CIOs Help Banks Prepare For The End Of The World

CIOs have to be able to anticipate the worst
CIOs have to be able to anticipate the worst
Image Credit: josef.stuefer

CIOs at banks have a great deal to worry about. Simply because their companies have so much valuable data and money, the bad guys are always trying to break in and steal things. As though this wasn’t bad enough, every bank is connected to every other bank. What this means is that if something bad happened to a connected bank, then your bank could also suffer. In order to prevent doomsday scenarios like this from happening, the people in the bank CIO position have come up with a plan.

Preparing For The End Of The World In Banking

What the person with the bank CIO job needs to realize is that at any point in time, any bank could suffer a major cyberattack. Yes, because of the importance of information technology they’ve invested a great deal in both equipment and processes in order to attempt to prevent this type of event from happening, but if there is one thing that we all know in IT – things change. U.S. banks realize that any of them could at any time suffer a potentially debilitating cyberattack. This is why bank CIOs have been quietly, behind the scenes, been launching what is called a “doomsday project” that they are hoping will prevent a run on the U.S. financial system if something like this happened.

The program has a name: “Sheltered Harbor”. The participants in the program include the U.S. banks and credit unions that, combined, have approximately 400 million accounts. The program at its heart is actually fairly simple. Each one of the participating financial firms is required to individually back up their data so that in the case that their operations were somehow disrupted, other banks could service their customers. Generally speaking, people who place their money in a bank spend their time worrying about hackers breaking into the bank and making off with their money. Banks, on the other hand, spend their time worrying about someone breaking in and either destroying their data or somehow locking the data so that nobody can use it.

This is where the doomsday scenario comes in. If a hacker was able to alter, modify, or make a bank’s data unavailable, then that bank would be out of business. They may be unable to perform banking functions for hours, days, or even longer. This is when things start to get bad. If the people who store their money at this affected bank can’t get to their money, then customers at other banks may start to panic thinking that the same thing could happen to them too. They may visit their bank and withdraw their money as a precaution. This could then cause a ripple effect that could cause a run on the entire banking system.

Steps For A CIO To Take

What Bank CIOs need to understand is that while most bank customers view cybercrime as being a situation in which a credit card gets stolen, a bank views a cybercrime as being more of a nuclear attack that results in its ATM machines not working. As an example, when the financial institution Equifax was hacked and the personal information of 145.5 million customers was stolen, data was not destroyed but rather this event served as a reminder of just how frail the U.S. financial system is.

In the past the banks had counted on the U.S. government being able to step in and short circuit any panic that the failure of a bank might cause. In the past there were two different government agencies that could step in and lend banks a helping hand in times of trouble. These two agencies are the Federal Reserve and the Federal Deposit Insurance Corp. (FDIC). Both of these agencies have created mechanisms that are designed in the case of a bank failure to restore confidence in the U.S. banking and financial system. The Federal Reserve offers what is called a “discount window” that allows banks to borrow money when things are going bad. The FDIC insures customer deposits which means that customers won’t lose their money in the case of a bank failure.

The problem with the safeguards that are currently in place is that they were designed to deal with bank failures that were caused by doubts about a company’s liquidity or solvency. They are not set up to deal with customer fears that ATM machines may stop working. Banks that take part in the Sheltered Harbor program have to follow guidelines on formatting financial data, creating what is being called a backup vault, and agreeing to participate in audits. The program wants to make it so that backed up data can start to be used within 48 hours of an event occurring. The key to the success of this program is to make sure that as many banks as possible will participate and to make sure that the backups that are being created have not already been compromised.

What All Of This Means For You

There is no question that being a CIO for a bank is a challenging job. The risk of cyberattacks has never been greater. In order to deal with the challenges that they are facing, bank CIOs have created a program called “Sheltered Harbor”. Under this program banks back up their data in a standardized format and store the backup data in a vault. In the event that one of the banks who was participating in the program got hacked and was knocked out of service, other banks could use the backed up data to support the unavailable bank’s customers.

The doomsday scenario that banks are trying to avoid is one in which one bank gets hacked and its funds become unavailable. Once this happens, customers at other banks panic and attempt to withdraw their money in order to keep it safe. There could be a run on the entire U.S. financial system if this was allowed to get out of hand. In the past two U.S. agencies, The Federal Reserve and the FDIC were supposed to be able to step in and provide market stability if a bank failed. However, a cyberattack can cause a failure that nobody is prepared for. The Sheltered Harbor program allows banks to back their data up in a common format to secure vaults and open themselves to regular audits. Participating in this program may be the safety blanket that CIOs have been looking for.

– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™

Question For You: What would be the best way to test the effectiveness of the Safety Harbor program?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.


P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

As the person with the CIO job, one of your main tasks is to assign work to the various people who work for you. As the number of people grows and the amount of work that has to be done seems to get even larger, this task that once upon a time appeared to be simple, can quickly get out of hand. Over at those fancy new startup companies that like to refer to themselves as being part of the “gig economy”, they believe in the importance of information technology and have started to use both apps and algorithms to assign tasks to the self employed workers that they use. Is this something that you should be doing?