FFIEC sets the standard for cybersecurity compliance of federally supervised financial institutions
The digital modernization of banking and finance brought about accessibility and convenience, but introduced increased risk for cyber attacks on financial data and systems, as well as third-party providers servicing these industries.
The Federal Financial Institutions Examination Council (FFIEC) is an interagency body composed of five regulatory agencies: the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), Office of the Comptroller of the Currency (OCC), the Consumer Financial Protection Bureau (CFFP), and the State Liaison Committee (SLC).
As risks to financial data increased with the digital modernization of the banking and finance industry, FFIEC members began taking steps to raise awareness in the the industry of the inevitably of cybersecurity attacks and the necessity of adequately preparing for and stopping them. As result of this was the FFIEC’s creation of a Cybersecurity and Critical Instrastructure Working Group in 2013.
The Council began assessing and enhancing the state of the financial industry’s preparedness and identifying and addressing gaps in regulators’ examination procedures and training to strengthen their oversight of the industry’s cybersecurity readiness. It also developed a Cybersecurity Assessment Tool to help institutions identify their risks and vulnerabilities and assess and determine their cybersecurity preparedness. For examiners, the FFIEC developed the IT Examination Handbook, a set of guidelines they can use to determine if financial institutions are meeting the highest standards of cybersecurity controls and preparedness.
Get Started with Cerberus Sentinel
Cerberus Sentinel can help you navigate this complex regulatory system. Our security compliance experts can help banking and financial institutions identify and assess their risks so they can mitigate their weaknesses and vulnerabilities. We offer risk assessment, penetration testing, gap analysis, and security awareness training as well as security monitoring and management.