ALEXANDRIA, Va. (7/2/14)--While data breaches at retailers have made headlines recently, financial institutions of all sizes are vulnerable to cyberattacks. With that in mind, the Federal Financial Institutions Examinations Council (FFIEC) has launched a pilot program to assess 500 financial institutions' supervisory policies and processes when it comes to cybersecurity.
The assessments will be used to develop a preliminary assessment of how community financial institutions manage cybersecurity, said National Credit Union Administration spokesman John Fairbanks. Credit unions represent about half of the institutions being examined. These credit unions range from small to very large asset sizes.
"This pilot is one of several FFIEC assessments that will ultimately benefit community financial institutions by assisting regulators in strengthening and standardizing our supervisory programs and being responsive to industry requests for supervisory guidance," Fairbanks said. "The assessments under the FFIEC pilot program are being done during the normal exam cycle using existing rules and regulations."
Should the assessments lead the NCUA to identify policies and procedures that do not meet legal requirements or supervisory expectation, the institution will be notified and concerns will be handled as they would normally be during a standard exam.
In announcing the pilot program in May, the FFIEC said its members want to provide additional support to community banks, which may not have access to the resources available to larger institutions.
NCUA Chair Debbie Matz recalled one incident in her February address at the Credit Union National Association's Governmental Affairs Conference in which hackers broke into a medium-sized credit union and used that credit union's passwords to access a large credit bureau, allowing them to steal credit reports from hundreds of consumers.
"These attacks are like poison-tipped darts. Where they hit doesn't matter. Once that poison hits your bloodstream, it moves quickly through the system," she said.
The FFIEC, which in addition to the NCUA counts as its members the Office of the Comptroller of the Currency, Consumer Financial Protection Bureau, Federal Deposit Insurance Corp., Federal Reserve Board and a liaison committee of state regulators, has said that the pilot program will not result in any new examination rating.