State regulators adopting FDIC pre-exam questionnaire… (Update)

…at least in Georgia. The most recent Georgia State IT examinations are using a carbon copy of the FDIC 12/07 pre-examination IT questionnaire. If your primary federal regulator is the FDIC, this makes filling out the State questionnaire much easier. If not however, you’ll want to familiarize yourself with the format.

There are 5 parts to the questionnaire:

Risk Assessment
Operations Security and Risk Management
Audit/Independent Review Program
Disaster Recovery and Business Continuity Management
either…
1. Vendor Management and Service Provider Management (newer version), or
2. Gramm-Leach-Bliley Act/FDIC Rules and Regulations – 12 CFR Part 364 Appendix B (older version)

Also, we’ve definitely seen increased State examiner activity in general. I’ve seen more State exam questionnaires this month than I’ve seen in the past 4 months.

UPDATE: Add the State of Maryland to this list, with Vendor Management as Part 5.

Article by Tom Hinkel

As author of the Compliance Guru website, Hinkel shares easy to digest information security tidbits with financial institutions across the country. With almost twenty years’ experience, Hinkel’s areas of expertise spans the entire spectrum of information technology. He is also the VP of Compliance Services at Safe Systems, a community banking tech company, where he ensures that their services incorporate the appropriate financial industry regulations and best practices.