The Federal Financial Institutions Examination Council (“FFIEC”) has released a Cybersecurity Assessment Tool to assist financial institutions with identifying their risks and preparedness for potential cybersecurity breaches.
The release of the self-assessment tool follows a one-year pilot program at more than 500 financial institutions. Use of the tool is voluntary, although the inclusion of information directed specifically to Boards of Directors and CEOs signals the FFIEC’s expectation that senior management be involved in cybersecurity risk management.
In addition, the FFIEC noted that the tool will be used by the Office of the Comptroller of the Currency and the Board of Governors of the Federal Reserve System in future regulatory examinations.
The FFIEC Cybersecurity Assessment Tool includes:
Inherent Risk Profile — enables a financial institution to determine its overall risk profile by assessing five categories of potential risk, including:
- Technologies and Connection Types
- Delivery Channels
- Online/Mobile Products and Technology Services
- Organizational Characteristics
- External Threats
Cybersecurity Maturity — enables a financial institution to gauge its readiness across five domains, including:
- Cyber Risk Management and Oversight
- Threat Intelligence and Collaboration
- Cybersecurity Controls
- External Dependency Management
- Cyber Incident Management and Resilience
A comprehensive User’s Guide and Glossary are also included with the Cybersecurity Assessment Tool, as well as instruction on how management should review the relationship between their Inherent Risk Profile and Cybersecurity Maturity to identify potential areas of vulnerability.
The FFIEC noted that there is no one expected level that exists for financial institutions, but that, “If management determines that the institution’s maturity levels are not appropriate in relation to the inherent risk profile, management should consider reducing inherent risk or developing a strategy to improve the maturity levels.”
The attorneys at Glass & Goldberg in California provide high quality, cost-effective legal services and advice for clients in all aspects of commercial compliance, business litigation and transactional law. Call us at (818) 888-2220, send an email inquiry to firstname.lastname@example.org or visit us online at glassgoldberg.com to learn more about the firm and to sign up for future newsletters.