FFIEC Assessment Services

Compliance and risk management solutions customized for financial services institutions

Banks and credit unions face disruption by innovation and new technologies, customer and member loyalty challenges, and a constantly changing regulatory landscape. With a growing number of technologies used to support customers and employees -- including core business systems, ATMs, mobile applications, and cloud computing, there’s a dramatic increase in cybersecurity risk and a need for proactive cybersecurity assessments and risk mitigation strategies.

While the cost of regulatory compliance with the Federal Financial Institutions Examination Council (FFIEC), the Gramm-Leach-Bliley Act (GLBA) and other requirements is rising, the cost of non-compliance could be the loss of an enterprise. Financial services institutions are a significant target.

How Coalfire can Help

Having served hundreds of banks and credit unions, our financial industry experts help you develop, implement and maintain effective regulatory compliance programs that maximize the benefits of the investment and protect reputations.

A risk assessment is the first step to identifying and implementing safeguards necessary to meet compliance. We help you find gaps that may exist between your current security posture and regulatory requirements. Our customized assessments, scaled for your organization, include identification of key assets and IT systems, assessment of controls and frameworks, and a review of third-party providers and incident response programs.

Banks – Manage Risk and GLBA Compliance

Coalfire offers a suite of security services designed to meet the federal, state and local regulatory needs of the banking industry. We provide guidance for a balanced, justified information security program that keeps executive management up to date with risk and threat landscapes essential to maintaining compliance with GLBA.

Through its Information Security Examination Handbook, the FFIEC, in conjunction with its member agencies, has defined a process-based approach for complying with GLBA. Coalfire adheres to this guidance in the following ways:

  • Testing your network for vulnerabilities.
  • Monitoring networks for anomalies.
  • Implementing an incident response program.
  • Training staff on security awareness.
  • Ensuring that third parties have adequate security controls in place.

Credit Unions – NCUA-Accepted Risk Management

Coalfire’s IT risk management program provides services tailored to the unique needs of credit unions. Our methodology incorporates the NCUA’s AIRES examination framework to help credit unions manage risk, prepare for audits and meet compliance requirements cost-effectively. Our services have been reviewed and accepted by the NCUA and state-level examiners nationwide.

We can also help credit unions conduct a periodic risk assessment in accordance with  the requirements of the Federal Trade Commission’s (FTC) Red Flags Rule. The program can help detect the “red flags” of identity theft in your day-to-day operations, take steps to prevent the crime, and mitigate damage. The program can help businesses spot suspicious patterns and prevent the costly consequences of identity theft.

Why Choose Coalfire as your Partner

Since our founding in 2001, Coalfire has established itself as a pure-play, vendor-neutral cybersecurity advisory firm with thousands of assessments for financial services institutions.

Our experience in training NCUA, FDIC and OCC/OTS regulators allows us to provide thorough, cost-effective solutions to complex information security risk management requirements.

Each Coalfire project is led by a credentialed, industry-savvy senior director and supported by consultants armed with the methodologies, insights and know-how accumulated through service to over 1,400 clients annually.

Industry Resources




Sign up for our Newsletter

Get the latest cybersecurity news and insights from Coalfire delivered to your inbox.