Guidance provided on ‘cyber insurance,’ but exam council calls ‘effective controls’ still the best defense

April 10, 2018 CFPB, FDIC, Federal financial regulation, NCUA, OCC, Other, The Fed 0

Guidance for financial institutions considering special insurance to offset financial losses from data breaches and other cyber incidents is offered in a joint statement released Tuesday by federal financial institution regulators.

However, the regulators noted that they do not now require financial institutions to maintain cyber insurance. “This statement does not contain any new regulatory expectations,” according to the statement.

In the statement issued by the Federal Financial Institutions Examination Council (FFIEC, which includes all five federal financial institutions regulators and representatives of state financial regulators), the council conceded that cyber insurance could offset financial losses from data breaches resulting in loss of confidential information (among other things) that is not covered by more traditional protection, and may be considered in financial institutions’ overall risk management.

“The evolving cyber insurance market and the shifting cyber threat landscape may, however, prompt financial institutions to consider whether cyber insurance would be an effective part of their overall risk management programs,” the exam council said in a release.

“Financial institution management should assess the scope of coverage of current insurance and consider how cyber insurance may fit into the institution’s overall risk management framework,” the release states.

The FFIEC is an umbrella group made up of the five federal financial institution regulators (the Federal Reserve, Consumer Financial Protection Bureau (CFPB), Federal Deposit Insurance Corp. (FDIC), National Credit Union Administration (NCUA), and the Office of the Comptroller of the Currency [OCC]) and the council’s State Liaison Committee (SLC, made up of representatives of state financial regulators).

In their joint statement, the regulators made clear that insurance is only one component of a risk management strategy. “An effective system of controls remains the primary defense against cyber threats,” according to the statement.

The exam council lists a number of considerations and actions to take for financial institutions weighing the insurance coverage, including:

Involving multiple stakeholders in the cyber insurance decision;
Performing proper due diligence to understand available cyber insurance coverage;
Evaluating cyber insurance in the annual insurance review and budgeting process.

“Financial institutions ultimately remain responsible for maintaining a control environment consistent with the guidance outlined in the FFIEC IT Examination Handbook,” the statement concludes.

Joint Statement on Cyber Insurance and Its Potential Role in Risk Management Programs (PDF)

Still another assessed fine, prohibited, after involvement in troubled loan program at Michigan bank

April 18, 2024 0

Another individual associated with a troubled lending program at a Southfield, Mich., bank has been ordered to pay a $400,000 civil money penalty (CMP), the national bank regulator said Thursday. The Office of the Comptroller of the Currency (OCC) said [...]
Credit union regulator seeks comments on how to improve, update records retention rules

April 18, 2024 0

Finding methods for improving and updating the records preservation program regulations and accompanying guidelines of the federal credit union regulator is the goal of an advance notice of proposed rulemaking (ANPR) issued Thursday by the agency’s board. The National Credit [...]
Ombudsman’s report notes banker frustration over lack of communication with FDIC

April 18, 2024 0

Challenges faced by the federal bank deposit insurance agency in its supervisory processes and the feedback received from regional ombudsmen and bankers are outlined in the agency ombudsman’s annual report, issued Thursday. The 2023 report from the Federal Deposit Insurance [...]
OCC publishes semiannual interest rate risk report for midsize, community banks

April 18, 2024 0

Interest rate risk (IRR) data gathered during examinations of midsize and community banks and federal savings associations (FSA) by the national bank regulator was published Thursday by the agency. The report, the Office of the Comptroller of the Currency’s (OCC) [...]
False claims about student loan costs, graduate hiring rates lead to action against for-profit school, CEO

April 17, 2024 0

Deceiving students about the cost of loans and making false claims about graduates’ hiring rates have led to a consent order and a civil money penalty (CMP) against a San Francisco-based, for-profit vocational school and its CEO, the federal consumer [...]
‘Cautiously optimistic’ economic outlook noted in latest Beige report

April 17, 2024 0

Mixed results on consumer spending, “roughly flat” bank lending and some increases in residential construction and tourism were noted by the Federal Reserve in its April Beige Book report on economic conditions. The report is based on information collected on [...]

Related