Author: Tom Hinkel

As author of the Compliance Guru website, Hinkel shares easy to digest information security tidbits with financial institutions across the country. With almost twenty years’ experience, Hinkel’s areas of expertise spans the entire spectrum of information technology. He is also the VP of Compliance Services at Safe Systems, a community banking tech company, where he ensures that their services incorporate the appropriate financial industry regulations and best practices.
13 Jul 2010
Hot Topics Tom Hinkel 1 Comment

FDIC can now step in regardless of primary regulator (part 1)

According to a memorandum of understanding just signed by all the primary federal regulators (FDIC, OTS, OCC and Fed), the FDIC now has the authority to step in whenever they feel the DIF (deposit insurance fund) is in jeopardy. Although this is primarily targeted at larger (>$10b) institutions, it also applies to smaller (<$10b) institutions as well, and applies to ANY threat to the DIF, not just under-capitalization (i.e. any safety and soundness concerns).

There are several potential implications for this, but I think the primary one is that since the opinion of the FDIC examiner will prevail, all other primary regulators will follow their lead when it comes to interpretation of FFIEC guidance. We all know that certain regulators (FDIC) are more stringent than others (OTS, OCC) when it comes to both the interpretation of federal guidance, and the way that is reflected in examination procedures.

Compliance officers would be well advised to be proactive by following FDIC examination procedures regardless of your primary regulator.

09 Jul 2010
From the Field Tom Hinkel 0 comment

DR/BCP Scrutiny – UPDATED

Auditors (and some FDIC examiners) are scrutinizing disaster recovery plans more closely, specifically looking to verify that the plan structure adheres to FFIEC guidance. We’ve definitely seen this regarding the Business Impact Analysis and the Risk Assessment; the first 2 phases specified by the guidance.

FFIEC DR Cycle

UPDATE: At least one regulator (OTS) is demanding that all Recovery Time Objectives (RTO’s) be based on an methodical analysis of the tolerance for downtime for each process, and NOT simply a subjective value.

29 Jun 2010
Resources Tom Hinkel 0 comment

Outsourcing – Rewards and Risks

There are twelve booklets in the FFIEC IT Examination Handbook series, and ten of them make reference to the importance of managing third-party relationships. Today, the vast majority of financial institutions outsource at least one business function, and almost 50% of institutions outsource at least one critical business function. Among community financial institutions, the percentages are even higher. The two biggest reasons for outsourcing are to cut costs and to gain expertise, but there may be other advantages, such as to increase management focus on core business functions, or to refocus limited internal resources on core functions. Ultimately, the decision to outsource should fit into the institution’s overall strategic plan and corporate objectives.

Download this whitepaper now.

21 Jun 2010
Hot Topics Tom Hinkel 0 comment

Reg Flag enforcement delayed until 12/31/10

The FTC has decided to further delay the enforcement of the “Red Flags” rule (although this does NOT affect the original 11/1/2008 deadline for compliance). This is the second delay since the rule became effective 1/1/2008.

Institutions should have a policy and procedures in place NOW, as examiners will undoubtedly be checking policy revision and approval dates once enforcement begins.

Additional help is available here.

© 2025 UFS Tech. All rights reserved. Compliance Guru is a registered trademark of UFS Tech. Privacy Policy