FFIEC announced a vulnerability and risk-mitigation assessment as well as a regulatory self-assessment of supervisory policies and processes. “These assessments will be conducted later this year and will help the FFIEC member agencies make informed decisions about the state of cybersecurity across community institutions and address gaps and prioritize necessary actions to strengthen supervisory programs. FFIEC members want to provide additional support to community banks, which may not have access to the resources available to larger institutions.” 

FFIEC highlighted key focus areas for senior management and boards of directors of community institutions as they assess their institutions’ abilities to identify and mitigate cybersecurity risks, including:

  • setting the tone from the top and building a security culture;
  • identifying, measuring, mitigating and monitoring risks;
  • developing risk management processes commensurate with the risks and complexity of the institutions;
  • aligning cybersecurity strategy with business strategy and accounting for how risks will be managed both now and in the future;
  • creating a governance process to ensure ongoing awareness and accountability; and
  • ensuring timely reports to senior management that include meaningful information addressing the institution’s vulnerability to cyber risks.

The basic materials utilized in the presentation from the webinar are available on the FFIEC website

In related news, Gov. Andrew Cuomo announced on May 6 that he has asked the New York Department of Financial Services to conduct cybersecurity assessments of financial institutions to ensure that they are appropriately protecting sensitive customer data. State-chartered banks, credit unions and foreign banks whose US headquarters are in New York will all be subject to the examinations. 

Read more.