-
FDIC issues new FIL…
…and pretty much confirms what most of us already knew; regulatory scrutiny has increased across the board. FIL-13-2011 entitled “Reminder on FDIC Examination Findings” was just released March 1st, and in spite of the title, is not so much a reminder but a response. Here is the one-line summary: “Recently, the FDIC has received some…
-
AICPA finalizes SAS 70 replacement
I wrote about this here as well, but it’s now official: The AICPA has clarified the SAS 70 replacement reports. They are actually officially being referred to as “Service Organization Control Reports (formerly SAS 70 reports)”. The new SOC reports provide a framework for auditors to examine controls and to help senior management understand the…
-
Mythbusting on-line security
As I write this (2/2011), we are expecting updated guidance from the FFIEC any day on on-line authentication and security. It is way overdue, as the last release was way back in 2005. It is supposed to address the changes in the security landscape since then, and hopefully it will even raise the bar a…
-
Top 5 Compliance Trends for 2011 – Part 5
As I write this, the only case to go to trial of a Bank suing the Merchant over account takeover losses is awaiting the jury’s decision. The result may redefine the liability, and by definition the roles and responsibilities, of both the financial institution and the merchant when it comes to securing electronic transactions. It…
-
Corporate account takeovers – responsibility vs. liability
In all remote merchant services (RDC, remote ACH, remote wire origination, etc.) there are three main parties responsible for securing the transaction:
