BID® Daily Newsletter
Nov 23, 2021

BID® Daily Newsletter

Nov 23, 2021

A Look Back In 2021 - Regulations & Cyber Risk (Part 1)

Summary: This year has certainly been a year of change. Today we look back on how some fundamental changes to the regulatory and cybersecurity landscape have affected community financial institutions. It’s been a year of renewed focus on compliance and risk, the LIBOR transition, and increasing threats from cybercriminals.

Many people assume chameleons only change color to blend in with their environment. But, with 171 different species found around the world, there are many other reasons why they change color. Sometimes it’s to reflect changes in their mood or to adapt to changes in temperature, light, or humidity in their surroundings.
Just like the chameleon, the financial services industry also has to constantly adapt to micro and macro changes in its environment. Here we review several key regulatory and cybersecurity 2021 events.
More regulation
This year has been a bumper year for regulatory change. We’ve not only seen a change in politics with the entrance of the Biden administration and a Democratic-controlled Congress, but the continued impact of COVID, constant change in tech innovation, the evolving cryptocurrency space, and growing concerns about climate change.
1. More anti-money laundering. One of the most significant regulatory changes affecting CFIs this year has been the enactment of the AML Act 2020 (AMLA) in January 2021. It is seen as one of the most significant AML regulatory changes in many years, with its comprehensive list of tasks to appropriately modernize the Bank Secrecy Act (BSA). Two key tasks on this list are “new and expansive requirements for disclosure of corporate beneficial ownership, which the Financial Crimes Enforcement Network (FinCEN) is now actively working to implement” and the “development of regulatory solutions with a greater focus on emerging technologies.” It is important to be up-to-speed on the elements of AMLA, as your institution takes on new technologies or considers cryptocurrencies.
2. Financial crime enforcement. To beef up the fight against money laundering and terrorist financing, the Financial Crimes Enforcement Network (FinCEN) released its first set of governmentwide priorities at the end of June. FinCEN has identified eight priorities to help organizations focus their compliance resources appropriately. These include tackling corruption, cybercrime, international and domestic terrorist financing, fraud, transnational organized crime, proliferation financing, drug trafficking and human trafficking, and smuggling. CFIs that aren’t already informed on this should review and update their risk management and AML procedures in line with the new governmentwide priorities.
3. LIBOR’s transition. The move away from the London Interbank Offered Rate (LIBOR) has continued to be a hot topic throughout 2021. This is unsurprising, given that the first of the key LIBOR transition deadlines is fast approaching. LIBOR will not be used on any new transactions after December 31, 2021. That said, existing LIBOR deals will still be in play for another 18 months. Financial regulators are urging institutions of all sizes to choose their replacement benchmark — and put their transition plans in place as soon as possible, if they haven’t already.
4. Tackling climate change. In September, the US Securities and Exchange Commission announced it would propose a rule to require climate-related disclosures in public filings. Expected before the end of the year, this much-debated new rule highlights the SEC’s continued focus on environmental, social, and governance (ESG) matters. Although the impact on CFIs is still unclear, it would be prudent to stay on top of these developments. The federal banking regulators, led by the Office of the Comptroller of the Currency, are also working on guidance related to climate change, so CFIs should be on the lookout for such guidance in 2022.
Major focus on cyber risk

1. Cybercrime keeps increasing. Cybercrime continues to be a growing security and financial threat to all institutions, with cybercriminals continuously finding new ways to exploit technology and commit fraud. Unfortunately, the banking sector’s rapid digital transformation has increased these risks.  The number of data breaches reported between Q1 and Q3 2021 already exceeded the total for 2020 by 17%.
While all forms of cybercrime pose a risk to CFIs, ransomware attacks are still the biggest source of cyberattacks within financial services. The statistics show that the banking industry experienced a gigantic 1,318% increase in ransomware attacks alone between January and June 2021, compared to the same period last year.
2. The government’s role. The government has made several moves this year to tackle this pressing issue, including:
  • The Department of Justice’s new task force to deal with cyberattacks and digital extortion schemes.
  • President Biden’s executive order in May to enable the sharing of information related to cybercrime, make improvements to the federal government’s own cybersecurity, and increase security across the software supply chain.
  • The Treasury department’s recent announcement about new ways in which it is fighting cybercriminals, such as updating its ransomware guidance and imposing sanctions on SUEX the cryptocurrency exchange.
  • Working more closely with other governments to fight cybercrime on a global scale.
It’s clear that the size, sophistication, and impact of cyberattacks are going to continue to increase. CFIs need to review best practices, secure their infrastructure, and integrate cyber risk management into their decision-making. Being as prepared as possible is the best defense.
Many of the issues that dominated this year are likely to continue to present significant challenges over the medium term. That said, many learnings can be gleaned from this year that can prepare us all for the year ahead. 
Subscribe to the BID Daily Newsletter to have it delivered by email daily.

Related Articles:

Protecting Your Website Domain from Common Cyberattacks
Attacks on Domain Name Systems are rampant and can result in major problems. A compromised domain name can cause myriad headaches for both the company and its customers.
FDIC Aims To Change the Definition of Deposit Broker
The FDIC is proposing a rule that would change the definition of “deposit broker” and expand the types of exceptions allowed. We outline how the proposed rule could significantly impact banking operations.