-
The IT Steering Committee – Should or Must?
At a recent user group meeting of one of the major core vendors for community banks, I asked the question ‘how many of you use an IT or Tech Steering Committee?’. I was expecting a vast majority of hands to go up, but only about half did. This was surprising to me, given that: The…
-
FFIEC Updates (and Greatly Expands) the Management Handbook
This latest update to the IT Examination Handbook series comes 11 years after the original version. And although IT has changed significantly in the past 11 years, the requirement that financial institutions properly manage the risks of IT has not changed. This new Handbook contains many changes that will introduce new requirements and new expectations…
-
Cybersecurity – Part 2
In Part 1 I discussed the increasing regulatory focus on cybersecurity, and what to expect in the short term. In this post I want to dissect the individual elements of cybersecurity, and list what you’ll need to do to demonstrate compliance on each one going forward. So here are the required elements of a cybersecurity program, followed…
-
Implementing the CFPB-required Compliance Management System (Part 2)
CFPB compliance examinations have only just started and the agency has already identified deficiencies in some institutions: “The CFPB has found one or more situations in which an effective CMS was lacking across the financial institution’s entire consumer financial portfolio, or in which the financial institution failed to adopt and follow comprehensive internal policies and…
-
FDIC Files Record Number of Lawsuits in 2012 – 2015 UPDATE
UPDATE 2: We in fact did see a significant decrease in O&D lawsuits in the past few years: [pullquote]“The FDIC will not bring civil suits against directors and officers who fulfill their responsibilities, including the duties of loyalty and care, and who make reasonable business judgments on a fully informed basis and after proper…
-
NIST Incident Response Guidance released
UPDATE – The National Institute of Standards and Technology (NIST) has just released an update to their Computer Security Incident Handling Guide (SP 800-61). The guide contains very prescriptive guidance that can be used to frame, or enhance, your incident response plan. It also contains a very useful incident response checklist on page 42. I’ve…