An official website of the United States government
Parts of this site may be down for maintenance from Thursday, December 19, 9:00 p.m. Sunday, December 22, 9:00 a.m. (Eastern).
OCC Bulletin 2014-53 | November 3, 2014
Share This Page:
Chief Executive Officers of All National Banks, Federal Branches and Agencies, Federal Savings Associations, Technology Service Providers, Department and Division Heads, All Examining Personnel, and Other Interested Parties
The Federal Financial Institutions Examination Council1 (FFIEC), on behalf of its members, today released the "FFIEC Cybersecurity Assessment General Observations" and the "Cybersecurity Threat and Vulnerability Monitoring and Sharing Statement." These documents address findings from the 2014 Cybersecurity Assessment pilot examination work program. These documents also encourage regulated financial institutions to participate in the Financial Services Information Sharing and Analysis Center (FS-ISAC).
"Cybersecurity Assessment General Observations" includes questions for community bank boards of directors and senior management to consider when assessing their cybersecurity risk.
Participation in information-sharing forums is an important element of community banks' risk management processes and their ability to identify, respond to, and mitigate cyber threats and incidents.
National banks and federal savings associations (collectively, banks) need to understand their inherent cybersecurity risks and consider current practices and overall preparedness, focusing on the following:
Information sharing is an important element of a bank's risk management processes and its ability to identify, respond to, and mitigate cyber threats and incidents.
Banks are expected to
During the summer of 2014, FFIEC members piloted the Cybersecurity Assessment, a cybersecurity examination work program at more than 500 community institutions, to evaluate those institutions' preparedness to mitigate cybersecurity risks.
Rapidly evolving cyber risks reinforce the need for all institutions and their critical technology service providers to have appropriate methods for monitoring, sharing, and responding to threat and vulnerability information, including participation in the FS-ISAC.
Please contact the Operational Risk Division at (202) 649-6550.
Carolyn G. DuChene Deputy Comptroller for Operational Risk
1 The FFIEC members are the Board of Governors of the Federal Reserve System, the Consumer Financial Protection Bureau, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the State Liaison Committee.