Member News, News

Pepper Client Alert: FFIEC Increasingly Focuses on Cybersecurity Awareness

The Federal Financial Institutions Examination Council (FFIEC), under the leadership of its Chairman Thomas J. Curry, is increasingly focused on cybersecurity risks to financial institutions. At the end of June 2014, the FFIEC created a cybersecurity awareness Web page that assembles the key information about cybersecurity risks to financial institutions. Please note that of the six FFIEC members, the Consumer Financial Protection Bureau is now included as a voting member of the FFIEC, along with the other federal prudential regulators. FFIEC has important interagency powers with respect to prescribing uniform principles, standards, and report forms for the federal examination of financial institutions. Additionally, FFIEC conducts schools for examiners employed by the five federal agencies represented on FFIEC and makes those schools available to state agencies that supervise financial institutions. FFIEC also has additional responsibilities to facilitate public access to data that depository institutions must disclose under the Home Mortgage Disclosure Act of 1975 (HMDA) and the aggregation of annual HMDA data.

In addition to Chairman Thomas J. Curry, Comptroller of the Currency, Office of the Comptroller of the Currency, the other members of FFIEC are:

  • Daniel K. Tarullo, Governor of the Federal Reserve System
  • Martin J. Gruenberg, Chairman of the Federal Deposit Insurance Corporation
  • Richard Cordray, Director of the Consumer Financial Protection Bureau
  • Debbie Matz, Chairman of the National Credit Union Administration, and
  • David J. Cotney, Chairman of the State Liaison Committee (SLC).

The SLC is tasked with encouraging uniform examination principles and standards by the state and federal supervisory authorities. The committee is composed of five representatives of state supervisory agencies. The SLC’s Chairman Cotney, who is the Commissioner of Banks of the Commonwealth of Massachusetts Division of Banks, was reappointed to the SLC and renamed as Chairman of the SLC in May 2014, after having served on the SLC since October 2010. In addition to Cotney, the other members of the SLC currently include:

  • Thomas Candon, Deputy Commissioner of Banking and Securities of the Vermont Department of Financial Regulation
  • Karen K. Lawson, Director of the Office of Banking for the Michigan Department of Insurance and Financial Services
  • Lauren Kingry, Superintendent of the Arizona Department of Financial Institutions, and
  • Michael Mach, Division of Banking Administrator for the Wisconsin Department of Financial Institutions.

Pepper Points: A consistent theme and ongoing point of emphasis of the FFIEC under Chairman Curry is to prepare for risks associated with cybersecurity matters. FFIEC is looking to raise awareness about the pervasiveness of cyberthreats and to identify sound executive leadership (board and senior management) approaches to manage such risks. In our view, FFIEC will continue to focus on identifying, measuring, mitigating, and monitoring risks in connection with cybersecurity issues as well as other emerging issues of supervisory concern. Financial institution senior management and board members need to develop a review of the institution’s responsiveness to potential cybersecurity threats, after consultation with outside IT and legal professionals.A Publication of Pepper Hamilton LLP – a Founding member of the EACCNY | Written by:  Timothy R. McTaggart and Yuliya Benina