OIG: The Board Can Enhance Its Approach to the Cybersecurity Supervision of Community Banking Organizations

If you are seeing this message, Javascript is disabled. Disclaimer for all external links found on this page: The Office of Inspector General (OIG) for the Board of Governors of the Federal Reserve System and the Consumer Financial Protection Bureau does not necessarily endorse the views expressed or the facts presented on the external sites. The OIG does not endorse any commercial products that may be advertised or on the external sites. The OIG's privacy policy does not apply on the external sites. Please check the site for its privacy notice.

Skip to Navigation

IN THIS SECTION

Skip SHARE THIS PAGE section Skip STAY CONNECTED section

Board Report: 2025-SR-B-008 May 28, 2025

Effective IT risk management is critical to the safety and soundness of financial institutions, including more than 600 community banking organizations supervised by the Board and Reserve Banks.

However, procedures for IT examinations of CBOs are not up to date and do not reflect the evolving IT and cybersecurity risk environment. In addition, Reserve Banks have varying approaches to training examiners who conduct CBO IT examinations and completing and retaining documents used to scope such examinations.

We are making five recommendations to ensure that the approach to IT and cybersecurity supervision addresses evolving risks, that training for examiners is more structured, and that the documentation of examination scopes is more consistent.

HOTLINE

IN THIS SECTION

The Board Can Enhance Its Approach to the Cybersecurity Supervision of Community Banking Organizations

available formats

Summary:

Full Report:

LINKS TO THE BOARD AND THE CFPB

HOTLINE

IN THIS SECTION

SHARE THIS PAGE

STAY CONNECTED

The Board Can Enhance Its Approach to the Cybersecurity Supervision of Community Banking Organizations

available formats

Summary:

Full Report:

LINKS TO THE BOARD AND THE CFPB

RELATED SITES AND RESOURCES