The Federal Financial Institutions Examination Council has started its #cybersecurity assessment pilot program, which will examine more than 500 community banking institutions. Plus, the council has launched a Web page dedicated to cybersecurity information.
The pilot program is slated to run through July, says Stephanie Collins, spokesperson for the Office of the Comptroller of the Currency.
The aim of the pilot program is to help smaller banking institutions address potential security gaps. The assessments will be conducted by state and federal regulators during regularly scheduled examinations, the FFIEC says.
“Information from the pilot effort will assist regulators in assessing how community financial institutions manage cybersecurity and their preparedness to mitigate increasing cyber risks,” the council says.
Areas the regulators will be focusing on during the cyber-assessments include risk management and oversight; threat intelligence and collaboration; cybersecurity controls; service provider and vendor risk management; and cyber-incident management and resilience.
“Another aim of the pilot is to help regulators make risk-informed decisions to enhance the effectiveness of supervisory programs, guidance and examiner training,” the FFIEC says.
Institutions to be examined include those with less than $10 billion in total assets. The exams will also look at limited-purpose chartered institutions, including trust banks and community development banks, as well as credit unions, Collins at the OCC says.
During a recent webinar held for approximately 5,000 CEOs and senior managers from community financial institutions, the FFIEC highlighted key focus areas for senior management and boards of directors as they assess their institutions’ ability to identify and mitigate cybersecurity risks, including:
The council did not immediately respond to a request for additional information, including details of when the pilot program will end and be replaced with a permanent program.
The FFIEC’s new cybersecurity Web page will serve as a central repository for relevant materials, offering links to joint statements, webinars and other information to assist financial institutions.
“While information security has been a core focus of supervision for decades, the FFIEC members are taking a number of steps to raise awareness of cybersecurity risks at financial institutions and the need to identify, assess and mitigate these risks in light of the increasing volume and sophistication of cyberthreats that pose risks to all industries in our society,” the FFIEC says.