FFIEC audit and assessment services

Connect with us

Banks and credit unions face disruption by innovation and new technologies, customer and member loyalty challenges, and a constantly changing regulatory landscape. With a growing number of technologies used to support customers and employees – including core business systems, ATMs, mobile applications, and cloud computing – cybersecurity risk has increased dramatically, requiring proactive cybersecurity assessments and risk mitigation strategies.

While the cost of regulatory compliance with the Federal Financial Institutions Examination Council (FFIEC), the Gramm-Leach-Bliley Act (GLBA), and other requirements is rising, the cost of non-compliance could be the loss of an enterprise. Financial services institutions are a significant target.

Compliance and risk management solutions customized for financial services institutions

Having served hundreds of banks and credit unions, our financial industry experts help you develop, implement, and maintain effective regulatory compliance programs that maximize the benefits of the investment and protect your reputation.

A risk assessment is the first step in identifying and implementing the safeguards necessary to meet compliance. Through these customized assessments, we identify key assets and IT systems, assess controls and frameworks, review third-party providers and incident response programs, and help you find gaps that may exist between your current security posture and regulatory requirements.

Banks: manage risk and GLBA compliance

We offer a suite of security services designed to meet the federal, state, and local regulatory needs of the banking industry. We provide guidance for creating a balanced, justified information security program that keeps executive management up-to-date on risk and threat landscapes and maintains compliance with GLBA.

Through its Information Security Examination Handbook, the FFIEC, in conjunction with its member agencies, has defined a process-based approach for complying with GLBA. We adhere to this guidance by:

Testing your network for vulnerabilities
Monitoring networks for anomalies
Implementing an incident response program
Training staff on security awareness
Ensuring that third parties have adequate security controls in place

Credit unions: NCUA-accepted risk management

Our IT risk management program provides services tailored to the unique needs of credit unions. Our methodology incorporates the National Credit Union Administration (NCUA) AIRES examination framework to help you manage risk, prepare for audits, and meet compliance requirements cost-effectively. Our services have been reviewed and accepted by the NCUA and state-level examiners nationwide.

We can also help conduct a periodic risk assessment in accordance with the Federal Trade Commission’s (FTC) Red Flags Rule. The program can help you detect the “red flags” of identity theft in your day-to-day operations, take steps to prevent the crime, and mitigate damage.

Why choose Coalfire as your partner?

Since our founding in 2001, we have been a pure-play, vendor-neutral cybersecurity advisory firm, conducting thousands of assessments for financial services institutions.
Our experience training NCUA, FDIC, and OCC/OTS regulators allows us to provide thorough, cost-effective solutions for complex information security risk management requirements.

Our projects are led by a credentialed, industry-savvy senior director and supported by consultants armed with methodologies, insights, and know-how accumulated through service to more than 1,800 clients annually.