The FDIC could improve the effectiveness of its processes to ensure that financial institutions receive actionable and relevant information about threats and vulnerabilities resulting from cyberattacks, financial crimes and natural disasters, the agency’s Office of Inspector General said in a new report released today.
The report is a follow-up to a 2022 review that concluded the FDIC had not established effective processes to analyze and disseminate actionable threat information to the financial institutions it supervises. Also, the American Bankers Association last year worked with the FDIC OIG to conduct a survey of interested ABA members on the value and effectiveness of the agency’s program for sharing threat information.
In the new report, which is partially redacted, the OIG still found the agency lacking in its capacity to share information about threats, both cyber and non-cyber related. The office made 10 recommendations to improve the FDIC’s processes, and the agency pledged to complete all corrective actions by March 31, 2024. They include improving controls over the recording of computer security incidents reported by banks and service providers, establishing procedures for sharing non-cyber-related threat information, and developing performance measures for the agency’s external threat sharing activities.