FIN-2016-A005 Cyber-Events and Cyber-Related Crime Reporting

On October 25, 2016, FinCEN released FIN-2016-A005, Advisory to Financial Institutions on Cyber-Events and Cyber-Enabled Crime. It serves as a refresher of the credit union’s SAR filing obligations when encountering cyber-events. A financial institution is required to report a suspicious transaction conducted or attempted by, at, or through the institution that involves or aggregates to $5,000 or more in funds … Read More

FFIEC Cybersecurity Assessment Tool FAQs

The FFIEC released a Frequently Asked Questions Guide related to the Cybersecurity Assessment Tool (CAT). The FFIEC published the Cybersecurity Assessment Tool in June of 2015 as a voluntary tool to help financial institutions’ management identify risk and determine their cybersecurity preparedness. The CAT provides a repeatable and measurable process that financial institutions may use to measure their cybersecurity preparedness … Read More

DCU Bulletin B-16-14 Electronic Payment Systems Exams

The Division of Credit Union (Division) announced that it is enhancing its safety and soundness examinations to include Electronic Payment System (EPS) reviews. EPS exams will be performed by Division examiners beginning in 2017. The Division will perform one or two pilot test payment system exams at credit unions in the fourth quarter of 2016 before implementing its new EPS … Read More

FFIEC Revised Information Security Booklet

The Federal Financial Institutions Examination Council (FFIEC) has revised the “Information Security” booklet of the FFIEC Information Technology Examination Handbook (IT Handbook). The “Information Security” booklet is one of 11 that make up the IT Handbook. The revised “Information Security” booklet provides guidance to examiners and addresses factors necessary to assess the level of security risks to a financial institution’s information systems. … Read More

Going Digital: Strategies for Providing Digital Services

NCUA’s Office of Small Credit Union Initiatives issued “Going Digital:  Strategies for Providing Digital Services,” which provides step-by-step instructions on creating a strategic plan for analyzing members’ needs and tailoring digital products to meet those needs.  The guidebook also details potential advantages and disadvantages to members and credit unions. While most of our credit unions provide a wide array of … Read More

The FDIC’s Story on Data Breach Response

The FDIC has been plagued with a number of data breaches recently, and a congressional report details the story and facts, along with FDIC’s cooperation (or lack of), relating to two breaches caused by separating employees removing confidential information.  The report is an interesting read, and provides a lot of how-not-to report and respond. The report details one story and … Read More

FFIEC Issues Statement on Safeguarding the Cybersecurity of Interbank Messaging and Payment Networks

The Federal Financial Institutions Examination Council (FFIEC) members today advised financial institutions, consistent with existing regulatory expectations, to actively manage the risks associated with interbank messaging and wholesale payment networks. In a statement, the FFIEC also stressed that financial institutions should review risk-management practices and controls related to information technology systems and wholesale payment networks, including risk assessment; authentication, authorization … Read More

PCI Data Security Standard Ver. 3.2 Released

The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect account data. PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and … Read More

Website Accessibility & ADA

The Department of Justice released a Supplemental Advance Notice of Proposed Rulemaking relating to website accessibility for state and local government entities – public entities. The proposal does not affect credit unions, but may be a harbinger of things to come. The DOJ previously announced that they are reviewing requirements for websites, and plan on staggering proposed requirements. The first … Read More

Cybersecurity Information Sharing Act of 2015

On December 18, 2015, Congress passed and President Obama signed into law the Cybersecurity Information Sharing Act of 2015, which is designed to increase cybersecurity information sharing between the private sector and the Federal Government. The Act provides various protections to non-federal entities that share cyber threat indicators or defensive measures with the Federal Government. DHS’s Automated Indicator Sharing (AIS) … Read More