The Federal Financial Institutions Examination Council (FFIEC) is an interagency body comprising five banking regulators responsible for US federal government examinations of US financial institutions. The FFIEC creates uniform standards and principles and develops standardized reporting systems.
FFIEC applies primarily to federally supervised financial institutions. However, related institutions such as a holding company or a nonfinancial subsidiary must also follow requirements.
The FFIEC IT Handbook Infobase, which covers 11 topics, is designed to help institutions align themselves with the FFIEC guidelines pertaining to their cybersecurity.
Meeting FFIEC compliance requires regular comprehensive assessments to identify potential security weaknesses or threats. The FFIEC’s Cybersecurity Assessment Tool can be used as a framework for internal assessments and gives regulators a view of the organization’s cybersecurity practices. Following an FFIEC audit, appropriate goals and solutions must be put in place.
Failing to comply with FFIEC guidelines can result in financial penalties set by federal agencies, amounting to $2M or even more, if banking regulations have been contravened.
CyGov delivers streamlined, automated data collection and analysis, prioritized remediation guidance and real-time customized scoring to meet the FFIEC requirements. CyGov has mapped FFIEC back to its control inventory allowing to share data across multiple frameworks through the platform, which creates time savings, money savings and more accurate data. Through the CyGov platform organizations can gain full visibility to their cyber risk levels and compliance.