On June 30, 2015, the Office of the Comptroller of Currency (“OCC”) announced that the Federal Financial Institutions Examination Council (“FFIEC”) issued a Cybersecurity Assessment Tool that would allow institutions to evaluate their risks and cybersecurity preparedness in OCC Bulletin 2015-31.
FFIEC
Cybersecurity Efforts Turn Focus to Financial Institutions, Technology Service Providers and “Cyber Resilience”
Financial institutions around the country recently received cybersecurity guidance in the form of a new appendix to the Federal Financial Institutions Examination Council’s (“FFIEC’s”) Business Continuity Planning Booklet, which is part of its Information Technology Examination Handbook. In the guidance, the FFIEC places the onus on financial institutions, their boards of directors, and senior management to manage the cybersecurity risks, recovery services, testing programs, and “cyber resilience” associated with outsourced or third-party technology services. The guidance came just a week before another important event for financial and other institutions: the White House Summit on Cybersecurity and Consumer Protection that was held at Stanford University on Friday, February 13, 2015, and that featured, as attendees and speakers, government and industry leaders, including those from financial institutions.
The FFIEC is the federal interagency body tasked with setting forth uniform principles, standards, and forms for examining and supervising financial institutions. In that capacity, the FFIEC provides guidance on “business continuity planning” or how financial institutions will recover and resume their businesses after an unexpected disruption, which, in today’s world, necessarily includes cyber breaches and attacks.
Here is our take on the FFIEC’s recent round of updates: