FFIEC Encourages Standardized Approach to Assessing Cybersecurity Preparedness

A standardized approach improves progress tracking and information sharing.

9/10/2019 

Picture of padlock with cybersecurity text

The Federal Financial Institutions Examination Council (FFIEC) emphasized the benefits of using a standardized approach to assessing cybersecurity preparedness. 

The FFIEC notes that firms adopting a standardized approach are better able to track their progress over time, share information, and best practices with other financial institutions and regulators. 

Institutions may choose from a variety of standardized tools aligned with industry standards and best practices to assess their cybersecurity preparedness. These tools include the FFIEC Cybersecurity Assessment Tool, the National Institute of Standards and Technology Cybersecurity Framework, the Financial Services Sector Coordinating Council Cybersecurity Profile, and the Center for Internet Security Critical Security Controls. 

References 

Question of the Week 

Q. May the credit union accept letters testamentary from an out-of-state personal representative?

A. In Washington State, RCW 30A.22.200 allows for payments to foreign personal representatives and release of financial institutions relying on the documents provided. 

The requirements are: 

  1. At least sixty days have elapsed since the date of the deceased depositor’s death; and
  2. Upon receipt of the following:
    1. Proof of death of the deceased depositor or beneficiary;
    2. Proof of the appointment and continuing authority of the personal representative requesting payment; 
    3. The personal representative’s, or its agent’s, affidavit to the effect that to the best of his or her knowledge no personal representative has been or will be appointed under the laws of this state; and
    4. Receipt of either an estate tax release from the Department of Revenue or the personal representative’s, or its agent’s, affidavit that the estate is not subject to Washington estate tax. However, if a personal representative of the deceased depositor’s or beneficiary’s estate is appointed and qualified as such under the laws of this state, and delivers proof of the appointment and qualification to the office or branch of the financial institution in which the deposit is maintained prior to the transmissions of the sums on deposit to the foreign personal representative, then the funds shall be paid to the personal representative of the deceased depositor’s or beneficiary’s estate who has been appointed and qualified in this state. 

In Oregon, ORS 116.263 allows for payment to foreign personal representatives after three months for nonresident decedent. The personal representative will need to provide an affidavit stating: 

  1. The date of the death of the nonresident decedent;
  2. That no local administration or application therefor is pending in this state; and
  3. That the foreign personal representative is entitled to payment or delivery. 

In Idaho, IDS 15-4-201 provides for payment to a foreign personal representative after 60 days for a nonresident decedent. The personal representative will need to have proof of appointment and an affidavit stating:

  1. The date of the death of the nonresident decedent;
  2. That no local administration, or application or petition therefor, is pending in Idaho; and
  3. That the domiciliary foreign personal representative is entitled to payment or delivery. 

Also, personal representatives appointed in another state must follow the procedures outlined in IDS 15-4-204. Basically, the foreign domiciled PR must file with the state in the local county where the property is located. 

Related Links 

RCW 30A.22.200 
ORS 116.263 
IDS 15-4-204 

Legal Briefs 

National Credit Union Administration (NCUA) 

NCUA stated that it will take a phased approach to implement the FOM rule in light of the D.C. Circuit Court of Appeals decision. 

NCUA released Q2 2019 Credit Union System Performance Data. 

Consumer Financial Protection Bureau (CFPB) 

CFPB updated its HMDA webinars. 

CFPB announced hosting Behavioral Economics and Consumer Financial Service Policy symposium on Sept. 19. The event will be webcast on the Bureau’s website. 

Social Security Administration (SSA) 

SSA announced the first potential group of participants for the new electronic SSN verification service, which will begin in 2020. 

Office of Foreign Assets Control (OFAC) 

OFAC has updated the SDN list as of Sept. 4, 2019. The last update prior to this was Aug. 30, 2019. 

Questions? Contact the Compliance Hotline: 1.800.546.4465; [email protected].