Using the New 'Cybersecurity Profile' Tool - American Bankers Assc.

Financial institutions of all sizes can use a new Cybersecurity Profile tool to help them comply with a variety of regulations and implement the NIST Cybersecurity Framework, says Denyette DePierro of the American Bankers Association.

See Also: Fraud Prevention for Banks: Top 10 Tech Requirements to Evaluate

In a video interview at Information Security Media Group's recent Legal & Compliance Summit in New York, DePierro also discusses:

  • Difficulties in setting risk management priorities, especially at smaller organizations;

  • The implications of the California Consumer Privacy Act and the EU's General Data Protection Act;

  • Moving from a focus on compliance to a risk management approach.

Denyette DePierro is vice president and senior counsel at the Center for Payments & Cybersecurity, American Bankers Association. She focuses on the state, federal and international regulation of technology, cybersecurity, privacy, data security, as well as emerging trends in banking, including fintech, blockchain, internet of things, artificial intelligence and social media. Previously, she was legislative counsel at the Independent Community Bankers of America and the California Independent Bankers.Original

Description: Cyber-Related Sanctions - FFEIC, OFAC, OCC


Subject: Cybersecurity
Date: November 5, 2018

To: Chief Executive Officers of All National Banks, Federal Branches and Agencies, Federal Savings Associations, and Technology Service Providers; Department and Division Heads; All Examining Personnel; and Other Interested Parties

Description: Cyber-Related Sanctions


The Federal Financial Institutions Examination Council (FFIEC)1,  on behalf of its members, has issued a statement to alert financial institutions of the recent actions taken by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) under OFAC’s Cyber-Related Sanctions Program and to the potential impact similar sanctions may have on financial institutions’ operations.  

Note for Community Banks

This statement applies to all OCC-supervised institutions.


Consistent with existing guidance, financial institutions should consider the following issues regarding the effect of sanctions on financial institutions’ operations. Continued use of products or services from a sanctioned entity

  • directly or indirectly through a service provider may increase operational risk for a financial institution.

  • may cause the institution to violate OFAC sanctions. These sanctions prohibit U.S. persons—including U.S. financial institutions—from conducting transactions with sanctioned entities.

Affected institutions are encouraged to contact OFAC, their legal counsel, or their security offices for more guidance.

Further Information

Please contact Patrick J. Kelly, Director for Critical Infrastructure Policy, Operational Risk Division, at (202) 649-6550.


Grace E. Dailey
Senior Deputy Comptroller for Bank Supervision Policy and Chief National Bank Examiner

Related Link