Data privacy continues to be a growing concern for banks and credit unions, especially as more customers use their mobile devices to conduct financial transactions. Now is a good time to review your internet security plan to ensure that your bank or credit union website meets federal regulations and compliance.
In this two-part series examining internet security for financial institution websites, we’ll review government standards, rules, and regulations for safeguarding data privacy on your website. This week, we delve into what regulatory bodies say about the topic.
- The Federal Depository Insurance Corporation (FDIC) and the Federal Reserve
- The National Credit Union Administration (NCUA)
- Final Words
The Federal Depository Insurance Corporation (FDIC) and the Federal Reserve
Congress created the Federal Depository Insurance Corporation (FDIC) as an independent agency to regulate banks for the safety of their customers. Part 326 of the FDIC’s Rules and Regulations outlines security program guidelines that banks must follow to protect customer information. Although the FDIC doesn’t address cybersecurity specifically in Part 326, it defines the role of the security officer. It also provides a framework for securing data to maintain compliance under the Bank Secrecy Act (BSA).
With mounting cyber threats, the FDIC is moving toward addressing internet security. This January, the FDIC — along with the Treasury Department’s Office of the Comptroller of the Currency and the Board of Governors of the Federal Reserve System — proposed a rule requiring banks to notify federal regulators of cybersecurity incidents within 36 hours of occurring.
As the nation’s central bank, the Federal Reserve System also works closely with the European Central Bank and the UK Prudential Regulatory to develop global standards to ensure bank operations remain resilient to cyberattacks.
The National Credit Union Administration (NCUA)
The National Credit Union Administration (NCUA) is the regulatory agency of credit unions. Like the FDIC, the NCUA requires credit unions to have a security program in place and be in compliance with the BSA. This is covered in Part 748 of the NCUA’s Electronic Code of Federal Regulations. Two appendices specifically discuss securing member information and data privacy.
The NCUA tackles cybersecurity issues in its IT Security Compliance Guide, which helps credit unions meet the security requirements of Part 748. The guide is a resource to help credit unions create information security and risk assessment programs. Credit unions can find additional cybersecurity resources on the NCUA website.
Final Words
The FDIC and the NCUA recognize the dangers of exposing customer information and data to cybercriminals. Both agencies have partnered with the Federal Reserve System, Office of the Comptroller of the Currency, Consumer Financial Protection Bureau, and State Liaison Committee to form the Federal Financial Institutions Examination Council (FFIEC). You can use the FFIEC’s Cybersecurity Assessment Tool to assess and resolve security risks on your bank or credit union website.
In next week’s blog, we’ll look at federal legislation requirements for internet security. Until then, learn more about the safeguards BankSITE® Services implements to keep our customers’ websites out of reach from cyberthieves.