Author: The Safe Systems Compliance Team

  • New Third-party Management Guidance Pending

    New Third-party Management Guidance Pending

    In July of 2021, the three primary bank regulators (OCC, FDIC, and Federal Reserve) proposed new guidance on third-party risk management.  According to the agencies, “The proposed guidance provides a framework based on sound risk management principles that banking organizations may use to address the risks associated with third-party relationships.” After an extended comment period […]

  • FFIEC Cancels E-Banking Handbook

    FFIEC Cancels E-Banking Handbook

    On May 13, 2022, the FFIEC very quietly rescinded the FFIEC Information Technology Examination Handbook (IT Handbook) booklet entitled E-Banking.  The original booklet was released in 2003 and was accompanied by a flurry of activity by financial institutions to come up with a separate E-banking policy and risk assessment.  In effect, the FFIEC is now […]

  • Have There Been Any Official Board Reporting Updates to the FFIEC InfoSec Handbook since 2016?

    Have There Been Any Official Board Reporting Updates to the FFIEC InfoSec Handbook since 2016?

    Hey Guru! Do you have any additional blogs about FDIC changing the annual IT report to the board? I saw the article from 2012 and was wondering if there are any updates to that. Has the FFIEC updated its Information Security IT Handbook after 2016 in regard to this subject?Thank you,Lynn Hi Lynn, and thanks […]

  • UPDATE – New Proposed Cyber Incident Notification Rules Finalized

    UPDATE – New Proposed Cyber Incident Notification Rules Finalized

    Last updated March 30, 2022. Currently, financial institutions are required to report a cyber event to their primary federal regulator under very specific circumstances. This requirement dates back to GLBA, Appendix B to Part 364 and states that FI incident response plans (IRP’s) should contain procedures for: “Notifying its primary Federal regulator as soon as […]

  • FFIEC Replaces, and Expands, the Operations Handbook

    FFIEC Replaces, and Expands, the Operations Handbook

    Back in June of this year the FFIEC released an update to the 2004 Operations Handbook called Architecture, Infrastructure, and Operations (AIO). As the lengthier name implies, this was not simply an update, it also greatly expanded the scope of operations to include architecture and infrastructure principles and practices. This reflects the tight integration between […]

  • New FFIEC Guidance for Access and Authentication

    New FFIEC Guidance for Access and Authentication

    In response to an expanded cybersecurity threat landscape, the FFIEC just issued an update to agency expectations for access and authentication to financial institution products and systems. This update replaces both the 2005 and the 2011 authentication guidance, and has been extended beyond digital banking (ebanking) customers to include everyone and everything that might have […]