FFIEC Increasingly Focuses on Cybersecurity Awareness


The Federal Financial Institutions Examination Council (FFIEC), under the leadership of its Chairman Thomas J. Curry, is increasingly focused on cybersecurity risks to financial institutions. At the end of June 2014, the FFIEC created a cybersecurity awareness Web page that assembles the key information about cybersecurity risks to financial institutions. Please note that of the six FFIEC members, the Consumer Financial Protection Bureau is now included as a voting member of the FFIEC, along with the other federal prudential regulators. FFIEC has important interagency powers with respect to prescribing uniform principles, standards, and report forms for the federal examination of financial institutions. Additionally, FFIEC conducts schools for examiners employed by the five federal agencies represented on FFIEC and makes those schools available to state agencies that supervise financial institutions. FFIEC also has additional responsibilities to facilitate public access to data that depository institutions must disclose under the Home Mortgage Disclosure Act of 1975 (HMDA) and the aggregation of annual HMDA data.

In addition to Chairman Thomas J. Curry, Comptroller of the Currency, Office of the Comptroller of the Currency, the other members of FFIEC are:

  • Daniel K. Tarullo, Governor of the Federal Reserve System
  • Martin J. Gruenberg, Chairman of the Federal Deposit Insurance Corporation
  • Richard Cordray, Director of the Consumer Financial Protection Bureau
  • Debbie Matz, Chairman of the National Credit Union Administration, and
  • David J. Cotney, Chairman of the State Liaison Committee (SLC).

The SLC is tasked with encouraging uniform examination principles and standards by the state and federal supervisory authorities. The committee is composed of five representatives of state supervisory agencies. The SLC’s Chairman Cotney, who is the Commissioner of Banks of the Commonwealth of Massachusetts Division of Banks, was reappointed to the SLC and renamed as Chairman of the SLC in May 2014, after having served on the SLC since October 2010. In addition to Cotney, the other members of the SLC currently include:

  • Thomas Candon, Deputy Commissioner of Banking and Securities of the Vermont Department of Financial Regulation
  • Karen K. Lawson, Director of the Office of Banking for the Michigan Department of Insurance and Financial Services
  • Lauren Kingry, Superintendent of the Arizona Department of Financial Institutions, and
  • Michael Mach, Division of Banking Administrator for the Wisconsin Department of Financial Institutions.

Pepper Points: A consistent theme and ongoing point of emphasis of the FFIEC under Chairman Curry is to prepare for risks associated with cybersecurity matters. FFIEC is looking to raise awareness about the pervasiveness of cyberthreats and to identify sound executive leadership (board and senior management) approaches to manage such risks. In our view, FFIEC will continue to focus on identifying, measuring, mitigating, and monitoring risks in connection with cybersecurity issues as well as other emerging issues of supervisory concern. Financial institution senior management and board members need to develop a review of the institution’s responsiveness to potential cybersecurity threats, after consultation with outside IT and legal professionals.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Pepper Hamilton LLP | Attorney Advertising

Written by:


Pepper Hamilton LLP on:

Popular Topics
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.