A resolution of a financial institution failure driven by a cybersecurity “incident” would present unique operational, confidence and other challenges that regulators are not necessarily equipped to handle, the head of the federal insurer of bank deposits indicated Monday.
In a speech to the Cross Border Resolution & Regulation Colloquium of the Institute of International Finance (IFF)-Bank Policy Institute (BPI) in London, Federal Deposit Insurance Corp. (FDIC) Chairman Jelena McWilliams said her agency’s “resolution toolkit” is well-suited to handle financial impairments, “but might not be as useful when dealing with the underlying operational issues that a cyber incident might cause,” she said. “Work in this area is critical and ongoing.”
McWilliams told the group that the FDIC is assessing challenges presented by cybersecurity incidents, including:
- potential abruptness of a disruption, and resulting compression of ordinary recovery and resolution planning timelines;
- uncertainties regarding the severity of impact, and prospects and timing for restoration of systems or data after a cyber incident;
- reliability and accessibility of information ordinarily relied upon to conduct a resolution.
“A resolution driven by a cyber incident likely would be distinct from the historical experience of the FDIC in resolving banks in a number of ways,” McWilliams said, “and would present unique operational, market confidence, and other challenges that we are considering currently.”