July 25, 2014

Federal Financial Institutions Examination Council (FFIEC) Member Agencies and State of New York to Focus Attention on Cybersecurity

On May 7, 2014 the Federal Financial Institutions Examination Council (FFIEC) highlighted regulatory efforts to enhance financial institutions’ cybersecurity during a webinar for approximately 5,000 chief executive officers and senior managers from community financial institutions. The FFIEC has six voting representatives of member agencies including the Board of Governors of the Federal Reserve System, the Chairman of the Federal Deposit Insurance Corporation, the Chairman of the Board of the National Credit Union Administration, the Comptroller of the Currency, the Director of the Consumer Financial Protection Bureau and the Chairman of the State Liaison Committee. The FFIEC offered this webinar “to raise awareness about the pervasiveness of cyber threats, discuss the role of executive leadership in managing these risks, and to share actions being taken by the FFIEC.”

FFIEC announced a vulnerability and risk-mitigation assessment as well as a regulatory self-assessment of supervisory policies and processes. “These assessments will be conducted later this year and will help the FFIEC member agencies make informed decisions about the state of cybersecurity across community institutions and address gaps and prioritize necessary actions to strengthen supervisory programs. FFIEC members want to provide additional support to community banks, which may not have access to the resources available to larger institutions.” 

FFIEC highlighted key focus areas for senior management and boards of directors of community institutions as they assess their institutions’ abilities to identify and mitigate cybersecurity risks, including:

  • setting the tone from the top and building a security culture;

  • identifying, measuring, mitigating and monitoring risks;

  • developing risk management processes commensurate with the risks and complexity of the institutions;

  • aligning cybersecurity strategy with business strategy and accounting for how risks will be managed both now and in the future;

  • creating a governance process to ensure ongoing awareness and accountability; and

  • ensuring timely reports to senior management that include meaningful information addressing the institution’s vulnerability to cyber risks.

The basic materials utilized in the presentation from the webinar are available on the FFIEC website

In related news, Gov. Andrew Cuomo announced on May 6 that he has asked the New York Department of Financial Services to conduct cybersecurity assessments of financial institutions to ensure that they are appropriately protecting sensitive customer data. State-chartered banks, credit unions and foreign banks whose US headquarters are in New York will all be subject to the examinations. 

Read more.

©2014 Katten Muchin Rosenman LLP

About the Author

Jeffrey M. Werthan, Mergers Acquisitions Attorney, Katten Muchin law firm

Jeffrey M. Werthan is head of the firm’s Banking practice. He has extensive experience representing clients in connection with bank formations, both public and private capital raises, mergers and acquisitions of financial institutions, compensation for financial institution executives and bank regulatory and enforcement issues.


Boost: AJAX core statistics

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. The National Law Review is not a law firm nor is  intended to be  a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.

The National Law Review - National Law Forum LLC 4700 Gilbert Ave. Suite 47 #230 Western Springs, IL 60558  Telephone  (708) 357-3317 If you would ike to contact us via email please click here.