Federal Financial Institutions Examination Council | |
Preceding6: | --> |
Superseding6: | --> |
Chief1 Name: | Todd M. Harper |
Chief1 Position: | Chairman[1] |
Chief9 Name: | --> |
Child25 Agency: | --> |
Keydocument1: | FIRA |
The Federal Financial Institutions Examination Council (FFIEC) is a formal U.S. government interagency body composed of five banking regulators that is "empowered to prescribe uniform principles, standards, and report forms to promote uniformity in the supervision of financial institutions". It also oversees real estate appraisal in the United States.[2] Its regulations are contained in title 12 of the Code of Federal Regulations.
FFIEC includes five banking regulators—the Federal Reserve Board of Governors (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB).
FFIEC was established March 10, 1979, pursuant to title X of the Financial Institutions Regulatory and Interest Rate Control Act of 1978 (FIRA).[3] [4]
The FFIEC was given additional statutory responsibilities by section 340 of the Housing and Community Development Act of 1980 to facilitate public access to data that depository institutions must disclose under the Home Mortgage Disclosure Act of 1975 (HMDA) and the aggregation of annual HMDA data, by census tract, for each metropolitan statistical area (MSA). In accordance with HMDA, the FFIEC established an advisory State Liaison Committee composed of five representatives of state supervisory agencies.[2] The HMDA requires "most lenders to identify the race, sex, and income of loan applicants and borrowers",[2] so the FFIEC is able to deduce things like "the number of mortgages issued to black and Hispanic borrowers rose sharply", as it did in 1993.[5] In 2006, the State Liaison Committee was added to the Council as a voting member.[6]
The Appraisal Subcommittee (ASC) was established within the FFIEC pursuant to title XI of the Financial Institutions Reform, Recovery and Enforcement Act of 1989 (FIRREA). The ASC oversees The Appraisal Foundation, whose work is accomplished by three independent boards—the Appraiser Qualifications Board (AQB), the Appraisal Standards Board (ASB), and the Appraisal Practices Board (APB), who collectively regulate real estate appraisal in the United States.
Then Comptroller of the Currency and FFIEC Chair Thomas J. Curry stated on May 8, 2014, that "helping to make banks less vulnerable and more resilient to cyber-attacks" has been one of his top priorities.[7] [8] In June 2014 FFIEC launched a new webpage on cybersecurity and announced that it was initiating a pilot for 500 member institutions that will focus on how these institutions manage cybersecurity and how prepared they are to mitigate cyber risks.[9] This was a welcome development since the FFIEC had previously relaxed their own guidance regarding cybersecurity. In guidance released in 2005, the body created rigorous standards that were to be enacted by subject institutions by the end of 2006 regarding multi-factor authentication.[10] The guidance called for strict measures to protect financial transactions that would combine biometrics with strong passwords and device fingerprinting, among other measures, as means of strong authentication. The document mentions biometrics fourteen separate times. The following year, the FFIEC released supplementary guidance that relaxed the strong authentication requirements, allowing institutions to add a "second authentication method" for layered security (not 2 factor authentication) – the supplement mentions biometrics only once.[11] Many institutions discontinued more costly two factor and biometric security measures in favor of what the FFIEC guidance had come to refer to as layered security. By the deadline, fully one third of banking and financial institutions had not complied.[12] When further guidance was released in 2011, it mentioned "strong authentication" only one time.[13]
On June 30, 2015 the FFIEC released the FFIEC Cybersecurity Assessment Tool [14] to enable regulated financial institutions to assess their cybersecurity readiness. This tool may be used as a self-assessment. Regulators may also review the completed assessment during their examination.[15]
Consumer compliance in bank regulation is associated with the FFIEC’s Uniform Interagency Consumer Compliance Rating System (CC Rating System).[16] The FFIEC promotes compliance with federal consumer protection laws and regulations through each agency’s supervisory and outreach programs.
The FFIEC has six voting representatives of member agencies.[17] As of August 2021, FFIEC members include:[18] [19]