Newsroom

June 28, 2016

Fed's Tarullo notes benefits of consistent cyber-exam approaches

Federal Reserve Gov. Daniel Tarullo discussed the benefits of consistent cybersecurity examination approaches by regulators and touted the collaborative efforts in developing the Federal Financial Institutions Examination Council's assessment tool in a response letter to Sen. Dean Heller, R-Nev.

"It is clear that the interests of the financial services sector are best served by appropriate regulatory and supervisory coordination," Tarullo wrote last week, responding to a March letter from Heller, a member of the Senate Banking Committee, asking for better coordination regarding regulators' cybersecurity exams at financial institutions.

In addition to the FFIEC cyber assessment tool, Tarullo, chairman of the FFIEC, said the Fed endeavors to "align regulatory risk-based approaches to assess cybersecurity and resilience in regulated firms."

"Informed by their regulatory and supervisory process," he wrote, "individual regulators could leverage the risk-based approach to address any unique statutory and regulatory requirements as well as any distinct cybersecurity risks presented by the specific segments of the financial sector they oversee."

Heller's initial letter was also sent to Treasury Secretary Jack Lew regarding the cyber-exam coordination efforts of the Financial Stability Oversight Council.

In January, NAFCU wrote a letter to FFIEC urging the regulators to keep the cybersecurity assessment tool voluntary for credit unions of all asset sizes, allowing them to individually measure and assess their cybersecurity maturity. NCUA is a member of both the FFIEC and FSOC.