banking Cybersecurity resources
Federal Financial Institutions Examination Council (FFIEC)
On June 30, 2015, the FFIEC issued a Cybersecurity Assessment Tool to assist institutions in assessing their level of cybersecurity risk and preparedness. The Department encourages its regulated banking institutions to utilize the assessment tool to ensure that institutions are assessing and addressing cybersecurity risks. Institutions may directly access the cybersecurity resources provided by the FFIEC, including the Cybersecurity Assessment Tool, through the links below:
The Federal Deposit Insurance Corporation (FDIC) and the Federal Reserve Board have both issued supervisory letters regarding the issuance of the Cybersecurity Assessment Tool. Those documents may be accessed through these links:
Conference of State Banking Supervisors (CSBS)
CSBS has also developed a webpage specifically designed for information regarding cybersecurity which can be accessed through the link below.
Cybersecurity guide for bank Chief Executive Officers.
Corporate Account Takeovers:
Corporate Account Takeovers (CATO) are a method of identity theft where criminals "take over" a
business customer's bank account(s) and seek to initiate fraudulent wire and ACH transactions.
CSBS has developed a webpage designed to promote awareness of the risks associated with
CATO and to provide best practices for institutions.
National Credit Union Administration (NCUA)
NCUA recognizes the importance of cybersecurity and using the web safely and securely.
Information Technology Examinations:
The FFIEC Examiner Education Office makes available online an information technology examination resource called the FFIEC InfoBase. The InfoBase contains introductory, reference, and educational training materials on certain information technology topics for field examiners. Contained within the InfoBase are links to Information Technology Handbooks that are updated and maintained electronically. Institutions may find the information contained within these resources helpful when reviewing their information technology policies and procedures.
Institutions may also directly access the individual IT Handbooks by topic through the following links: