Banking Exchange Magazine Logo

FFIEC's 7 cyber security priorities

Self-assessment tool will help banks weigh cyber risk

  • |
  • Written by  Website Staff
  • |
  • Comments:   DISQUS_COMMENTS
FFIEC's 7 cyber security priorities

The Federal Financial Institutions Examination Council listed seven main cyber security priorities for the remainder of 2015.

They come from last year’s pilot assessment of cyber security readiness at more than 500 financial institutions.

The planned work includes the development and issuance of a self-assessment tool that financial institutions can use to evaluate their readiness to identify, mitigate and respond to cyber threats. FFIEC also will enhance its incident analysis, crisis management, training, and policy development, and expand its focus on technology service providers’ cyber security preparedness.

Additionally, FFIEC will continue to improve its collaboration with other agencies and communicate on the importance of cyber security awareness and best practices among financial industry participants and regulators.

Exam Council’s 7 priorities

Work is underway in the following:

1. Cyber Security Self-Assessment Tool—FFIEC plans to issue a self-assessment tool this year to assist institutions in evaluating their inherent cyber security risk and their risk management capabilities.

2. Incident Analysis—FFIEC members will enhance their processes for gathering, analyzing, and sharing information with each other during cyber incidents.

3. Crisis Management—FFIEC will align, update, and test emergency protocols to respond to systemwide cyber incidents in coordination with public-private partnerships.

4. Training—FFIEC will develop training programs for the staff of its members on evolving cyber threats and vulnerabilities.

5. Policy Development—FFIEC will update and supplement its Information Technology Examination Handbook to reflect rapidly evolving cyber threats and vulnerabilities with a focus on risk management and oversight, threat intelligence and collaboration, cyber security controls, external dependency management, and incident management and resilience.

6. Technology Service Provider Strategy—FFIEC’s member agencies will expand their focus on technology service providers’ ability to respond to growing cyber threats and vulnerabilities.

7. Collaboration with Law Enforcement and Intelligence Agencies—The Council will build upon existing relationships with law enforcement and intelligence agencies to share information on the growing cyber security threats and response techniques.

FFIEC has published several resources to help financial institutions improve their cyber security, including additional information regarding the cyber security assessment conducted in 2014.

back to top


About Us

Connect With Us


Webinar: From KYC to IDV

How three leading banks are utilizing cutting-edge
digital tools to onboard, win, and wow customers

Time/Date: June 23, 2021 11:00 a.m. ET

Digital adoption, already moving at warp speed, accelerated seven years into the future during the COVID-19 pandemic. As the number of bank branches continues to fall, with at least one study predicting all branches will disappear by 2034 (Fox Business) and foot traffic declining (Vox), today’s most innovative banks are charting a new, digital-first path to win over customers while increasing security, meeting KYC compliance requirements, and winning customers to drive revenue.

In this webinar, you’ll hear from John Baird, Founder & CEO of Vouched, Tyler Crawford, COO of Bankers Healthcare Group, Anand Sathiyamurthy, CPO of Flagstar Bank and Daniel Sheehan, Chairman & CEO of Professional Bank as they describe their vision for digital transformation and how customer expectations are changing to digital first. They’ll also explore how fostering an innovation mindset creates new ways to tackle complex KYC problems and allows them to quickly compete in new markets and win customers.


This webinar is brought to you by:
Vouched Logo