Regulation & ComplianceFinance examiners told to bump up compliance content

Finance examiners told to bump up compliance content

Members of the US Federal Financial Institutions Examinations Council (FFIEC) are being urged to include cybersecurity in exams sat at more that 500 community institutions, including credit unions, it has been revealed.

Members of the US Federal Financial Institutions Examinations Council (FFIEC) are being urged to include cybersecurity in exams sat at more that 500 community institutions, including credit unions, it has been revealed.

A new programme run by PolicyWorks, which is affiliated with the Iowa Credit Union League, is calling for the Office of the Comptroller of the Currency, the Federal Reserve Board, the FDIC, the CFPB and the NCUE to prioritise compliance and security issues in their assessments.

Regulators are particularly focusing on risk management and oversight, threat intelligence and collaboration, cybersecurity controls, service provider and vendor risk management, and cyber incident management and resilience. Another aim of the pilot is to help regulators make risk-informed decisions to enhance the effectiveness of supervisory programs, guidance and examiner training,” the FFIEC said in an announcement.

FFIEC examiners now ask about topics including crisis management plans and business impact analyses, job descriptions, IT audit reports and exception tracking, cybersecurity training, physical access controls such as key cards, biometrics and video cameras, network access controls such as patch management and vulnerability assessments, and access by and management of third-party vendors.

FFIEC members will continue to assess the risks of cyberattacks to financial institutions and use the information gathered through a number of sources to determine the appropriate next steps and identify potential gaps in financial supervision,” said the council.

Lindsey Richardson, Compliance Officer at PolicyWorks, welcomed the move. “This is one instance where I hope examiners will find something so we can all come together as an industry to create a more secure environment,” she said. “A few years ago, you would see controls such as dual-factor authentication as a sufficient security program. Nowadays it’s trending toward multifactor authentication, biometrics and more.”

With all the data breaches and the new products and services that are coming out every day, this is definitely an area where more controls are needed,” she added.

 

Related Articles

Which transaction monitoring software is right for my institution?

Regulation & Compliance Which transaction monitoring software is right for my institution?

1m Elaine Dorkham
Bringing cryptocurrency to the front line  

Payments Bringing cryptocurrency to the front line  

4m Karen Vickers
China’s regulatory changes stimulate international interest

Asia Pacific China’s regulatory changes stimulate international interest

5m Michael McCaw
Treasury TV: Yeng Butler compares US and European MMF reforms

Compliance Treasury TV: Yeng Butler compares US and European MMF reforms

5m Victoria Beckett
AccessPay offers free tool to help corporates utilise PSD2

Payments AccessPay offers free tool to help corporates utilise PSD2

5m GTNews
Many treasurers juggle increased GDPR burden with business restructuring

More News Many treasurers juggle increased GDPR burden with business restructuring

6m Victoria Beckett
The arrival of PSD2: views from the market

Banking The arrival of PSD2: views from the market

6m Victoria Beckett
PSD2: dull name, but seismic effect

Clearing & Settlement PSD2: dull name, but seismic effect

6m Alex Kwiatkowski