of the U.S. financial system through tactics that prevent, detect, and mitigate malicious cyber activity. Complementing established relationships that strengthen partnerships across the private and public sector, such as the Financial Services Sector Coordinating Council (FSSCC), the FSARC is a long-term strategic initiative that performs deep analyses of systemic cyber risk across financial products and practices.
The FSARC leverages the expertise of participating banks' information/cyber-security teams with that of its government partners, including the U.S. Department of Treasury, the U.S. Department of Homeland Security and the U.S. Federal Bureau of Investigation. As a result, the collective pipeline of intelligence identified through established organizations like the FS-ISAC will help deepen the analysis being done on identified threats and mitigate systemic risk across critical financial operations.