Top Story Technology Related

FRBservices.org's July 15 FED360° newsletter includes an article, "Gone phishing—Tips to help protect your organization from phishing attempts." Phishing is used by threat actors in attempts to acquire sensitive information using a fraudulent solicitation, via email or on a website (or through text messages) in which the fraudster poses as a legitimate business or reputable person. The article offers tips to help protect banks and other organizations from phishing attempts:

• Educate your staff on what phishing is, how to spot it and how/where to report it when it occurs.
• Consider having occasional "testing" phishing exercises.
• Have clear and well documented policies on how to manage phishing attempts to ensure staff respond appropriately
• When possible, use technology to aid in the identification of phishing emails though the classification of internal versus external email sources
• Add warning messages to the header of all incoming emails from external senders, alerting employees to review external messages with extra care
• Maintain contemporary anti-virus and anti-malware scanning software to offer additional protections in the event staff inadvertently click on suspicious links embedded in the body of an email
• Stay on top of the evolving phishing tactics by consulting with your information security staff to monitor trends and adjust internal policies and procedures accordingly
• Restrict or remove email and web browsing on systems routinely used for payments processing

The Federal Reserve's FedPayments Improvement Task Force has released Synthetic Identity Fraud in the U.S. Payment System—A Review of Causes and Contributing Factors, a white paper on the growing problem of synthetic identity fraud in the U.S. payment system. The paper is a compilation of insights from Federal Reserve and industry subject matter experts. It’s intended to be a resource for industry professionals on the current state of synthetic identity fraud, including the scope of the issue, causes, contributing factors and its impact on the payments industry.

The FTC and its law enforcement partners have announced a major crackdown on illegal robocalls, including 94 actions targeting operations around the country that are responsible for more than one billion calls pitching a variety of products and services including credit card interest rate reduction services, money-making opportunities, and medical alert systems. The joint crackdown, “Operation Call it Quits,” is part of the Commission’s ongoing effort to help stem the tide of universally loathed pre-recorded telemarketing calls. It also includes new information to help educate consumers about illegal robocalls. In addition, the FTC continues to promote the development of technology-based solutions to block robocalls and combat caller ID spoofing.

In testimony before the House Task Force on Financial Technology of the Committee on Financial Services, the FDIC submitted a statement for the record entitled "Overseeing the Fintech Revolution: Domestic and International Perspectives on Fintech Regulation," which discussed using technology to meet consumers' needs and improving the supervisory process, technology and the business of banking, the FDIC’s role in fostering innovation, and the FDIC tech lab. It concluded by saying that often regulatory agencies play "catch up" with technological advancements and their impact on regulated entities and consumers. The FDIC's goal is to reverse that trend through increased collaboration and partnership with the industry. Working together, the FDIC can help increase the velocity of transformation, while ensuring that banks continue to operate in a safe and sound manner and consumers remain protected.

OCC Bulletin 2019-29, issued Friday, announces that the OCC is moving to electronic fingerprinting to facilitate background checks performed in connection with applications and notices submitted to the OCC, including applications for charters, notices of acquisition of control, and notices to replace board members or senior management in certain institutions. The OCC will begin using the new process in July 2019.

In coordination with these changes, the OCC has issued revisions to the “Background Investigations” and “Changes in Directors and Senior Executive Officers” booklets of the Comptroller’s Licensing Manual to incorporate updated procedures and requirements for electronic fingerprinting.

At the conclusion of the E.U.-U.S. Ministerial Meeting on Justice and Home Affairs in Bucharest, Romania, a joint statement was issued regarding E.U.-U.S. cooperation in addressing common security threats. E.U. and U.S. representatives affirmed that fighting terrorism is among their top priorities and committed to enhance their joint efforts, including by expanding the sharing of information gathered in zones of combat for use in investigations and prosecutions. The E.U. and the U.S. also discussed the priority area of security in cyberspace. Participants committed to further joint efforts to maintain a safe, open, and secure cyberspace, and exchanged views on how to best address growing cyber threats.

Two compliance and operational risk workshops will be hosted by the OCC at its Boston Field Office, on July 30 and 31, for directors of national community banks and federal savings associations it supervises.

• The Compliance Risk workshop on July 30 focuses on the critical elements of an effective compliance risk management program and on major compliance risks and critical regulations. Topics of discussion include the Bank Secrecy Act, Flood Disaster Protection Act, Fair Lending, Home Mortgage Disclosure Act, Community Reinvestment Act, and other compliance hot topics.
• The Operational Risk workshop on July 31 focuses on the key components of operational risk—people, processes, and systems. The workshop also covers governance, third-party risk, vendor management, internal fraud, and cybersecurity.

In remarks at the CATO Summit on Financial Regulation: “If You Build It, They Will Come” in Washington, D.C., FDIC Chairman McWilliams discussed:

• The regulatory framework and innovation
• Benefits of innovation
• Benefits of banking
• The FDIC and innovation
• Small-dollar lending
• Reducing regulatory burden
• De novo banks

The Federal Communications Commission has approved a Declaratory Ruling to affirm that voice service providers may, as the default, block unwanted calls based on reasonable call analytics, as long as their customers are informed and have the opportunity to opt out of the blocking. This action empowers providers to protect their customers from unwanted robocalls before those calls even reach the customers’ phones. The ruling also clarifies that providers may offer their customers the choice to opt-in to tools that block calls from any number that does not appear on a customer’s contact list or other “white lists.”

The Commission also adopted a Notice of Proposed Rulemaking that proposes requiring voice service providers to implement the SHAKEN/STIR caller ID authentication framework, if major voice service providers fail to do so by the end of this year.

In its Financial Institution Letter FIL-29-2019, the FDIC announced it has issued a Request for Information seeking feedback on the FDIC's methods and efforts to provide technical assistance. The request asks for information on additional steps the agency could take to support effective management and operation of FDIC-supervised institutions through technical assistance and collaboration on safety and soundness and consumer compliance matters. Comments on the Request for Information will be accepted for 60 days after publication in the Federal Register.