During the Nationwide Multistate Licensing System Annual Conference, state financial regulators released an updated cybersecurity examination tool for nonbank financial company supervision. The tool is designed for state regulators to use during examinations of less complex and lower risk institutions, and another tool for more complex institutions is scheduled for release in the second quarter of 2021.
The tool is part of state regulators’ ongoing efforts to mitigate cybersecurity risks. State regulators also developed a cybersecurity work program to evaluate cyber risk management and identify gaps in nonbank financial company’s cybersecurity programs. The exam program is sorted according to the Uniform Rating System for Information Technology component ratings; however, to provide flexibility, examiners may sort according to the National Institute of Standards and Technology cybersecurity framework functions.