-
Third-Party Risk Management Final Guidance – An In-depth Analysis
Background In July of 2021, the three primary bank regulators (OCC, FDIC, and Federal Reserve) proposed new guidance on third-party risk management (TPRM). According to the agencies, “The proposed guidance provides a framework based on sound risk management principles that banking organizations may use to address the risks associated with third-party relationships.” In June of…
-
Is It Time to Take the CAT to the Vet?
How a New Framework Can Improve Cybersecurity Assessments in Financial Institutions. In the age of digital banking, maintaining robust cybersecurity risk assessments and control reviews is paramount to protecting sensitive data from potential threats, and passing rigorous IT audits and examinations. Historically, a key tool in the arsenal has been the Cybersecurity Assessment Tool (CAT)…
-
The State of the (Credit) Union According to the NCUA Chairman
Last month, NCUA chairman Todd M. Harper delivered his “State of the (Credit) Union” during the 2023 Governmental Affairs Conference. Harper covered multiple areas of interest to credit unions including: But in this post, we’ll focus on 3 topics directly related to information security: cybersecurity risk, the need for centralized vendor authority, and Fintechs. The…
-
UPDATE – New Proposed Cyber Incident Notification Rules Finalized
Last updated March 30, 2022. Currently, financial institutions are required to report a cyber event to their primary federal regulator under very specific circumstances. This requirement dates back to GLBA, Appendix B to Part 364 and states that FI incident response plans (IRP’s) should contain procedures for: “Notifying its primary Federal regulator as soon as…
-
Hot Topic: Ransomware on the Radar (Updated)
Both the State banking regulators and the Treasury Department have issued recent advisories to financial institutions regarding the ransomware threat. Ransomware is defined as a form of malicious software (“malware”) designed to block access to a computer system or data, often by encrypting data or programs, in order to extort ransom payments from victims in…
-
FFIEC Issues Statement on Pandemic Planning
Background Similar to the Joint Statement on Destructive Malware issued in January in response to heightened geopolitical cyber risks from foreign actors, the FFIEC just released an Interagency Statement on Pandemic Planning in response to the current COVID-19 epidemic. Similar to the Destructive Malware statement, this statement does not impose any additional regulatory expectations on…