Search
RSS
Subscribe

Enter your email address to receive new posts in your inbox:

Delivered by FeedBurner

Share

Like what you see? Share!

Our Attorneys
Twitter
Twitter

Entries in Federal Financial Institutions Examination Council (4)

Friday
Oct212016

Federal Bank Regulators Seek Comments on "Enhanced" Cybersecurity Rules

Just one day after the Federal Financial Institutions Examination Council issued FAQs to help financial institutions utilize FFIEC’s Cybersecurity Assessment Tool, three federal banking regulators issued an Advance Notice of Proposed Rulemaking regarding “Enhanced Cyber Risk Management Standards.”

The rulemaking notice was issued on October 19, 201 by the Federal Reserve Board, the FDIC, and the OCC.  A copy of the notice can be found here

As proposed, the enhanced cybersecurity rules would not apply to community banks, but would apply to any of the following institutions as well as third parties who provide services to these institutions:  (1) depository institution and depository institution holding companies with assets of $50 billion or more; (2) US operations of foreign banking organizations with US assets of $50 billion or more; and (3) financial market infrastructure companies and nonbank financial companies supervised by the Federal Reserve Board.  These institutions were identified to the extent they provide “key functionality to the financial sector.”

The enhanced rules are being considered based on the reality that technology dependence is growing and the US financial sector is becoming more interdependent. As such, a cybersecurity induced failure of one major institution could impact the safety and soundness of other institutions.

The enhanced rules would fall within five different categories: (1) cyber risk governance; (2) cyber risk management; (3) internal dependency management; (4) external dependency management; and (5) incident response, cyber resilience, and situational awareness.  The proposed rulemaking includes 36 questions across the foregoing categories for which comments are being sought.

Comments are due January 17, 2017.

Friday
Oct212016

Know Your Risks: FFIEC issues FAQs on its Cybersecurity Assessment Tool

On October 18, 2016, the Federal Financial Institutions Examination Council published a set of Frequently Asked Questions to help financial institutions utilize the Council’s Cybersecurity Assessment Tool.  The FAQs were announced as part of FIL-68-2016.

The Cybersecurity Assessment Tool is a voluntary process designed to help the management of financial institutions measure their cybersecurity risks and their ability to respond to a threat.  The Tool was issued in June of 2015.

The FAQs address questions such as:

  • Why did the FFIEC release the Assessment?  A. To help institutions develop a “measurable” and “repeatable” mechanism to address the growing cybersecurity threats;
  • How does the Assessment align with the NIST Cybersecurity Framework?  A. The Assessment was developed using this framework along with the FFIEC IT Examination Handbook and “industry accepted cybersecurity practices.”
  • Will the FFIEC release an automated version of the Assessment.  A. Not at this time.
  • Can the Assessment be used as part of my institutions’ oversight of third parties?  A. Yes.
  • Does the FFIEC plan to update the assessment?  A.  Yes, as threats and risks evolve.

The FAQ’s are available here, and the Assessment Tool is available here.

Friday
Oct102014

Cyber-security: FDIC Issues Warning on “Shellshock” and “Bash”

On September 29, 2014, the FDIC, on behalf of the Federal Financial Institutions Examination Council, issued an alert to banks on recently discovered material vulnerabilities in the security of the GNU Bourne-again shell system software -- nicknamed “Bash” -- commonly used by bank servers and computers. Researchers reported the newly discovered vulnerability -- nicknamed “Shellshock” -- in Bash versions 1.14 through 4.3 on September 24, 2014.

Click to read more ...

Monday
Jun302014

Feds Release List of Rural, Middle-Income Geographies Qualifying for Community Development Credit

Today, federal banking regulators released the list of “distressed or underserved nonmetropolitan middle-income geographies” for 2014.  The list can be found here.  Bank activities in these geographies will receive consideration as “community development” under the Community Reinvestment Act.  

According to today’s release, the list of communities is based on criteria developed by the Federal Financial Institutions Examination Council (FFIEC), which can be found here.   Factors include unemployment, poverty, and population changes.  The designation includes a one-year “lag” for geographies that no longer meet the criteria.

In Maine, distressed communities (listed by census tract rather than by municipality) were designated in portions of Aroostook County, Washington County, Knox County, Piscataquis County, and Lincoln County.

A full copy of today’s release can be found at PR-51-2014.