FDIC’s Corporate Governance Guidance Reinforces Board of Directors’ Role in Cybersecurity Preparedness

Balch & Bingham LLP
Contact

The Federal Deposit Insurance Corporation has long considered a community bank’s board of directors as one of the most important elements in the successful operation of a bank. Nearly thirty years ago, the FDIC issued its Pocket Guide for Directors. While the term “corporate governance” was not in vogue when the Pocket Guide was first published, the guide today is considered a corporate governance primer for directors.

In its April 2016 Supervisory Insights, the FDIC “reflects” on the Pocket Guide. Not surprisingly, the agency does not alter the core corporate governance principles of the Pocket Guide. As important today as they were in the first Pocket Guide published in 1988 are the concepts of independence for directors, their obligation to select and retain competent management; their duty of loyalty; and their duty of due care.

One word that appears in the FDIC’s current reflections on the Pocket Guide that did not appear in its original version thirty years ago is the word “cyber.” In its April 2016 reflective guidance, the FDIC urges bank directors and senior management to engage in sound strategic planning in order to deal with “emerging or unforeseen risks, such as cyber threats…” Similarly, the FDIC reminds community bank directors that they should ensure that senior management has established appropriate risk management policies and procedures for “cyber risk.” The agency reminds directors that it will expect a higher level of board oversight when there are operational problems with “cybersecurity.”

In our August 2015 client advice, “Assessing Your Cybersecurity Preparedness: It May Be Time to Update Your Bank’s Information Security Plan and Response Program,” we noted that there was increasing regulatory scrutiny of risks related to cybersecurity. We continue to urge community banks to be proactive in managing this risk. Specifically, we encourage banks to undertake a self-assessment of their current cybersecurity preparedness.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Balch & Bingham LLP | Attorney Advertising

Written by:

Balch & Bingham LLP
Contact
more
less

Balch & Bingham LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.