skip to main content

Texas State-Chartered Banks Face Increased Scrutiny On Cybersecurity Practices In 2016 Bank Exams; Here Are Some Suggestions To Help You Prepare

Texas and federal bank examiners intend to focus more closely on banks' cybersecurity practices in 2016. The Texas Department of Banking's September 15, 2015 Industry Notice 2015-8 announced it was "requiring that all banks measure their inherent cyber risks and cybersecurity maturity (preparedness) by December 31, 2015" and "[o]ur examination staff will begin reviewing completed cybersecurity assessments starting January 1, 2016."[1]  The Texas DOB reiterated its cybersecurity concern in the October 2015 Texas Bank Report, identifying cybersecurity as one of the "issue[s] that are keeping the Department on alert."[2]

Federal examiners, as well, intend to focus more closely on banks' cybersecurity practices in 2016. American Banker reports that "[b]ank regulators are planning to make cybersecurity a higher priority during bank exams as early as the second quarter of next year," with the FDIC "planning to rework its community bank program to break cybersecurity out as its own separate issue in examination comments."[3]

In light of bank examiners' increased scrutiny on cybersecurity practices, here are some useful resources for bankers to assess and improve their cybersecurity practices:

      • The Federal Financial Institutions Examination Council ("FFIEC") assessment tool: The FFIEC assessment provides a framework for analyzing a financial institute's cybersecurity practices across multiple "domains," such as "Risk Management and Oversight," "Cybersecuity Controls" and "Incident Management and Resilience." The FFIEC assessment includes specific goals within each domain.  Importantly, the Texas Department of Banking recommends banks use the FFIEC assessment tool because "it is the only methodology specifically designed for the banking industry, particularly community banks."[4] You can access the FFIEC tool at: https://www.ffiec.gov/cyberassessmenttool.htm#tool.
      • The FDIC's cybersecurity educational material and videos: The FDIC provides several useful cybersecurity resources on its website, including videos for bank directors and senior executives summarizing key cybersecurity concepts[5] and a series of "cyber challenges" that pose hypothetical cybersecurity breaches and ask bankers how they would respond.[6]
      • The Conference of State Bank Supervisors' cybersecurity resource guide: The Conference has published a "non-technical, easy-to-read resource guide on cybersecurity" for bank CEOs and senior executives.[7]

All of the above resources, but especially the FFIEC assessment tool, can help your bank prepare for an increased focus on its cybersecurity practices in 2016.

[1] http://www.dob.texas.gov/public/uploads/files/news/Industrynotices/in2015-08.pdf

[2]http://www.dob.texas.gov/public/uploads/files/Applications-Forms-Publications/Publications/Bank-rpt/0615qbr.pdf

[3]http://www.americanbanker.com/news/law-regulation/cybersecurity-to-gain-new-prominence-in-bank-exams-1077811-1.html

[4] http://www.dob.texas.gov/public/uploads/files/news/Industrynotices/in2015-08.pdf

[5] https://www.fdic.gov/regulations/resources/director/technical/cybersecurity.html

[6] https://www.fdic.gov/regulations/resources/director/technical/cyber/cyber.html

[7] https://www.csbs.org/cybersecurity/Pages/default.aspx