Cyber Security for the Bank Director: What You Need to Know

Information security is a familiar topic to the board of directors of every banking institution. Years ago, the Federal Financial Institutions Examinations Counsel (FFIEC) published guidance concerning securing banks against losses from cyber intrusions. The guidance is very explicit. The board is responsible for overseeing the development, implementation and maintenance of the institution’s information security program. The board should provide guidance and review management’s actions, as well as approve written information security policies and programs at least annually. The board also should review management’s annual report on its compliance with the privacy provisions of the Gramm-Leach-Bliley Act. Other rules apply as well and if your bank is a public company, the Securities and Exchange Commission clarified that information security is a risk type that must be considered when public companies disclose risks to investors.

With all of the press about cyber attacks, as an outside director, it’s hard not to feel overwhelmed and a little powerless in the face of technology and regulations. However, as a director, you have obligations to oversee regulatory compliance, to help manage risk and liability, and you are duty bound to educate yourself in this area. The goal of this article is to provide information that will help you to fulfill your obligations.

To keep reading, download the white paper.