In a letter to the Federal Financial Institutions Examination Council previously this month, ABA and the Bank Policy Institute used feedback on the FFIEC Cybersecurity Assessment Tool, a voluntary tool established in 2015 to assist banks evaluate their cyber danger and readiness. Emphasizing that the tool ought to continue to be a voluntary resource, they got in touch with the council to utilize other cybersecurity tools that have actually been developed given that the release of the feline, consisting of the Cyber Risk Institute Profile, which was developed with aid of ABA and BPI and is continuously upgraded.
“[L]everaging the CRI Profile would provide greater opportunity for financial institutions to minimize the burden to responding to numerous bespoke exams, as well as provide regulators with greater visibility into systemic risk by using a widely adopted cyber control assessment and assurance that examiners and financial institutions are speaking the same language,” the groups composed. “By basing examinations on existing and widely-recognized standards, government agencies would be better positioned to hire examiners because a larger pool of potential candidates are familiar with the baseline examination expectations.”
They even more suggested that FFIEC motivate inspector training on other international requirements and structures for cyber danger evaluation, consisting of the National Institute for Standards and Technology’s Cybersecurity Framework, to which the CRI Profile is lined up.