Category: Hot Topics

  • Third-Party Risk Management Final Guidance – An In-depth Analysis 

    Third-Party Risk Management Final Guidance – An In-depth Analysis 

    Background  In July of 2021, the three primary bank regulators (OCC, FDIC, and Federal Reserve) proposed new guidance on third-party risk management (TPRM).  According to the agencies, “The proposed guidance provides a framework based on sound risk management principles that banking organizations may use to address the risks associated with third-party relationships.”  In June of…

  • The State of the (Credit) Union According to the NCUA Chairman

    The State of the (Credit) Union According to the NCUA Chairman

    Last month, NCUA chairman Todd M. Harper delivered his “State of the (Credit) Union” during the 2023 Governmental Affairs Conference. Harper covered multiple areas of interest to credit unions including: But in this post, we’ll focus on 3 topics directly related to information security: cybersecurity risk, the need for centralized vendor authority, and Fintechs. The…

  • UPDATE – New Proposed Cyber Incident Notification Rules Finalized

    UPDATE – New Proposed Cyber Incident Notification Rules Finalized

    Last updated March 30, 2022. Currently, financial institutions are required to report a cyber event to their primary federal regulator under very specific circumstances. This requirement dates back to GLBA, Appendix B to Part 364 and states that FI incident response plans (IRP’s) should contain procedures for: “Notifying its primary Federal regulator as soon as…

  • New Proposed Cyber Incident Notification Rules

    New Proposed Cyber Incident Notification Rules

    Update: Since publishing this post, these rules have been finalized. We have a new post covering those details here. We first wrote about incident notification over ten years ago, and based on feedback from our cyber testing experience, financial institutions are still struggling with the issue of whether or not to notify their customers and…

  • Hot Topic: Ransomware on the Radar (Updated)

    Hot Topic:  Ransomware on the Radar (Updated)

    Both the State banking regulators and the Treasury Department have issued recent advisories to financial institutions regarding the ransomware threat. Ransomware is defined as a form of malicious software (“malware”) designed to block access to a computer system or data, often by encrypting data or programs, in order to extort ransom payments from victims in…

  • FFIEC Issues Statement on Pandemic Planning

    FFIEC Issues Statement on Pandemic Planning

    Background Similar to the Joint Statement on Destructive Malware issued in January in response to heightened geopolitical cyber risks from foreign actors, the FFIEC just released an Interagency Statement on Pandemic Planning in response to the current COVID-19 epidemic. Similar to the Destructive Malware statement, this statement does not impose any additional regulatory expectations on…