Regulators Identify Risk Area for 2015 Operational Risk is 2nd Highest

The FFIEC has listed its cyber-security priorities for 2015.(1) Directors and management should consider how these upcoming steps may affect their bank. In recent presentations regulators have identified cybersecurity risk as a bank’s second-highest overall risk, behind only interest-rate risk. Does your board give cybersecurity risk the attention that examiners are expecting?

FFIEC Releases Two Statements on Cybersecurity

Regulators are continuing to emphasize that bank CEOs and directors must understand the risks
they are undertaking with regard to cyber security, the same as understanding credit, liquidity and
other risks inherent in banking.

Are You Performing Due Diligence on Your Vendors’ Vendors?

You may be surprised to learn that many of your bank’s vendors actually outsource to a third party certain critical functions that you perhaps believed your vendor was directly performing for you. As an example, your vendor may not be directly providing a secure e-mail system for you, but instead uses a third party company to host and support your secure e-mail. Maybe your vendor offers data storage for your bank—but your vendor doesn’t provide that service directly.

A Critical Deadline Is Approaching to Replace Your Windows Server 2003.

The countdown to July 14, 2015, is on. That’s the rapidly-approaching date when Microsoft ends support for its popular Windows Server 2003.

Has your bank upgraded to new servers yet? Lots of banks haven’t. Analysts are predicting that many businesses will ignore the deadline and continue operating with the familiar and stable Windows Server 2003. But the consequences could be very serious.