The head of the Federal Deposit Insurance Corp. (FDIC) has warned banks that they could face enforcement penalties if they allow cybersecurity breaches to impact their data safety.
In a CNN interview, FDIC Chairwoman Jelena McWilliams stated that cybersecurity was “something we take very seriously.” McWilliams was asked about the data breach impacting Capital One–which is not regulated by the FDIC–and she said her agency could enact financial penalties on banks that fail to maintain robust data security if they were called out by the FDIC on the state of their cyber defenses.
The Consumer Financial Protection Bureau (CFPB) and a coalition of attorneys general recently reached a $700 million settlement with Equifax regarding a 2017 data breach.
"We could certainly have an enforcement action," she said, adding the FDCI was "monitoring" the cyber defenses and "continuously" testing banks' networks and firewalls. The agency then flags deficiencies, orders banks to fix them and monitors whether progress has been made.
However, McWilliams admitted the FDIC has "limited ability" to examine third-party service providers that might be responsible for a breach, which occurred with Capital One. She added that financial institutions are carrying significant extra expenses to ensure their data is safe.
"Protecting the banks and protecting consumer data is prohibitively expensive," McWilliams said.