Author: The Safe Systems Compliance Team

  • Compliance Quick Bites – Tests vs. Exercises, and the Resiliency Factor

    Compliance Quick Bites – Tests vs. Exercises, and the Resiliency Factor

    One of several changes implemented in the 2019 FFIEC BCM Examination Handbook is a subtle but important differentiation between a BCMP “test” and an “exercise”. I discussed some of the more material changes here, but we’re starting to see examiner scrutiny into not just if, but exactly what and how you’re testing. According to the…

  • Can We Apply Similar Controls to Satisfy Both GLBA and GDPR?

    Can We Apply Similar Controls to Satisfy Both GLBA and GDPR?

    Hey Guru! Are the Gramm–Leach–Bliley Act (GLBA) and the General Data Protection Regulation (GDPR) similar enough to apply the same or equivalent set of layered controls? My understanding is that GDPR has placed a higher premium on the protection of a narrower definition of data. So, my question is more about whether FFIEC requirements for…

  • Reading Between the Lines: The Interagency Examiner Guidance for Assessing Safety and Soundness During COVID-19

    Reading Between the Lines: The Interagency Examiner Guidance for Assessing Safety and Soundness During COVID-19

    On June 23, 2020, the FDIC posted “The Interagency Examiner Guidance for Assessing Safety and Soundness Considering the Effect of the COVID-19 Pandemic on Institutions.” FIL-64-2020 This statement this is only one of several interagency statements issued since the start of the Covid-19 Pandemic outlining supervisory principles examiners will use to guide their safety and…

  • Reading Between the Lines: Recent Regulatory News

    Reading Between the Lines: Recent Regulatory News

    March 30, 2020 – Federal Reserve Statement on Supervisory Activities Where did it come from, and where can I find it? The Federal Reserve Who needs to know about it? All financial institutions supervised by the Federal Reserve Why was it Issued? To address adjustments in their supervisory approach in light of COVID-19 What does…

  • Are You Required to Address Your COVID-19 Readiness with Your Customers?

    Are You Required to Address Your COVID-19 Readiness with Your Customers?

    Hey Guru! Are we required to post any kind of statement to the public or our customers as to our readiness for the COVID-19? If so, can you direct me to the kinds of things we need to say? We are working on an ad to educate our customers on how to use our online…

  • FFIEC Issues Statement on Pandemic Planning

    FFIEC Issues Statement on Pandemic Planning

    Background Similar to the Joint Statement on Destructive Malware issued in January in response to heightened geopolitical cyber risks from foreign actors, the FFIEC just released an Interagency Statement on Pandemic Planning in response to the current COVID-19 epidemic. Similar to the Destructive Malware statement, this statement does not impose any additional regulatory expectations on…