FFIEC Bank & Credit Union Compliance Help presented by Safe Systems – Compliance Guru

Updated Incident Response guidance expected

Tom — Tue, 08 May 2012 18:32:59 +0000

Comments on draft 2 are closed, and the National Institute of Standards and Technology (NIST) is about to release an update to their Computer Security Incident Handling Guide (SP 800-61). …
Read the rest of the article

FDIC Supervisory Letter Issued on Critical Service Provider

Tom — Wed, 25 Apr 2012 21:46:20 +0000

(NOTE: Although the vendor in question has been publicized by the NCUA, I will not name it here because it is not relevant. If you currently contract with the …
Read the rest of the article

FFIEC Handbook Update – Outsourcing

Tom — Mon, 09 Apr 2012 23:08:47 +0000

The FFIEC has just added a section to the Outsourcing Technology Services IT Examination Handbook, and it should be required reading for financial institutions as well as any managed service …
Read the rest of the article

FFIEC Handbook Update – SAS 70 Transition

Tom — Mon, 09 Apr 2012 15:53:37 +0000

The FFIEC has just updated their online IT Examination InfoBase to address the AICPA phase-out of the SAS 70 reporting format. All references to “SAS 70″ have now been replaced, …
Read the rest of the article

5 “random” facts

Tom — Thu, 05 Apr 2012 15:25:23 +0000

Fact 1 – According to the U.S. Bureau of Labor Statistics, the increasing complexity of financial regulations will spur employment growth of financial examiners. In fact it is expected to …
Read the rest of the article

CFPB Examinations Are Coming – UPDATE

Tom — Wed, 28 Mar 2012 13:51:42 +0000

Coming soon to your financial institution: Dear Board of Directors: Pursuant to the authority of the Dodd-Frank Wall Street Reform...
Read the rest of the article

FDIC issues FIL addressing proper use of Bank information

Tom — Tue, 20 Mar 2012 20:18:26 +0000

Although a quick read of this FIL makes it seem that it only addresses the proper use of confidential information after the institution is placed into receivership,...
Read the rest of the article

Risk Managing BYOD (bring your own device)

Tom — Mon, 12 Mar 2012 18:52:15 +0000

Thanks in part to social media, users today often don’t differentiate between work and non-work activities, and they certainly don’t want to have to carry multiple work/non-work devices to keep …
Read the rest of the article

“Data-flow diagrams”

Tom — Fri, 02 Mar 2012 16:26:48 +0000

This request was seen in a recent State examiners pre-examination questionnaire, and although I usually like to see a request a couple of times from different examiners before identifying it …
Read the rest of the article

The single most important vendor management control

Tom — Wed, 22 Feb 2012 19:59:42 +0000

Pop quiz…according to the FFIEC Handbook on Outsourcing Technology Services…

“The ________ is the single most important control in the outsourcing process”:

Initial due diligence process
Review of third-party

Read the rest of the article