Members of the US Federal Financial Institutions Examinations Council (FFIEC) are being urged to include cybersecurity in exams sat at more that 500 community institutions, including credit unions, it has been revealed.
A new programme run by PolicyWorks, which is affiliated with the Iowa Credit Union League, is calling for the Office of the Comptroller of the Currency, the Federal Reserve Board, the FDIC, the CFPB and the NCUE to prioritise compliance and security issues in their assessments.
“Regulators are particularly focusing on risk management and oversight, threat intelligence and collaboration, cybersecurity controls, service provider and vendor risk management, and cyber incident management and resilience. Another aim of the pilot is to help regulators make risk-informed decisions to enhance the effectiveness of supervisory programs, guidance and examiner training,” the FFIEC said in an announcement.
FFIEC examiners now ask about topics including crisis management plans and business impact analyses, job descriptions, IT audit reports and exception tracking, cybersecurity training, physical access controls such as key cards, biometrics and video cameras, network access controls such as patch management and vulnerability assessments, and access by and management of third-party vendors.
“FFIEC members will continue to assess the risks of cyberattacks to financial institutions and use the information gathered through a number of sources to determine the appropriate next steps and identify potential gaps in financial supervision,” said the council.
Lindsey Richardson, Compliance Officer at PolicyWorks, welcomed the move. “This is one instance where I hope examiners will find something so we can all come together as an industry to create a more secure environment,” she said. “A few years ago, you would see controls such as dual-factor authentication as a sufficient security program. Nowadays it’s trending toward multifactor authentication, biometrics and more.”
“With all the data breaches and the new products and services that are coming out every day, this is definitely an area where more controls are needed,” she added.
The US money market fund reforms came into effect in 2016 and are already dramatically shaping US fund industry with investors flooding out of prime funds and into government securities. While the reforms are similar, they are not the same. GTNews interviews Yeng Bulter, global head of the cash business at State Street Global Advisors on the differences.
As the May 25 deadline for Europe’s General Data Protection Regulation (GDPR) inches closer, many treasurers are being lumped with the task of ensuring their wider company is compliant.
APIs may be a solution to MT940 challenges, says Karen Fagan, treasury operation manager, for British television company, ITV.
#PSD2FinishLine recently started trending on Twitter. As the country slowly grows in excitement throughout the month of November, with the C-word on ... read more