with a better browsing experience; allow us to assess, monitor, and improve the website’s
performance; and enable our partners to advertise to you. You may disable the cookies by changing
the settings in your browser, and you may tell us not to share your cookie data with third parties.
Regulatory requirements significantly shape many aspects of banks’ risk operations. Cybersecurity is the latest area to fall under regulators’ purview; in 2013, the Office of the Comptroller of the Currency (OCC) issued a directive requiring banks to manage risks, including cybersecurity risk, in their third-party relationships.1 In addition, the Federal Financial Institutions Examination Council (FFIEC) offers the Cybersecurity Assessment Tool to help institutions identify their risks and determine cybersecurity preparedness.