FFIEC Release - Update to Cybersecurity Assessment Tool

The FFIEC released an update to the Cybersecurity Assessment Tool (Assessment) on May 31, 2017. This update aligns the Assessment with prior changes the FFIEC made to its IT Examination Handbook by providing a revised mapping in Appendix A of the Assessment that matches updates made by the FFIEC in 2016 to the Information Security and Management booklet.

The updated Assessment also provides additional response options, allowing financial institution management to include supplementary or complementary behaviors, practices and processes that represent current practices of the institution in supporting its cybersecurity activity assessment. Member agencies (FDIC, OCC, FRB and NCUA) developed the Assessment in 2015 to help financial institution management determine an institution's risk profile, inherent risks and cybersecurity preparedness. The Assessment provides a repeatable and measurable process that financial institution management may use to measure cybersecurity preparedness over time.

Action Required:
For BankOnIT Client Banks: Banks that have adopted the BankOnIT-provided Assessment template have no further action needed at this time.

Non BankOnIT Banks: Review the FFIEC release and make changes to the Assessment if the release creates a substantive impact on the bank’s Assessment (estimated time: 15 -45 hours).

Although the FFIEC states that use of the tool is voluntary, numerous State banking departments require the Assessment to be completed, and Federal regulatory examiners commonly expect a bank to have completed the Assessment.

BankOnIT strongly encourages each bank to complete the Assessment if it has not already done so. BankOnIT provided client banks a completed Assessment template for their use after the Assessment’s original release in June of 2015.

BankOnIT is currently reviewing the revised mapping in Appendix A of the FFIEC release to determine what changes are needed. If it’s determined that a change is necessary, BankOnIT will follow up with a revised Assessment template for its client banks.

Should you have questions please contact BankOnIT at 800-498-8877, option 2, or, to get in contact with our regulatory and audit assistance personnel.