FFIEC Bank & Credit Union Compliance Help presented by Safe Systems – Compliance Guru

The single most important vendor management control

Tom — Wed, 22 Feb 2012 19:59:42 +0000

Pop quiz…according to the FFIEC Handbook on Outsourcing Technology Services…

“The ________ is the single most important control in the outsourcing process”:

Initial due diligence process
Review of third-party

FDIC changing annual IT report to Board?

Tom — Thu, 16 Feb 2012 16:26:46 +0000

Based on recent examination findings, it would appear that the FDIC is changing what they expect to see in the annual information security report to the Board of Directors. The …
Read the rest of the article

NIST releases new Cloud Computing Guidelines

Tom — Mon, 06 Feb 2012 20:56:21 +0000

Although not specific to the financial industry, the new guidelines provide a comprehensive overview of the privacy and security challenges of this increasingly popular computing model. It’s worth a look …
Read the rest of the article

Bank Directors and Officers targeted in 2011

Tom — Wed, 25 Jan 2012 17:31:16 +0000

The final numbers are in for 2011, and it was a record year for Director and Officer (D&O) lawsuits by the FDIC. In 2011 alone, 264 defendants were named in …
Read the rest of the article

2012 Compliance Trends, Part 5 – Uncertainty (UPDATE)

Tom — Mon, 16 Jan 2012 19:05:49 +0000

Similar to my previous post on Risk Assessments, I believe Uncertainty is also a 2-part trend:

- Uncertainty about future regulatory changes, and
- Uncertainty about the interpretation of existing …
Read the rest of the article

Another incident management table-top training exercise

Tom — Mon, 09 Jan 2012 22:22:02 +0000

I’ve mentioned before that financial institutions would be wise to use news reports of security incidents as “what if” table-top training exercises. Here is another one that just occurred a …
Read the rest of the article

2012 Compliance Trends, Part 4 – Risk Assessments

Tom — Wed, 04 Jan 2012 19:02:42 +0000

Information security, business continuity, vendor management, ID theft, RDC, Internet banking…it seems that every time you do anything these days you’re expected to perform a risk assessment. This is nothing …
Read the rest of the article

FDIC offers “Insight” on Mobile Banking

Tom — Thu, 22 Dec 2011 15:24:01 +0000

Although not considered official supervisory guidance, the most recent FDIC Supervisory Insights newsletter offers an instructive early look into how the agency might examine this emerging electronic banking delivery method …
Read the rest of the article

2012 Compliance Trends, Part 3 – Management

Tom — Mon, 19 Dec 2011 20:48:40 +0000

I’ve written about the importance of this before, and from many different angles, but I want to recap and explain why I think management (both IT and enterprise) will be …
Read the rest of the article