Extraordinary Leadership for North Dakota Banks
menu
menu
Advocacy
Strategic Partners
Education
NDBanks Benefit Trust
Communications
About
Events
Career Network
Sign In
Extraordinary Leadership for North Dakota Banks
About
Events
Career Network
Sign In
Advocacy
Ask Kennedy
Bank Exam Prep Center
Legislative Updates
Legal Publications
Legal Counsel
Legislative Committee
NDBankPAC
Advocacy Resources
Strategic Partners
Endorsed Vendors
Partner Resources
Business Partner Directory
Associate Member Listing
Associate Member Guide
Associate Member Benefits
Associate Member Application
Sponsorship Opportunities
Advertising Opportunities
Education
2023 Tri-State Trust Conference
Conferences
Schools
Peer Groups
Event Registration
IT Certification Programs
Online Training
Web Seminars
Financial Literacy
NDBanks Benefit Trust
NDBBT Board of Directors
Communications
News
COVID-19
NDBA Bulletin
Service Award Application
Advertising Opportunities
Bank Holiday Signs
Advocacy
Strategic Partners
Education
NDBanks Benefit Trust
Communications
Home
»
Communications
»
News
»
Watchdog Report: FDIC Cyber Risk Examination Program Riddled with Flaws
Watchdog Report: FDIC Cyber Risk Examination Program Riddled with Flaws
Posted:
Feb 08 2023
A federal program to assess IT and cyber risks at financial institutions has several significant flaws that could prevent it from working as intended, and as a result, may affect the insurance premiums paid by those institutions, the FDIC Office of Inspector General concluded in a report.
The FDIC’s IT Risk Examination program, or InTREx, was implemented in 2016 to ensure that financial institutions were properly addressing their IT and cyber vulnerabilities. However, an OIG audit of the program found multiple shortcomings. The InTREx program is outdated and does not reflect current federal guidance, the OIG said. The FDIC did not communicate with examiners after updates were made to the program, nor has it employed a supervisory process to review IT workpapers before the completion of an examination to ensure that findings are sufficiently supported. FDIC also does not offer training to reinforce InTREx program procedures, and examination policy and procedures were unclear, leading to examiners filing work papers in an inconsistent and untimely manner.
The ratings InTREx examiners assign ultimately factor into a financial institution’s CAMELS rating, the report said. “Such inaccuracies, in turn, could affect the CAMELS ‘management’ component rating and the overall composite rating assigned to financial institutions. These ratings are used to determine the insurance premiums paid by the financial institutions.”
The OIG issued 19 recommendations for improving InTREx. The FDIC proposed corrective actions for 14 of the recommendations that the OIG found sufficient to address the problems raised; the other five proposed corrective actions were judged insufficient.
To read more, visit:
https://www.fdicoig.gov/sites/default/files/reports/2023-02/AUD-23-001.pdf
