2. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
2
JOIN. ENGAGE. LEAD.
CYBER SECURITY RISK
• Both preparing for and
responding to cyber attacks
increase the cost of doing
business.
• Attacks are increasingly
more sophisticated.
3. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
3
JOIN. ENGAGE. LEAD.
CYBER SECURITY RISK (CONT.)
Risks come directly through
banking operations and
through third-party providers.
Impacts individual bank and
entire payments system.
Attacks come from
criminals, politically hostile
sources, and insiders.
Data risks are difficult to
control (legacy systems and
manual points in any
process compound the
difficulty of threats).
Cyber Threats
Smaller institutions at most risk.
8. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
8
JOIN. ENGAGE. LEAD.
COMPLIANCE RESPONSIBILITY
Even if your vendor is
responsible for day-to-day
management of certain products
or services, the responsibility
for all compliance
requirements resides with
your institution.
9. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
9
JOIN. ENGAGE. LEAD.
MONITOR YOUR VENDORS
Monitor your vendors’ performances to
help ensure that your company meets
its long-term strategic goals.
10. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
10
JOIN. ENGAGE. LEAD.
MULTIPLE FACETS
Be aware that vendor risk management is part of
many operational risk activities, including:
Scenario analysis.
Risk control self-assessments (RCSAs).
Key risk indicators (KRIs).
Information security.
Business continuity planning.
11. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
11
JOIN. ENGAGE. LEAD.
Regulators have consistently
advised banks to oversee vendors
just as they would any division of
the bank and will hold the bank
accountable for any vendor-
related risk management lapses.
ACCOUNTABILITY
17. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
17
JOIN. ENGAGE. LEAD.
IT RESOURCES
FFIEC IT Examination HandBook InfoBase
Introduction to the FFIEC’s Cybersecurity
Assessment
Framework for Improving Critical Infrastructure
18. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
18
JOIN. ENGAGE. LEAD.
Learn more about cyber security through RMA’s
premier publication, The RMA Journal:
http://ebiz.rmahq.org/eBusPPRO/CustomerProfile/
RMAJournalArticleSearch/tabid/393/Default.aspx
Subscribe to The RMA Journal today!
LEARN MORE
19. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
19
JOIN. ENGAGE. LEAD.
SHARE THIS PRESENTATION
Visit http://www.rmahq.org for information on risk management.
Visit our blog at http://rmablog.rmahq.org/
RMA is a member-driven professional association whose sole
purpose is to advance sound risk principles in the financial services
industry.
RMA helps its members use sound risk principles to improve
institutional performance and financial stability, and enhance the
risk competency of individuals through information, education, peer
sharing, and networking.
Become a member today.