Summer Regulatory Summit eBook

Internal Use Only

Pilot Program to Address MSP Risks • Significant contagion and confidence risks exist via bank relationships with managed service providers (MSPs) • MSPs and other vendors should implement same security standards as FIs; state supervision of MSPs is extremely limited • A pilot program has been initiated to address risks presented by Volt Typhoon and other threats to all financial institutions • Six states representing each district have agreed to compile an inventory of all MSPs serving FIs • Pilot states are also working to define regulatory security expectations and develop options to notify banks and identified MSPs • Will include CISA's recommended Volt Typhoon mitigation actions

Internal Use Only

Coming Soon: Nonbank R-SAT, Version 2.0

Nonbank Ransomware Self-Assessment Tool (R-SAT), Version 2.0

Provides management and the board with an overview of institution’s preparedness to address ransomware threats

Designed to be an easy to use, repeatable tool

Version 2.0 is tentatively scheduled for release early Fall 2024