As reported in the media, Office of the Comptroller of the Currency (OCC) has been hacked leaving the country’s banking industry in very concerning situation. The motive of hacking of secured email system used by all commercial banks for sending sensitive information to OCC and the extent of damage, if any, have not been ascertained yet. 

The OCC is responsible for regulating and supervising national banks, federal thrift institutions, foreign banks’ branches and agencies operating in the USA. The main objective of the OCC is to ensure safety and soundness of these financial institutions and thus keep US financial system out of default risk.

As per OCC statement, cyberattack has targeted their secured email system which was identified when they noticed unusual interactions between an administrative account and the OCC user mailboxes. Hacking in the OCC has occurred in February but kept confidential while initiated investigation with a view to ascertaining the motive behind hacking and estimating the extent of damage. Many banks did not know this incident until the report published in the media.

Although OCC did not initially inform their main stakeholders, particularly banks soon after the incident, they are now keeping all banks informed of the investigation progress. They have been reportedly conducting a third-party assessment of the incident including the review of the compromised messages. Banks’ main fear is that they are still unaware about what sensitive information might have been compromised.    

Because of hacking in the OCC, many banks have got frightened to use official email communication system and consequently, some banks including, JPMorgan Chase banks, Bank of America and Bank of New York Melon, have already resorted to substitute communication means in sending sensitive information to the OCC. The banks have expressed serious concern over this hacking incident and the OCC’s delayed response. This hacking incident has compelled some banks to pause certain form of electronic information sharing.

It is obvious that as soon as the incident happened, the authority concerned wanted to ensure that repairing as well as recovery if possible is done prior to getting other stakeholders involved. Even making the incident public is delayed till the investigation is done. 

This practice is followed all over the world irrespective of developed and developing countries. Bangladesh Bank is always blamed for keeping the incident of stealing money from Federal Reserve through hacking, confidential at the beginning. So, those who blame Bangladesh Bank for keeping this incidence confidential may carefully review the way OCC is handling their recent hacking incident, and thus can get some clear idea.

Hacking incident in the OCC has occurred in such a time when the Trump administration is in contemplation of bringing major changes in the banking regulatory system, which may include consolidation of some regulators and establishing well coordination among all regulatory bodies. 

While talking with media, US Treasury Secretary, Scott Bessent, said that he intends to play leadership role in the banking regulation. He further added, “We need our financial regulators singing in unison from the same song sheet.” It is not clear whether this hacking incident will delay the consolidation and coordination process in the US banking regulatory system.  
Question may arise what is the purpose of talking in Bangladesh about hacking in the USA.

There is some relevancy and importance of knowing whatever happened in the banking system of not only in the USA but also anywhere in the world. Banking is known as global financial business network. Transaction taken place anywhere in the world has direct or indirect implication with international banking system. Transaction taken place in the US banking may have impact with banking in Bangladesh or vice versa. The country which does not participate in any cross-border trade may remain out of internationally connected banking system.

However, countries participating in the cross-border trade must directly or indirectly connect with international banking network and as such, whatever happened in the banking of anywhere in the world, will have contagious impact. How hacking in OCC may adversely impact banking in Bangladesh can be clarified with hypothetical example. Say, one commercial bank in Bangladesh maintains Nostro Account with JPMorgan Chase bank for keeping US dollar balances. Mentionable that Nostro account is the method of maintaining account relationship with foreign bank for retaining foreign currency and settling international payment. 

JPMorgan Chase bank uses secured electronic channel to send sensitive information to the OCC which includes the information of Bangladeshi bank’s Nostro Account. If hacker collects information of Bangladeshi Bank’s Nostro account through recent hacking, then Bangladeshi Bank may remain exposed to risk. Usually, the hackers collect, research, follow and wait for suitable time. So, hacking happened now but subsequent attack may occur after a year or longer time.

All commercial banks in Bangladesh, which maintain Nostro account with US banks, should communicate with them and get confirmation whether data breach has occurred through recent hacking incident in the OCC. Bangladeshi banks must obtain confirmation that their data are safe. Such confirmation will come to great help in future if any wrongdoing with this hacked information happens to occur. Bangladesh Bank should properly guide all commercial banks in this regard.
__________________________________
The writer is a certified anti-money laundering specialist and banker based in Toronto, Canada. Email: [email protected]