Interview with head of FDIC IT examinations

Interview with head of FDIC IT examinations

In an interview with Don Saxinger at, the head of IT examiner oversight addresses vendor management.  Here is my summary of that interview:

Do not look for the FDIC to change, or even update, guidance on vendor management.  The FDIC feels that the current guidance is broad enough to address concerns over new technology such as cloud computing, mobile banking, social media, etc.

Regarding social media, you must evaluate the provider the same as any other service provider.

Regarding “what is a vendor?”, he referred to the Bank Service Company Act.  This stipulates that if the vendor provides a “banking function” to the institution, that vendor relationship need to be reported to the regulators.  “Banking functions” are defined as:

  • Check and deposit sorting and posting
  • Computation and posting of interest and other credits and charges
  • Preparation and mailing of checks, statements, notices, and similar items
  • Any other clerical, bookkeeping, accounting, statistical, or similar functions

IT is only one of the layers necessary to support a business process.

To insure proper vendor management, refer to the examination guidelines found in the back (usually Appendix A) of every FFIEC IT Examination Handbook.  Specifically the Outsourcing and the Management handbooks.

Improper management of vendor risks can result in lower examination ratings.

Print Friendly, PDF & Email
Tom Hinkel
As author of the Compliance Guru website, Hinkel shares easy to digest information security tidbits with financial institutions across the country. With almost twenty years’ experience, Hinkel’s areas of expertise spans the entire spectrum of information technology. He is also the VP of Compliance Services at Safe Systems, a community banking tech company, where he ensures that their services incorporate the appropriate financial industry regulations and best practices.

Write a Comment