July 9 - The Federal Financial Institutions Examination Council launched a Web page on cybersecurity (www.ffiec.gov/cybersecurity.htm).The Web page is a central repository for current and future FFIEC-related materials on cybersecurity.
While information security has been a core focus of supervision for decades, the FFIEC members are taking a number of steps to raise awareness of cybersecurity risks at financial institutions and the need to identify, assess, and mitigate these risks in light of the increasing volume and sophistication of cyber threats that pose risks to all industries in our society. The FFIEC Web page provides links to joint statements, webinars, and other information that may help financial institutions when thinking about the issue of cybersecurity.
The launch of this Web page coincides with a pilot program at more than 500 community institutions, to be conducted by state and federal regulators, which will be completed during regularly scheduled examinations. Information from the pilot effort will assist regulators in assessing how community financial insitutions manage cybersecurity and their preparedness to mitigate increasing cyber risks. Regulators are particularly focusing on risk management and oversight, threat intelligence and collaboration, cybersecurity controls, service provider and vendor risk management, and cyber incident management and resilience. Another aim of the pilot is to help regulators make risk-informed decisions to enhance the effectiveness of supervisory programs, guidance, and examiner training.
FFIEC members will continue to assess the risks of cyber attacks to financial institutions and use the information gathered through a number of sources to determine the appropriate next steps and identify potential gaps in financial supervision.
Other recent FFIEC efforts on cybersecurity highlighted on the Web page include: