By 
A recent audit by the Federal Deposit Insurance Corporation (FDIC) Office of Inspector General has raised concerns about the growing cybersecurity risks facing banks and the dwindling number of IT experts responsible for safeguarding the financial sector. The report highlights the increasing threats from cyberattacks, vulnerabilities in third-party relationships, and an alarming shortage of examiners with specialized IT expertise.
Rising Number of At-Risk Banks
According to the 191-page report, released on March 20, the number of “problem institutions” flagged for safety and soundness concerns increased significantly in the last fiscal year. As of September, 66 banks, holding a combined $87.3 billion in assets, were on this list—up from 44 institutions with $54.5 billion in assets the previous year.
Banks are placed on this list due to various operational risks, including deficiencies in information technology (IT) systems, anti-money laundering (AML) compliance, and other technological vulnerabilities. The FDIC examiners issued 104 supervisory recommendations related to risk management and 90 tied to IT concerns, underscoring the urgency of addressing these challenges.
The Impact of Cybersecurity Threats
The report emphasized that IT examinations are critical for identifying cybersecurity vulnerabilities and assessing whether banks have adequate controls to mitigate risks. Examiners evaluate how well financial institutions detect cyber threats and manage IT-related risks that could impact their overall safety ratings.
However, the FDIC itself is facing a staffing crisis that could hinder its ability to carry out these crucial examinations.
Looming IT Expertise Shortage
The audit warns that the FDIC is struggling to maintain a sufficient number of skilled IT examiners to assess emerging risks. More than half (53%) of its advanced IT subject matter experts are eligible for retirement in 2024, with that number expected to rise to 63% by 2028. Similarly, intermediate-level IT experts have a retirement eligibility rate of 16% as of last year, increasing to 27% by 2028.
This impending shortage raises concerns about the FDIC’s ability to accurately assess IT risks, which directly impact banks’ safety and soundness ratings and influence regulatory strategies.
Third-Party Risks and Financial Crime Compliance
The report also highlights the growing risks posed by banks’ reliance on third-party service providers, particularly in compliance with the Bank Secrecy Act (BSA), AML regulations, and sanctions enforcement. A single operational failure at a third-party service provider could have widespread effects across multiple banks.
As financial institutions continue to forge partnerships with fintech firms—roughly two-thirds of banks have such collaborations—examiners may require new skill sets to evaluate compliance and risk management in these digital ecosystems.
Increasing Fraud and Cyber Threats
Separate industry data suggests that approximately 40% of banks have reported rising financial losses due to fraudulent transactions. Additionally, a report by the Office of the Comptroller of the Currency (OCC) last summer found that 11 of the 22 largest U.S. banks had “insufficient” or “weak” operational risk management, including inadequate defenses against cyberattacks.
Even federal agencies responsible for financial system oversight have been affected by security threats, with the audit noting a 9.9% increase in reported information security incidents in fiscal year 2023.
Unclear Regulatory Stance on Crypto-Assets
The audit also criticized the FDIC’s handling of risks associated with crypto-assets, stating that while the agency has identified potential dangers in banks’ involvement in cryptocurrency activities, it has not conducted comprehensive risk assessments. Furthermore, its approach to providing supervisory feedback on crypto-related activities remains unclear.
The Need for Strengthened Oversight
The report underscores the urgency for the FDIC to address staffing shortages, enhance cybersecurity risk assessments, and refine its supervisory strategies for emerging financial technologies. Given the increasing complexity of banking operations, ensuring that regulators have the expertise to monitor and mitigate risks will be essential for maintaining financial stability.
Comments