The Federal Financial Institutions Examination Council has released updated cybersecurity guidance for examiners at financial institutions.
In the revised "information security" section of its handbook for examiners, the FFIEC details how banks and credit unions are expected to manage cybersecurity risk .
Institutions are expected to manage their information technology risk at several levels, the FFIEC said in a Friday statement. Those range from "risk identification" to "risk measurement" to "risk mitigation" and "risk monitoring and reporting."
Banks and credit unions are also encouraged to develop effective responses to both threats and incidents.
The guidance will "help examiners measure the adequacy of an institution's culture, governance, information security program, security operations, and assurance processes," the FFIEC said.
The FFIEC is comprised of the heads of the Federal Reserve, Federal Deposit Insurance Corp., Consumer Financial Protection Bureau, the Comptroller of the Currency, the National Credit Union Administration, and helps coordinate bank examinations.
In June, the inter-agency organization urged FIs to "actively manage the risks associated with interbank messaging and wholesale payment networks," in light of recent SWIFT breaches that led to the cybertheft of $81 million from Bangladesh's central bank.
