ABA, BPI desire FFIEC to welcome industry-developed Cyber Profile

In a letter to the Federal Financial Institutions Examination Council previously this month, ABA and the Bank Policy Institute used feedback on the FFIEC Cybersecurity Assessment Tool, a voluntary tool established in 2015 to assist banks evaluate their cyber danger and readiness. Emphasizing that the tool ought to continue to be a voluntary resource, they got in touch with the council to utilize other cybersecurity tools that have actually been developed given that the release of the feline, consisting of the Cyber Risk Institute Profile, which was developed with aid of ABA and BPI and is continuously upgraded.

“[L]everaging the CRI Profile would provide greater opportunity for financial institutions to minimize the burden to responding to numerous bespoke exams, as well as provide regulators with greater visibility into systemic risk by using a widely adopted cyber control assessment and assurance that examiners and financial institutions are speaking the same language,” the groups composed. “By basing examinations on existing and widely-recognized standards, government agencies would be better positioned to hire examiners because a larger pool of potential candidates are familiar with the baseline examination expectations.”

They even more suggested that FFIEC motivate inspector training on other international requirements and structures for cyber danger evaluation, consisting of the National Institute for Standards and Technology’s Cybersecurity Framework, to which the CRI Profile is lined up.


A news media journalist always on the go, I've been published in major publications including VICE, The Atlantic, and TIME.

Related Articles

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button