Credit union

What to Know About the FFIEC’s Cybersecurity Assessment Tool FAQ

Back in 2015, the Federal Financial Institutions Examination Council (FFIEC) released its Cybersecurity Assessment Tool. Designed to assist financial institutions of all sizes identify and assess risks and weaknesses in their cybersecurity posture, it has notably been met with widespread confusion and complaints. The FFIEC has recently tried to clear some of this up by releasing a “Frequently Asked Questions” guide to the tool, with mixed results. Original Concerns These complaints include everything from critiques on the effectiveness of the tool to confusion over whether it is truly voluntary or not and frustration over the amount of time needed to collect and input data into the tool itself. Banking institutions have also been wondering exactly how this tool should be

Read More »


The forthcoming cybersecurity guidance from the Federal Financial Institutions Examination Council is expected to focus on people and processes that defend against specific types of threats, Future IT examinations for all sizes of banking institutions will include reviews of employee awareness of security threats, the depth and breadth of an institution’s training programs, patching policies, and – especially – securing mobile banking. When will the guidance be released? There is no date set as yet for when the guidance will be issued, but all indications point to 2015. Congressional pressure on industries to address the growing numbers of data breaches, combined with the banking industry’s strong interest in delivering mobile services, will likely push the FFIEC to move forward comparatively quickly with

Read More »