CISOs who work in the financial industry within the United States are familiar with matters requiring attention (MRA). An MRA is a notice that is communicated verbally and in writing to a financial institution’s board and management team and is included in the organization’s examination report from regulators. Security- and privacy-related issues can often trigger an MRA.
An MRA is often indicative of inadequate controls leading financial institutions to spend significant time and money on remediation. Yet many could be prevented by addressing common points of vulnerability and control weaknesses through a strong risk management program. Financial institutions, including banks, capital markets, fintech firms, and asset management groups, can reduce these costs by taking a more proactive approach to eliminating some of the most frequently cited matters requiring remediation.
What are MRAs and how do they work?
MRA notices denote a matter that the US Federal Reserve expects a financial institution to address to operate in a safe and compliant manner. Most MRAs are aligned with laws, rules, or regulations that mandate financial institutions to maintain proper…
