Compliance Guru • FFIEC Guidance
  • Ask the Guru
  • The Guru Speaks
  • About
  • Ask the Guru
  • The Guru Speaks
  • About
By Tom Hinkel In Hot Topics

Interview with head of FDIC IT examinations

In an interview with Don Saxinger at bankinfosecurity.com, the head of IT examiner oversight addresses vendor management.  Here is my summary of that interview:

Do not look for the FDIC to change, or even update, guidance on vendor management.  The FDIC feels that the current guidance is broad enough to address concerns over new technology such as cloud computing, mobile banking, social media, etc.

Regarding social media, you must evaluate the provider the same as any other service provider.

Regarding “what is a vendor?”, he referred to the Bank Service Company Act.  This stipulates that if the vendor provides a “banking function” to the institution, that vendor relationship need to be reported to the regulators.  “Banking functions” are defined as:

  • Check and deposit sorting and posting
  • Computation and posting of interest and other credits and charges
  • Preparation and mailing of checks, statements, notices, and similar items
  • Any other clerical, bookkeeping, accounting, statistical, or similar functions

IT is only one of the layers necessary to support a business process.

To insure proper vendor management, refer to the examination guidelines found in the back (usually Appendix A) of every FFIEC IT Examination Handbook.  Specifically the Outsourcing and the Management handbooks.

Improper management of vendor risks can result in lower examination ratings.

Print Friendly, PDF & Email

Share this:

  • Facebook
  • LinkedIn
  • Twitter
  • Print
Examination FDIC Vendor Management

Article by Tom Hinkel

As author of the Compliance Guru website, Hinkel shares easy to digest information security tidbits with financial institutions across the country. With almost twenty years’ experience, Hinkel’s areas of expertise spans the entire spectrum of information technology. He is also the VP of Compliance Services at Safe Systems, a community banking tech company, where he ensures that their services incorporate the appropriate financial industry regulations and best practices.

Related Articles

  • Do we have to complete the FFIEC's CAT?
    Ask the Guru: "The Cybersecurity Assessment Tool... Do we have to?"
  • Most institutions should prepare for a much more thorough examination
    FDIC Updates IT Examination Procedures

2 replies added

Leave your comment Cancel Reply

You must be logged in to post a comment.

Join Our Community

Browse Posts

  • Ask the Guru
  • Ask the ISO
  • From the Field
  • Hot Topics
  • Reading Between the Lines
  • Resources

Copyright © Compliance Guru®.
All Rights Reserved.

Powered by Safe Systems. Privacy Policy

Stay up to date with these pandemic resources for community banking.See COVID-19 Resources
+