FFIEC, GLBA Safeguards, FS-ISAC, regulatory scrutiny.
2 AI translations · Banking & Financial ServicesUniversal Overlay
You operate a cybersecurity program per FFIEC guidance: security operations center (SOC) monitoring, vulnerability management, penetration testing, incident response planning, threat intelligence, endpoint detection and response (EDR), and identity and access management (IAM). You manage GLBA Safeguards Rule compliance, participate in FS-ISAC (Financial Services Information Sharing and Analysis Center) threat intelligence sharing, and prepare for IT-focused regulatory examinations. For larger institutions, you comply with NYDFS cybersecurity regulation (23 NYCRR 500) and potentially DORA (for EU operations). Cyber insurance is a cost center you manage against your risk profile.
You manage third-party risk per OCC 2023-17 (and interagency guidance): performing risk assessments on vendors, conducting due diligence (financial viability, cybersecurity posture, business continuity, compliance), negotiating contracts with required regulatory provisions, monitoring ongoing performance, and managing concentration risk. For critical activities and significant bank functions, expectations are heightened. Fourth-party (subcontractor) risk is an emerging focus area.