Your Bank’s Board is Referenced 40 times in the FFIEC’s Newest Release

With regulators commenting over the past 24 months that information security is the biggest threat banks face today, more and more emphasis is being placed on the bank’s board of directors. Regulators expect the directors to effectively manage your bank’s technology risk, similarly to how the board manages credit, interest rate, liquidity and other risks your bank faces.

This was recently reinforced when the Federal Financial Institutions Examination Council (FFIEC) member agencies issued the newly revised Information Security Booklet. Throughout the nearly 100-page release, the bank’s board is named 40 times in reference to activities and responsibilities your board should be performing.

The newly revised booklet addresses the necessary factors to assess the level of security risks to a financial institution’s information systems. The booklet also contains updated examination procedures to help examiners evaluate the adequacy of the information security program’s integration into overall risk management.

Information security exists to provide protection from actions and events that increase the risk of impaired earnings, reduced capital and decreased shareholder value. Institutions should maintain effective information security programs commensurate with their operational complexities. Such programs require strong board and senior management support to be successful in reducing risk and meeting regulatory expectations.

Last year, the FFIEC had more releases on information technology than on any other topic, and there are likely to be more releases on information technology later in 2017.

Are you comfortable that the people and outside firms that help you with your bank’s information technology are up to the task of meeting the ever increasing risks and the increased regulatory requirements? What is your board’s plan to address this latest release?

Have questions? Call us; we’ll be happy to review your current capabilities and discuss with your board strategies for reducing financial, regulatory and reputational risk your bank faces with its technology systems.

Please contact us at 800-498-8877, option 2, or at


Banks with the FDIC as their primary federal regulator are encouraged to read the recent post concerning changes the FDIC made to its IT examination process.

FFIEC Information Security Handbook