“Comptroller of the Currency Thomas Curry said his agency is increasingly concerned about the cybersecurity risks from banks relying too much on certain vendors and using service providers in foreign countries.
“Banks can end up becoming dependent on certain vendors because of consolidation in the service provider industry, Curry said in his prepared remarks for the Consumer Electronics Show’s Government Summit in Washington. They can also be exposed to risks when they assign critical functions to outside vendors, including those that use foreign-based subcontractors.
“Banks need to consider the legal and regulatory implications of where their data is stored or transmitted, and make a determination as to whether geographic limitations are needed in their contracts,” Curry said. “Finally — and perhaps most importantly — we are concerned about the access third parties have to large amounts of sensitive bank or customer data.”
“His comments shine new light on the Office of the Comptroller of the Currency’s thinking about two areas where it has devoted heightened attention recently: vendor risk and cybersecurity.”
Read full American Banker article here.