"The New FFIEC Cybersecurity Assessment Tool for Financial Institutions: Understanding its Use and Legal Implications"
Below is an excerpt:
The Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tool for banks and financial institutions to evaluate their cybersecurity risk profile and preparedness, released in June 2015, is more than just another handy IT tool. It has far-reaching legal implications for financial institutions in three broad areas: examinations, board and senior management governance, and third-party vendor relationships. This article explores the tool’s legal and regulatory basis, its components, and its various legal implications.