Home      Login


The New FFIEC Cybersecurity Assessment Tool for Financial Institutions: Understanding its Use and Legal Implications  


Author:  Stanley F.  Orszula.; Rachel H.  Bryers.


Source: Volume 29, Number 01, September/October 2015 , pp.13-22(10)




Journal of Taxation and Regulation of Financial Institutions

< previous article |next article > |return to table of contents

Abstract: 

The Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tool for banks and financial institutions to evaluate their cybersecurity risk profile and preparedness, released in June 2015, is more than just another handy IT tool. It has far-reaching legal implications for financial institutions in three broad areas: examinations, board and senior management governance, and third-party vendor relationships. This article explores the tool’s legal and regulatory basis, its components, and its various legal implications.

Keywords: Cybersecurity Assessment Tool, inherent risk profile, cybersecurity maturity, third-party vendor relationships, NIST Cybersecurity Framework, board oversight

Affiliations:  1: Quarles & Brady LLP; 2: Quarles & Brady LLP.

Subscribers click here to open full text in PDF.
Non-subscribers click here to purchase this article. $20

< previous article |next article > |return to table of contents