Skip to main content
Home Insights Financial Services Blog Tougher Scrutiny on Cybersecurity at Banks in 2016
  • Finance
  • November 17, 2015
Mortgage Crisis & Financial Services Watch Blog

Tougher Scrutiny on Cybersecurity at Banks in 2016

Philip R. Stein

Cybersecurity has been a focus as part of bank exams for years. Now the Federal Deposit Insurance Corp. (FDIC) is increasing its scrutiny of banks’ cybersecurity practices to ensure that the issue is getting appropriate attention from bank executives and boards. Bank regulators are planning to make cybersecurity a higher priority during bank exams as early as the second quarter of next year. The FDIC will revise its community bank examination program to break cybersecurity out as its own separate issue in examination comments.

Regulators want to ensure that there is an understanding of “cyber risk as it overlays into business decisions that you make at the board level,” an FDIC risk management official recently commented. Though outdated data security systems have typically been viewed as a “budget capital improvement” matter, the threat environment has changed. Now, the FDIC’s approach has changed along with it.

If an institution has a cyber-breach, “it will not be a capital event; it will be an operational event” and compared to a liquidity problem, according to the FDIC. The FDIC’s shift in approach follows the release of a cybersecurity assessment tool that was published by the Federal Financial Institutions Examination Council earlier this year. The tool maps to the National Institute of Standards and Technology’s cybersecurity framework and helps guide banks as they assess their cybersecurity defenses. It is voluntary, but examiners will be using it in the field when assessing banks.

“Use of the tool is optional, but in reality the bankers are saying that when the examiners come into their institutions that they are asking to see whether they have completed the self-assessment and asking to look at its contents,” said Pamela Perdue, executive vice president of regulatory operations at Continuity, a compliance management solutions provider for community banks.

Other changes to the bank exam process will include the addition of a questionnaire that a bank will get roughly three months before an exam. An institution will have two weeks to fill out the seven-page form, which will replace a phone call or interview that has been done in the past. The FDIC will also drop the 15-page IT officers’ questionnaire.

The FDIC is also working on similar changes to exams for third party service providers and creating an assessment tool for them. The agency wants banks to review their contracts with third party service providers and make sure the contracts and performance meet their expectations. This underscores how serious an issue cybersecurity has become to regulators, and the scrutiny that banks can face even when they receive IT related services from third-party providers.

The FDIC is in the process of finalizing the new exam program and once approved, a pilot test program will be used in selected offices in the first quarter of 2016 with implementation planned for mid-2016.

Related Practices
Finance Data Privacy & Security
YOU MIGHT ALSO LIKE
Press Release May 21, 2025
Builders Association of South Florida Recognizes Brian Adler and Howard Nelson
The Builders Association of South Florida (BASF), the local affiliate of both the Florida Home Builders Association and the National Association of Home Builders, has awarded Brian S. Adler and Howard E. Nelson with its President's Award.
Press Release May 20, 2025
Bilzin Sumberg Wins MDFAWL Champion of Women Award
Bilzin Sumberghas been awarded the 2025 Champion of Women Award presented by the Miami-Dade Chapter of the Florida Association for Women Lawyers (MDFAWL).
Development Conference May 15, 2025
Evolving Approaches to Public-Private Partnerships in Florida
Eric Singer moderates the panel Evolving Approaches to Public-Private Partnerships in Florida at Bilzin Sumberg’s Development Conference. The panel discusses the key challenges and opportunities that P3s present public agencies, private developers, and operators alike, as P3s are creatively de...
VIEW MORE