Under the pilot program, which will include banks that were already scheduled for exams between June 16 and July 11, federal and state regulators will perform baseline assessments of the banks’ cyber risks and preparedness, including exposure to vendors. Regulators have advised bankers that findings in the pilot will not result in a ratings change. Regulatory agencies also will examine their own supervision practices and guidance to ensure appropriate response.
The council said:
FFIEC members will continue to assess the risks of cyber attacks to financial institutions and use the information gathered through a number of sources to determine the appropriate next steps and identify potential gaps in financial supervision.
View FFIEC’s cybersecurity resources.