OIG says FDIC’s cyber risk examinations need work

WASHINGTON — On Wednesday, the Office of Inspector General for the Federal Deposit Insurance Corporation issued a report detailing shortcomings in the FDIC’s cybersecurity risk mitigation program.

The Inspector General identified a number of issues with FDIC’s program for Internet Technology risk examination at member banks — also known as InTREx — urging the agency “to take actions to ensure that its examiners effectively assess and address IT and cyber risks during IT examinations.”

Wednesday’s report identified weaknesses both in how the agency prepares its examination staff and in the agency’s risk examination procedure itself. The OIG found FDIC’s InTREx program to be outdated, saying it fell short of current Federal guidance in three of its four IT examination modules. The report criticized the regulatory agency for not communicating with OIG when updates were made to its examination program, something required by the agency’s watchdog.

The Federal Deposit Insurance Corp.’s Office of the Inspector General found that the agency had some shortcomings in its implementation of a cybersecurity risk examination program it had developed for banks under its jurisdiction.

Bloomberg News

In addition to updating its program, OIG criticized FDIC for failing to ensure its employees follow written procedures. The OIG report said the banking regulator did not closely review IT workpapers to ensure precise results, and that it needs to better train its employees on adherence to IT risk examination procedures. 

“FDIC examiners did not complete InTREx examination procedures and decision factors required to support examination findings and URSIT ratings” the OIG wrote.

The office of the Inspector General also criticized the agency’s examination procedures themselves, saying they lacked clarity, and led examiners to submit “inconsistent and untimely” IT examinations. 

The report said that FDIC needs to provide more guidance to examination staff around reviewing threat information so they are up-to-date on relevant emerging cyber threats. The report also noted that the regulator is not utilizing all available tools to improve their InTREx program, and fails to construct adequate performance metrics to measure its progress in examining banks’ IT risks.

The OIG’s office provided 19 recommendations to the FDIC, including that they generally update their IT examination program, inform examiners of the need to adhere to written procedures and deadlines, and ensure that examiners stay up to date on emerging cyber threats. They also recommended that the agency review and correct those IT examinations identified as deficient, and use them as a teaching tool to ensure examiners are adhering to written rules.

The report also recommends that the FDIC review problem IT examinations and take corrective actions as necessary, and provide employees with new InTREx training to promote consistent and compliant risk assessments. OIG suggested FDIC look into using a tool to conduct analysis of unstructured data from examinations, AlphaRex — which FDIC developed in 2017 — to improve examination quality. Finally, the report recommended the FDIC create a self-evaluating rubric for measuring the effectiveness of its InTREx assessments.

After concurring with 16 of the OIG’s 19 recommendations and partially concurring with 3, the FDIC proposed taking corrective actions by December 31, 2023 — actions that the OIG said satisfied 14 infractions. However, OIG says the FDIC’s proposed corrective actions for the remaining 5 issues were unsatisfactory, meaning the two agencies must continue working at resolving these 5 deficiencies in the future. 

Those unresolved issues include the OIG’s request that FDIC establish set examination goals, and a rubric to measure InTREx’s effectiveness towards them, enhanced data collection, corrective actions to fix past inadequacies, and internal control measures to compel examiners’ adherence to stated InTREx policy.

For more updates check below links and stay updated with News AKMI.
Life and Style || Lifetime Fitness || Automotive News || Tech News || Giant Bikes || Cool Cars || Food and Drinks


Show More

Related Articles

Back to top button

usa news wall today prime news newso time news post wall