Skip to main content
Press Releases

State Regulators Issue a New Nonbank Cybersecurity Exam Tool

Washington, D.C.— State financial regulators released an updated cybersecurity examination tool for nonbank financial company supervision during the ongoing Nationwide Multistate Licensing System (NMLS) Annual Conference.

The tool is designed for state regulator use in examinations, and companies are encouraged to use it to assess their cybersecurity health between examinations.

This tool is the newest component of state regulators’ cybersecurity ongoing risk mitigation efforts. As part of these efforts, CSBS developed a model nonbank data security law, trained hundreds of state examiners in IT and cybersecurity, piloted an initial cybersecurity examination program for nonbank entities and partnered with the U.S. Secret Service to issue a ransomware self-assessment tool.

“Ongoing cyberattacks stress the need for robust cybersecurity defenses to protect consumers and the financial system,” said Conference of State Bank Supervisors President and CEO John W. Ryan. “State regulators are working to better enable nonbank institutions, including fintech and payments companies, money transmitters and mortgage companies, to defend against cyber threats and respond quickly to emerging threats.”

The cybersecurity work program was developed by a group of state bank and nonbank IT examiners to evaluate cyber risk management and identify gaps or weaknesses that require attention. The program is based on the National Institute of Standards and Technology cybersecurity framework, Center for Internet Security (CIS) controls and FFIEC Uniform Rating System for Information Technology standards.

This tool is considered a baseline assessment for less complex and lower risk institutions. An additional tool for more complex institutions is under development for release in Q2 2021.

Media Contact: Catherine Pickels, 202-728-5734, [email protected]