Turn-key Assessment Service for Banking Institutions

What is FFIEC Compliance?

FFIEC compliance is conformance to a set of standards for online banking. This is issued by the Federal Financial Institutions Examination Council (FFIEC). The Council is a formal inter-agency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions. The Council also makes recommendations to promote uniformity in the supervision of financial institutions.

FFIEC Cybersecurity

This body recommends performing assessments at least once a year to ensure FFIEC cybersecurity regulations and best practices for financial institutions are in place. Conformance CyberSecurity Enterprise Security’s turn-key FFIEC Assessment Service helps banks and examiners that must adhere to FFIEC information security guidelines to determine their inherent risk profile and level of cybersecurity preparedness.

Our cybersecurity and compliance experts partner with you to efficiently conduct the assessment using the FFIEC Toolkit, industry knowledge, and their technical and compliance expertise.

Our FFIEC assessment is designed for banks of all sizes. The service incorporates concepts and principles contained in the IT Examination Handbook, regulatory guidance, applicable laws and regulations, joint statements, and concepts from well-known industry standards, such as the NIST Cybersecurity Framework.

Inherent Risk Profile and Cybersecurity Maturity Assessment

The FFIEC assessment consists of two parts: an inherent risk profile and a cybersecurity maturity assessment.

The inherent risk profile identifies the amount of risk posed to a bank by the types, volume, and complexity of the bank’s technologies and connections, delivery channels, products and services, organizational characteristics, and external threats—notwithstanding the bank’s risk-mitigating controls.

Cybersecurity maturity is evaluated in five domains:

  1. Cyber Risk Management and Oversight
  2. Threat Intelligence and Collaboration
  3. Cybersecurity Controls
  4. External Dependency Management
  5. Cyber Incident Management and Resilience

The OCC implements the assessment as part of the bank examination process over time to benchmark and assess bank cybersecurity efforts. The results may be reviewed to determine whether the bank’s cybersecurity maturity levels align with the bank’s inherent risk profile.

While the use of the assessment is optional for financial institutions, OCC examiners use it to supplement exam work to gain a more complete understanding of an institution’s inherent risk, risk management practices, and controls related to cybersecurity.

FFIEC Assessment Report

Conformance CyberSecurity delivers a comprehensive assessment report detailing your strengths and weaknesses, as well as a remediation roadmap. This document includes an executive summary to help you communicate the assessment results and necessary action to company decision makers.


Get a Handle on Your Cybersecurity Program

Request a Free Consultation Today