On Wednesday May 7th, The Federal Financial Institutions Examination Council (FFIEC) held a webinar to promote cybersecurity preparedness for Community Financial Institutions. At this webinar, the FFIEC announced that it is planning cyber security-related vulnerability and risk mitigation assessments, as well as regulatory self-assessment of supervisory policies and processes to be conducted later this year.

The goal of these assessments will be to help the FFIEC member agencies such as the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp “make informed decisions about the state of cybersecurity across community institutions and address gaps and prioritize necessary actions to strengthen supervisory programs.”

The FFIEC recommended the following high-level goals for executive leadership of community institutions:

  • Company leadership sets the tone for a culture of security.
  • Identify, measure, mitigate, and monitor risks.
  • Risk management processes scaled to risks and complexity of the individual institution.
  • Align cybersecurity strategy with current and future business strategy.
  • Create a governance process that ensures ongoing awareness and accountability.
  • Timely reports to senior management that include the institution’s vulnerability to cyber-risks.

The latest guidance provided by the FFIEC sends a clear signal that financial institutions, regardless of their size, provide entry points that are susceptible to cyber security attack and therefore should be vigilant to ensure that all regulated institutions are able to manage cybersecurity risks in line with their complexity and risk profile.

For more information, the FFIEC has issued a press release as well as a link to the webinar on their website at http://www.ffiec.gov/press/pr050714.htm