FFIEC's 2015 Cybersecurity Priorities

May 1, 2015

FFIEC LogoThe Federal Financial Institutions Examination Council (FFIEC) in March provided an overview of its cybersecurity priorities for the remainder of 2015. The FFIEC consists of the Federal Reserve Board, Office of the Comptroller of the Currency, Consumer Financial Protection Bureau, Federal Deposit Insurance Corp., NCUA, and the State Liaison Committee.

The priorities include seven “workstreams” that stem from the FFIEC’s 2014 pilot assessment of cybersecurity readiness at more than 500 financial institutions.

The FFIEC agencies plan to:

  • Issue a cybersecurity self-assessment tool this year to assist institutions in evaluating their inherent cybersecurity risk and their risk management capabilities.
  • Enhance their processes for gathering, analyzing, and sharing information with each other during cyber incidents.
  • Align, update, and test emergency protocols to respond to system-wide cyber incidents in coordination with public-private partnerships.
  • Develop training programs for agency staff on the evolving cyberthreats and vulnerabilities.
  • Update the FFIEC Information Technology Examination Handbook with a focus on risk management and oversight, threat intelligence and collaboration, cybersecurity controls, external dependency management, and incident management and resilience.
  • Expand their focus on technology service providers’ ability to respond to growing cyberthreats and vulnerabilities.
  • Build upon existing relationships with law enforcement and intelligence agencies to share information on the growing cybersecurity threats and response techniques.

For more information, visit