Alert - SolarWinds Orion Platform Software IT Incident
On December 13, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert regarding an active exploitation of SolarWinds Orion Platform. See https://us-cert.cisa.gov/ncas/current-activity/2020/12/13/active-exploitation-solarwinds-software. All financial institutions should be assessing the risk to their systems and implementing necessary remediation measures.
Financial Institutions are encouraged to obtain updates and threat and vulnerability information from the Cybersecurity and Infrastructure Security Agency at http://www.cisa.gov or through the Financial Services Information Sharing and Analysis Center (FS-ISAC) at http://www.fsisac.com.
The below are links to additional resources financial institutions may refer to as they conduct their risk assessments and determine applicable remediation steps.
2021 Bank Holidays (PDF)
FDIC Coronavirus Information for Bankers and Consumers
Federal Reserve Resources for Coronavirus
Department Office Closure Communication
Please see attached .pdf or below instructions.
Advisory: The physical locations for the Department of Banking and Securities are currently closed. We are maintaining operations through electronic communication. Please review the below information for operational changes during this time.
Branch Operations: Notifications of temporary branch operations changes should follow the same procedures as severe weather incidents. An email indicating what locations are affected, what operations at each location are being changed/limited, the expected duration and any other relevant information should be sent to your assigned Case Manager or Exam Field Supervisor in the alternative.
Mail: Any document that will be mailed to the Bureau of Bank Supervision must also be sent electronically to the following email address: RA-BNBankSupervision@pa.gov. Any bank that sent documents via mail within the last three (3) days should re-send those documents electronically to the aforementioned email address. If you have a concern about documents mailed recently, please contact Sheila Hughes at (717) 783-8240 or email at email@example.com.
Filings/Applications: All checks should continue be sent to the Bureau of Bank Supervision through regular mail with the original filing. Electronic copies of the original filing and a copy of all applicable checks must be sent electronically to the following email address: RA-BNBankSupervision@pa.gov. General questions regarding filings should be addressed to Sheila Hughes at (717) 783-8240 or email at firstname.lastname@example.org. You may also contact your assigned Case Managers for specific questions:
Jessica Delaney, Case Manager: (717) 503-6179 or email@example.com
Alison Cestello, Case Manager: (412) 565-7519 or firstname.lastname@example.org
Donna Weller, Case Manager: (717) 783-2497 or email@example.com
Examinations: Questions regarding examinations should be directed to the assigned EIC or your Field Supervisor and/or Mary Rutkowski, Field Examinations Chief at (717) 503-5574 and firstname.lastname@example.org.
Jessica Kessock, Field Supervisor: (717) 412-8100 or email@example.com
Michael Goffredo, Field Supervisor: (717) 439-2194 or firstname.lastname@example.org
2020 Bank Holidays Information (PDF)
Secretary's Letter on LIBOR Transition (PDF)
The Department urges state-regulated banks, credit unions, and financial services companies to take action and prepare for the replacement of London Interbank Offered Rate (LIBOR).
Deputy Secretary’s Letter (PDF) regarding Internal Audit Programs for Financial Institutions (PDF)
Secretary's Letter on Cybersecurity (PDF)
The Department continues to work collaboratively with federal regulators, other states financial regulators, and other Commonwealth agencies to address cybersecurity challenges.
Federal Government Principles on Responding to Cyber Incidents
A Presidential Policy Directive (PPD-41) released on July 26, 2016, sets forth principles governing the federal government’s response to any cyber incident, whether involving government or private sector entities. For significant cyber incidents, PPD-41 also establishes lead federal agencies and an architecture for coordinating the broader federal government response. Learn more: http://bit.ly/2aeAUtZ
The Federal Financial Institutions Examination Council (FFIEC) members have issued a revised Management booklet, which is part of the FFIEC Information Technology Examination Handbook (IT Handbook). The IT Handbook is available here.
2018 Annual Audit Reports Due
Read the Deputy Secretary's Letter on 2018 Annual Audit Report (PDF) for banks, bank & trust companies, and savings banks:
email to email@example.com.
Trust companies should email RA-BNTrustAudit@pa.gov
2019 Oaths and Rosters Due
The department has issued a Deputy Secretary’s letter regarding Accumulated Other Comprehensive Income (AOCI) op-out election on your institution’s March 31, 2015, Call Report. An institution that is not an advanced approaches institution must choose to either opt out or not opt out of the requirement to include most components of AOCI in common equity tier 1 capital. The election is irrevocable. Please review the Deputy Secretary’s letter (PDF) for important information.