Newsroom

NAFCU Regulatory Compliance Counsel Stephanie Lyon highlights recent changes to the Federal Financial Institutions Examination Council's Information Technology Examination Handbook in a Compliance Blog post today.

Lyon also offers an overview of terms that have been eliminated from, and added to, the handbook's glossary. The FFIEC updated the handbook in September, revising the Information Security booklet for the first time since 2006.

"Examiners are expected to use this revised handbook to assess the level of security risks to a credit union's information systems and the performance of third-party service providers," Lyon wrote. "The revisions implemented in this handbook are already incorporated into the FFIEC'S Cybersecurity Assessment tool. If you haven't already, make sure to read the revised and semi-condensed Information Security booklet and prepare yourself to talk the same language as your examiner during your next examination."

The FFIEC last updated the handbook in May, when it added new guidance on mobile financial services. A NAFCU webcast in February detailed earlier changes to the handbook, with a focus on the cybersecurity guidance.

In related news, NAFCU's user-friendly, interactive workbook for credit unions using the FFIEC's Cybersecurity Assessment Tool continues to be one of the most popular downloads on the association's website.

NAFCU continues to urge credit unions to check out the workbook, which is a member-only resource.