WASHINGTON (Reuters) - U.S. bank regulators on Wednesday outlined cyber security standards meant to protect financial markets and consumers from online attacks against the nation’s leading financial firms.
Leading banks will be expected to use the most sophisticated anti-hacking tools on the market and to be able to recover from any attack within two hours, said officials briefing reporters on the plan.
The rules, which will be finalized after industry input, is meant to raise cyber security to a top priority for corporate executives and boards, according to the banking agencies.
Banks with assets of $50 billion or more must satisfy the new rules that will be finalized in the months ahead, according to a statement by the Federal Reserve, Office of the Comptroller of the Currency and Federal Deposit Insurance Corp.
That scope means roughly 40 banks and a variety of non-bank financial companies would have to comply with the final rules.
“Covered entities would be required to be capable of operating critical business functions in the face of cyber-attacks,” the regulators said in a statement.
Cyber security issues have been a priority for Wall Street and regulators as financial leaders like the New York Federal Reserve have been caught in high-profile hack attacks.
On Wednesday, officials said the new standards have been contemplated for some time and that regulators are concerned about the vulnerability of the nation’s financial systems.
One official briefing reporters about the proposal said it was meant to mitigate the risk of any future cyber events.
Reporting by Patrick Rucker; Editing by Susan Heavey, Franklin Paul and Meredith Mazzilli
Our Standards: The Thomson Reuters Trust Principles.