Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

New York Fed analyzes potential impact of cyber attacks on payments network

Privacy/Cyber Risk & Data Security Federal Reserve Bank of New York Payment Systems

Privacy, Cyber Risk & Data Security

In January, the Federal Reserve Bank of New York (New York Fed) released a staff report that analyzes how a cyber attack transmitted through a payment network could be amplified throughout the U.S. financial system. According to the report, Cyber Risk and the U.S. Financial System: a Pre-Mortem Analysis, cyber attacks that impair the most active U.S. banks’ ability to send payments “would likely be amplified to affect the liquidity of many other banks in the system,” including smaller or mid-sized banks that are connected through a shared service provider. The New York Fed notes, however, that the report’s primary focus is on a cyber attack’s impact within a single day, and cautions that should a cyber attack compromise the integrity of the banking system, “the reconciliation and repercussion process would be an unprecedented task.” Among other things, the report (i) establishes a framework for estimating “cyber vulnerability” and understanding the impairments of a cyber attack on a bank’s payment activities; (ii) creates a baseline scenario to study the five largest institutions within the wholesale payment network and the high concentration of payments between large institutions, as well as the resulting imbalance in liquidity that occurs if even a single large institution is unable to remit payments to its counterparties; and (iii) conducts a reverse stress test exercise, in which it analyzes “how many smaller institutions it would take to impair any of the most active ones,” in order to highlight “how the impairment of many smaller institutions also presents a systemic risk.”