About the ECTF
The Task Force was initially formed in April 2010 by Texas Banking Commissioner, Charles G. Cooper in cooperation with the United States Secret Service to address the growing risk of Corporate Account Takeovers (CATO). Task Force membership is comprised of various executives from financial institutions, representatives from the Texas Banks Association, Independent Bankers Association, SWACHA and federal law enforcement agencies. The Department of Banking’s Director of IT Security Examinations serves in an ongoing liaison position. The Task Force (Task Force) is periodically convened as needed to address emerging issues related to electronic threats against the banking industry.
CATO – Corporate Account Takeovers
The Task Force’s initial objective was to address CATO issues. Senior bank officers with technology oversight responsibilities from a diverse group of banks in terms of size, complexity and market presence met to develop common sense and workable guidelines to combat corporate account takeovers. Many of the Task Force member banks had customers whose computer systems had been compromised from a CATO intrusion. Drawing on the experience of the United States Secret Service (North Texas District Office) and IT Security and Audit firms operating in Texas, a list of valuable recommendations were approved.
The end product for the banking industry was a set of controls and processes in the form of a list of Best Practices that could assist banks in the identification of risks and the development of meaningful risk management measures. A similar version of the Best Practices was subsequently released nationally by the Conference of State Bank Supervisors (CSBS), the United States Secret Service, and FS-ISAC.
ELOC – Executive Leadership of Cybersecurity
In September 2013, the Task Force was reconvened by Commissioner Cooper to elevate the priority and broaden the scope of the banking industry’s engagement in addressing cyber threats. The basic question to address was – “what steps are needed for cybersecurity to become a standard element of bank risk management”.
For this particular issue, Task Force representatives were composed of approximately a dozen community bank Chief Executive Officers and other senior bank officials who had a demonstrated track record of treating cybersecurity as a standard element of their bank’s risk management program. Executives from the Texas Bankers Association, Independent Bankers Association of Texas, and SWACHA also participated.
The ELOC working group developed a series of measures that all CEOs and Board Members could utilize to better manage cybersecurity. The group unanimously agreed however, that the key to successful execution of the measures hinged on a strong endorsement by Executive Leadership. Directors, the Chief Executive Officer, and all other senior officers must set the “tone from the top” in making cybersecurity a standard element of bank risk management. No longer could cybersecurity be treated as a compliance exercise. It must be elevated to being an integral component of enterprise wide risk management.
The recommendations of the Task Force were released at an ELOC seminar held in Austin in December 2014 with U.S. Deputy Treasury Secretary Sarah Bloom Raskin being the keynote speaker. A table top exercise jointly developed by the Texas Department of Banking, the Federal Deposit Insurance Corporation, the Office of Comptroller of the Currency, and the Federal Reserve Bank of Dallas was also presented at the event. Throughout 2015, the ELOC program has been hosted by over a dozen state banking departments and trade associations around the country.