FFIEC Assessment

FFIEC Assessment

Turn-key service for banking institutions to efficiently conduct the FFIEC assessment


Sword & Shield Enterprise Security’s turn-key FFIEC Assessment service helps banks and examiners that must adhere to FFIEC cyber security guidelines to determine their inherent risk profile and level of cybersecurity preparedness.

Our cybersecurity and compliance experts partner with you to efficiently conduct the assessment using the FFIEC Toolkit, industry knowledge, and their technical and compliance expertise.

Our FFIEC Assessment is designed for banks of all sizes and incorporates concepts and principles contained in the FFIEC IT Examination Handbook, regulatory guidance, applicable laws and regulations, FFIEC joint statements, and concepts from well-known industry standards, such as the NIST Cybersecurity Framework.

Inherent risk profile and cybersecurity maturity assessment

The FFIEC Assessment consists of two parts: an inherent risk profile and a cybersecurity maturity assessment.

An inherent risk profile identifies the amount of risk posed to a bank by the types, volume, and complexity of the bank’s technologies and connections, delivery channels, products and services, organizational characteristics, and external threats—notwithstanding the bank’s risk-mitigating controls.

Cybersecurity maturity is evaluated in five domains:

  1. Cyber Risk Management and Oversight
  2. Threat Intelligence and Collaboration
  3. Cybersecurity Controls
  4. External Dependency Management
  5. Cyber Incident Management and Resilience

The OCC will implement the assessment as part of the bank examination process over time to benchmark and assess bank cybersecurity efforts. The results may be reviewed to determine whether the bank’s cybersecurity maturity levels align with the bank’s inherent risk profile.

While use of the assessment is optional for financial institutions, OCC examiners will use it to supplement exam work to gain a more complete understanding of an institution’s inherent risk, risk management practices, and controls related to cybersecurity.

FFIEC Assessment Report

Sword & Shield delivers a comprehensive assessment report detailing your strengths and weaknesses, as well as a remediation roadmap. This document includes an executive summary to help you communicate the assessment results and necessary action to company decision makers.

Associated Cybersecurity Services

As a full-service information security and compliance firm, Sword & Shield offers a host of related solutions. This streamlines operations, saves you time and money, and provides consistency of quality. In addition to the FFIEC assessment, clients may opt for these related services: