CSBS Releases Nonbank Cybersecurity Exam Procedures

The Conference of State Bank Supervisors on Tuesday released two new tools for nonbank financial services companies to improve their cybersecurity posture.

The Baseline Nonbank Cybersecurity Exam Program and the Enhanced Nonbank Cybersecurity Exam Program are tools used by state examiners nationwide to assess the cyber preparedness of nonbank entities. Release of these tools provides these institutions the ability to improve their cybersecurity posture and better prepare for cybersecurity exams conducted by state examiners.

A multi-state team of cybersecurity examination experts developed these exam procedures and tools.

“Supervisory clarity is essential to increasing industry awareness and making our financial system more resilient to cyber-attacks,” said CSBS Senior Vice President of Nonbank Supervision Chuck Cross. “The Nonbank Cybersecurity Exam Procedures released today provide nonbank institutions additional optional tools to guard against cyber-attacks, data breaches or lapses in management oversight in this crucial area.”

Rick Hill, MBA Vice President of Industry Technology, said MBA appreciates development of cybersecurity programs used by state mortgage regulators.

“These programs create a set of common expectations across all states, which facilitates cybersecurity preparation as well as compliance with examiner expectations,” Hill said. “Adoption of the examination programs by all state regulators is important, as many mortgage lenders operate in multiple states. We look forward to working with CSBS and the state regulators as they implement these new examination programs.”

William Kooper, MBA Vice President of State Government Affairs and Industry Relations, said MBA will invite CSBS to discuss these tools at future MBA committee meetings so that our members have an opportunity to ask questions and learn more.

CSBS said in coming months, it intends to provide additional tools tailored to needs of smaller nonbank financial institutions.

This release is part of a larger initiative by CSBS and state regulators to equip the industry with the necessary tools to protect the nation’s critical financial infrastructure. CSBS also provides nonbanks with a Ransomware Self-Assessment Tool and a Cybersecurity 101 Guide for executives.