ABA on Cyber, Third-Party RisksInstitutions Seek Guidance in the Event of Vendor Breaches
Emerging cybersecurity risks across all lines of business are now banking institutions' No. 1 concern, says Heather Wyson-Constantine, senior director of payments and cybersecurity policy at the American Bankers Association. In particular, banks are concerned about their contractual protections in the wake of a third-party or vendor breach, she says.
And ensuring that vendors are performing adequate risk assessments of their own subcontracts is an ongoing worry, Wyson-Constantine notes during this interview with Information Security Media Group.
"I think the amount of vendors that the companies and banks have to have oversight over and due diligence for poses a formidable issue," she says. "There are so many vendors that they have to manage, and how far down do you go in order to ensure that they're complying with the contractual agreements that you set forth?"
To that end, more institutions are focusing attention and investment on compliance and risk assessment, Wyson-Constantine says.
"You have to constantly make sure that they're complying with new regulations that come out and that they're supporting your business to the best of their ability," she says.
In the past six months, the ABA has been asked by its member institutions to provide more support and guidance about how they can adequately manage cybersecurity with vendors. There's also been a lot of regulatory focus on cybersecurity and risk assessment, Wyson-Constantine says (see FFIEC Issues Cyber-Resilience Guidance).
During this exclusive interview, Wyson-Constantine discusses:
- Emerging and ever-changing regulatory guidance and requirements;
- Leveraging vendor relationships;
- How the ABA is helping smaller institutions have stronger voices when it comes to cybersecurity provided by core banking providers.
Wyson-Constantine played an instrumental role in building the ABA's Cyber and Information Security Working Group, which is facilitating information exchange within the financial sector. Because of her contribution, she was named by ISMG in January 2015 as one of the financial industry's most influential people. Wyson-Constantine also supports the ABA's Enterprise Risk Management Working Group and serves as a regulatory and law enforcement liaison. Since joining the ABA in 2011, she has been focused on building cybersecurity awareness, leaning on her more than 10 years with BITS, the technology policy division of The Financial Services Roundtable, where she oversaw fraud prevention.