Author: Tom Hinkel

  • FDIC Expands Criteria for 18 Month Exam Cycle

    FDIC Expands Criteria for 18 Month Exam Cycle

    The FDIC released FIL-17-2016 today, which will increase the examination cycle for community banks meeting certain criteria from 12 months to 18 months, thereby potentially decreasing one of the most intrusive events in the bankers life. The criteria is as follows: Must be less than $1 B in assets Must have a CAMELS composite rating…

  • FFIEC Updates (and Greatly Expands) the Management Handbook

    FFIEC Updates (and Greatly Expands) the Management Handbook

    This latest update to the IT Examination Handbook series comes 11 years after the original version.  And although IT has changed significantly in the past 11 years, the requirement that financial institutions properly manage the risks of IT has not changed.  This new Handbook contains many changes that will introduce new requirements and new expectations…

  • Ask the Guru: Cybersecurity “Risk Appetite”

    Ask the Guru: Cybersecurity “Risk Appetite”

    Hey Guru I saw multiple references to the term “risk appetite” in the FFIEC Cybersecurity Assessment Tool.  What exactly is risk appetite, and how can I address this in my institution? They just released Management Handbook contains 10 new references to “risk appetite”, including a requirement that the Board  has defined the institution’s risk appetite and it’s risk tolerance levels.…

  • FFIEC Releases Cybersecurity Assessment Tool

    FFIEC Releases Cybersecurity Assessment Tool

    UPDATE:  Safe Systems just released their Enhanced CyberSecurity Assessment Toolkit (ECAT) – This enhanced version of the FFIEC toolkit addresses the biggest drawback of the tool; the ability to collect, summarize, and report your risk and control maturity levels.   Once risks and controls have been assessed (Step 1 below), institutions will now be better able…

  • .Bank or .Bust? New Top Level Domain Promises Increased Security (and Plenty of Questions)

    .Bank or .Bust? New Top Level Domain Promises Increased Security (and Plenty of Questions)

    Bankers are being encouraged to register their domain names under the new .bank extension, and although there are reasons to consider making the switch, there are also many questions to answer.  Registration is currently open for institutions with a trademarked domain name.  Open registration begins June 23. First of all, the regulators have not offered an…

  • FFIEC Issues Stealth Update to BCP Handbook

    FFIEC Issues Stealth Update to BCP Handbook

    This caught me by surprise as it was not formally announced in the “What’s New” section, but the Appendix J update to the Business Continuity Planning Handbook apparently constituted a complete update to the Handbook.  Here is what the press release said in part: The Federal Financial Institutions Examination Council (FFIEC) members today issued a revised…