Gaps found in FDIC regulation of banks’ cyber risk

Significant gaps have been discovered in the Federal Deposit Insurance Corporation's IT and cyber risk assessment program InTREx by the agency's Office of the Inspector General, CyberScoop reports. While the FDIC has been tasked to monitor U.S. banks, the agency has been using outdated information from its InTREx, while some tests are not being completed by some of its examiners, according to a report from the FDIC's OIG. Aside from FDIC staffers lacking awareness of the latest cybersecurity updates, its examiners were also not given any training on InTREX procedures and processes, resulting in the elevated prevalence of failed exam work paper filings. Nineteen recommendations have been given by the FDIC OIG in its report, with the agency stating that it will be completing 14 of the recommendations by year-end. However, the FDIC has been noted by its watchdog to be not doing enough in addressing the five other concerns named in its report.