Cybersecurity insurance, also known as cyber risk insurance, cyber liability insurance or data-breach liability insurance, helps an institution recover from the financial losses related to a security breach or other cyber event. Cybersecurity insurance isn’t required. Regulators don’t require cyber insurance. That doesn’t mean you don’t need it, though. The global average cost of a […]
Does your institution need cybersecurity insurance? Is it required? If utilized, are there rules? Cybersecurity insurance can protect against financial loss in the event of a cyber incident, but there are many intricate details. The Federal Financial Institutions Examination Council (FFIEC) members have provided a joint statement to help financial institutions understand how cyber insurance […]
Bankers and credit union executives are always eager to find out what bank examiners want. It’s like there’s an answer key out there and if they ask around enough someone will hand them a copy. But regulatory exams aren’t multiple choice. They are (almost literally) essay questions, and regulators expect different answers from different institutions. […]
Customers don’t want to hear that a data center across the country flooded, a cyberattack overwhelmed systems or a piece of equipment failed. In their eyes, it’s your fault. Regulators feel that way too. That’s why transaction risk is one of the 10 biggest vendor management risks facing financial institutions.
Vendor risk management is an ongoing process—one that begins with due diligence before a contract is signed and continues with monitoring throughout the length of the relationship. This blog series on the Top 10 risks will help you more effectively address how third-party vendor risk throughout every department in your financial institution. #3 Cybersecurity Risk In […]
If you think it’s tricky to keep track of the rules and regulations of your regulatory agency, imagine having to follow the legal, regulatory and operational requirements of foreign countries.
That’s exactly what needs to happen if a vendor is conducting any segment of your business in another country. Country risk is “an exposure to economic, social, and political conditions in a foreign country that could adversely affect a vendor’s ability to meet its service level requirements,” according to the FFIEC’s Appendix C: Foreign-Based Third-Party Service Providers.
Remember when you were in college and had to decide if you’d do the recommended reading for a class? It wasn’t exactly mandatory, but you never knew if that material would show up on a test. You were taking a risk if you chose to ignore it. Financial institutions run the same risk today if […]
With the FFIEC’s November 2015 release of the organization’s IT Technology Examination Handbook, many financial institutions’ board members get a big surprise. In section I.A.1 Board of Directors Oversight, under I.A – IT Governance, it requires FI boards of directors to take a more active role in understanding and managing their financial institution’s IT vendors, […]
In addition to the already existing 2008 Handbook on Business Continuity Planning (BCP), the FFIEC has just issued a 16 page addendum offering up new BCP Guidance. The addendum is aptly titled “Strengthening the Resilience of Outsourced Technology Services”. It starts by emphasizing that outsourced relationships with third-party service providers (TSP’s) are an efficient way […]