Category: Hot Topics

  • The State of the (Credit) Union According to the NCUA Chairman

    The State of the (Credit) Union According to the NCUA Chairman

    Last month, NCUA chairman Todd M. Harper delivered his “State of the (Credit) Union” during the 2023 Governmental Affairs Conference. Harper covered multiple areas of interest to credit unions including: But in this post, we’ll focus on 3 topics directly related to information security: cybersecurity risk, the need for centralized vendor authority, and Fintechs. The […]

  • UPDATE – New Proposed Cyber Incident Notification Rules Finalized

    UPDATE – New Proposed Cyber Incident Notification Rules Finalized

    Last updated March 30, 2022. Currently, financial institutions are required to report a cyber event to their primary federal regulator under very specific circumstances. This requirement dates back to GLBA, Appendix B to Part 364 and states that FI incident response plans (IRP’s) should contain procedures for: “Notifying its primary Federal regulator as soon as […]

  • New Proposed Cyber Incident Notification Rules

    New Proposed Cyber Incident Notification Rules

    Update: Since publishing this post, these rules have been finalized. We have a new post covering those details here. We first wrote about incident notification over ten years ago, and based on feedback from our cyber testing experience, financial institutions are still struggling with the issue of whether or not to notify their customers and […]

  • Hot Topic: Ransomware on the Radar (Updated)

    Hot Topic: Ransomware on the Radar (Updated)

    Both the State banking regulators and the Treasury Department have issued recent advisories to financial institutions regarding the ransomware threat. Ransomware is defined as a form of malicious software (“malware”) designed to block access to a computer system or data, often by encrypting data or programs, in order to extort ransom payments from victims in […]

  • FFIEC Issues Statement on Pandemic Planning

    FFIEC Issues Statement on Pandemic Planning

    Background Similar to the Joint Statement on Destructive Malware issued in January in response to heightened geopolitical cyber risks from foreign actors, the FFIEC just released an Interagency Statement on Pandemic Planning in response to the current COVID-19 epidemic. Similar to the Destructive Malware statement, this statement does not impose any additional regulatory expectations on […]

  • FFIEC Rewrites Business Continuity Guidance

    FFIEC Rewrites Business Continuity Guidance

    The all new IT Examination Handbook is more than an update, it’s a complete re-write, and represents a significant change in how the business continuity process is managed. It also has several new expectations regulators will be looking for from financial institutions1. In fact, that is one of the most interesting changes; the term “institution” […]