Compliance Blog

Written by Shari R. Pogach, Regulatory Paralegal

The Federal Financial Institutions Examination Council (FFIEC) announced its cybersecurity priorities for 2015.  Work is under way in the development of seven areas resulting from the FFIEC’s pilot assessment in 2014 of cybersecurity readiness at more than 500 financial institutions. 

Work is underway on the following:

• Cybersecurity Self-Assessment Tool – a self-assessment tool planned for 2015 to assist institutions in evaluating inherent cybersecurity risk and risk management capabilities.
• Incident Analysis – enhanced processes for gathering, analyzing and sharing information with FFIEC members during cyber incidents.
• Crisis Management – aligned, updated and tested emergency protocols to respond to system-wide cyber incidents in coordination with public-private partnerships.
• Training - training programs on evolving cyber threats and vulnerabilities.
• Policy Development – an updated/supplemented FFIEC Information Technology Examination Handbook to reflect rapidly evolving cyber threats and vulnerabilities with a focus on risk management and oversight, threat intelligence and collaboration, cybersecurity controls, external dependency management, and incident management and resilience.
• Technology Service Provider Strategy – expanded focus on technology service providers’ ability to respond to growing cyber threats and vulnerabilities.
• Collaboration with Law Enforcement and Intelligence Agencies – building on existing relationships with law enforcement and intelligence agencies to share information on the growing cybersecurity threats and response techniques. 

The FFIEC will also continue to communicate the importance of cybersecurity awareness and best practices among financial industry participants and regulators. In addition the FFIEC has a number of resources to help financial institutions improve their cybersecurity, which are available here.

*** 

“National Credit Union” Phishing Scam. The National Credit Union Administration (NCUA) has issued a warning to consumers with a statement that it has received reports of an online phishing scam using a website with a logo and a design similar to the agency’s own trying to convince unwary customers to provide information or send money. 

Apparently originating in Australia, consumers have received emails from the National Credit Union website attempting to persuade individuals to provide personal information, such as Social Security numbers, account numbers and login information, or transfer large amounts of money. The site claims to offer services in the U.S., Europe and the commonwealth of Independent States.  

Neither this website nor the emails sent from it are in any way related to NCUA, as the agency would not request personal or financial information in this manner. Consumers receiving such emails are advised to call NCUA’s Fraud Hotline toll-free at 800-827-9650 or 703-518-6550 in the Washington, DC, area. Consumers should also contact the Internet Crime Complaint Center.   NCUA also offers information about avoiding frauds and scams on its MyCreditUnion.gov website.  

***

NAFCU Webcast.  5 Things Your Credit Union Must Know About Wire Fraud  on Wednesday, April 8, 2:00-3:30 pm ET.  Credit unions are losing hundreds of thousands of dollars due to fraudulent wire activity—but the risk can be minimized. Learn how to implement best practices while balancing the risks against quality member service. Webcast takeaways include how to ensure the credit union’s fidelity bond covers any wire fraud loss, an understanding of the difference between single- and multi-factor authentication and more. Register by April 1 to save $100!