Author: The Safe Systems Compliance Team

  • Third-Party Risk Management Final Guidance – An In-depth Analysis 

    Third-Party Risk Management Final Guidance – An In-depth Analysis 

    Background  In July of 2021, the three primary bank regulators (OCC, FDIC, and Federal Reserve) proposed new guidance on third-party risk management (TPRM).  According to the agencies, “The proposed guidance provides a framework based on sound risk management principles that banking organizations may use to address the risks associated with third-party relationships.”  In June of…

  • Is It Time to Take the CAT to the Vet?

    Is It Time to Take the CAT to the Vet?

    How a New Framework Can Improve Cybersecurity Assessments in Financial Institutions. In the age of digital banking, maintaining robust cybersecurity risk assessments and control reviews is paramount to protecting sensitive data from potential threats, and passing rigorous IT audits and examinations. Historically, a key tool in the arsenal has been the Cybersecurity Assessment Tool (CAT)…

  • The State of the (Credit) Union According to the NCUA Chairman

    The State of the (Credit) Union According to the NCUA Chairman

    Last month, NCUA chairman Todd M. Harper delivered his “State of the (Credit) Union” during the 2023 Governmental Affairs Conference. Harper covered multiple areas of interest to credit unions including: But in this post, we’ll focus on 3 topics directly related to information security: cybersecurity risk, the need for centralized vendor authority, and Fintechs. The…

  • FTC Redefines a Financial Institution. Could your customers and members be impacted?

    FTC Redefines a Financial Institution. Could your customers and members be impacted?

    Way back in 2002, the FTC proposed new standards that would require all “financial institutions” to develop, implement, and maintain “…reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information.”   Officially known as Standards for Safeguarding Customer Information, this should sound very familiar to all “traditional” financial institutions, as…

  • FFIEC Cancels E-Banking Handbook

    FFIEC Cancels E-Banking Handbook

    On May 13, 2022, the FFIEC very quietly rescinded the FFIEC Information Technology Examination Handbook (IT Handbook) booklet entitled E-Banking.  The original booklet was released in 2003 and was accompanied by a flurry of activity by financial institutions to come up with a separate E-banking policy and risk assessment.  In effect, the FFIEC is now…

  • Have There Been Any Official Board Reporting Updates to the FFIEC InfoSec Handbook since 2016?

    Have There Been Any Official Board Reporting Updates to the FFIEC InfoSec Handbook since 2016?

    Hey Guru! Do you have any additional blogs about FDIC changing the annual IT report to the board? I saw the article from 2012 and was wondering if there are any updates to that. Has the FFIEC updated its Information Security IT Handbook after 2016 in regard to this subject?Thank you,Lynn Hi Lynn, and thanks…