Tag: FFIEC

  • Reading Between the Lines: The Interagency Examiner Guidance for Assessing Safety and Soundness During COVID-19

    Reading Between the Lines: The Interagency Examiner Guidance for Assessing Safety and Soundness During COVID-19

    On June 23, 2020, the FDIC posted “The Interagency Examiner Guidance for Assessing Safety and Soundness Considering the Effect of the COVID-19 Pandemic on Institutions.” FIL-64-2020 This statement this is only one of several interagency statements issued since the start of the Covid-19 Pandemic outlining supervisory principles examiners will use to guide their safety and…

  • Cybersecurity – Beyond the Assessment

    Cybersecurity – Beyond the Assessment

    The FFIEC Cybersecurity Assessment Tool has been out since 2015, and by now almost all financial institutions have completed it at least once, some as many as 3-4 times. Although most of the examiner feedback we’ve gotten indicates that simply completing is all regulators are looking for at this time, the FFIEC made it clear…

  • FFIEC Cybersecurity Assessment Tool Update

    FFIEC Cybersecurity Assessment Tool Update

    The FFIEC recently released a long-awaited update to the Cybersecurity Assessment Tool, and we think overall it is a relatively minor but useful evolution. But before we get into the details of what the update does address, it’s important to note that it did not address the ambiguity issues that plague the current assessment. One…

  • Ask the Guru: How Can I Best Determine My Cyber Risk Profile?

    Ask the Guru: How Can I Best Determine My Cyber Risk Profile?

    Hey Guru! We just completed the Cybersecurity Assessment, so now we have our current risk and control maturity levels identified.  Can we draw any conclusions about our average risk and control levels?  For example, most of our risks are in the Least and Minimal areas, but we do have a few Moderate as well.  Can we…

  • FFIEC Rewrites the Information Security IT Examination Handbook

    FFIEC Rewrites the Information Security IT Examination Handbook

    In the first update in over 10 years, the FFIEC just completely rewrote the definitive guidance on their expectations for managing information systems in financial institutions.  This was widely expected, as the IT world has changed considerably since 2006. There is much to unpack in this new handbook, starting with what appears to be a…

  • FFIEC Updates (and Greatly Expands) the Management Handbook

    FFIEC Updates (and Greatly Expands) the Management Handbook

    This latest update to the IT Examination Handbook series comes 11 years after the original version.  And although IT has changed significantly in the past 11 years, the requirement that financial institutions properly manage the risks of IT has not changed.  This new Handbook contains many changes that will introduce new requirements and new expectations…