-
Third-Party Risk Management Final Guidance – An In-depth Analysis
Background In July of 2021, the three primary bank regulators (OCC, FDIC, and Federal Reserve) proposed new guidance on third-party risk management (TPRM). According to the agencies, “The proposed guidance provides a framework based on sound risk management principles that banking organizations may use to address the risks associated with third-party relationships.” In June of…
-
Is It Time to Take the CAT to the Vet?
How a New Framework Can Improve Cybersecurity Assessments in Financial Institutions. In the age of digital banking, maintaining robust cybersecurity risk assessments and control reviews is paramount to protecting sensitive data from potential threats, and passing rigorous IT audits and examinations. Historically, a key tool in the arsenal has been the Cybersecurity Assessment Tool (CAT)…
-
FTC Redefines a Financial Institution. Could your customers and members be impacted?
Way back in 2002, the FTC proposed new standards that would require all “financial institutions” to develop, implement, and maintain “…reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information.” Officially known as Standards for Safeguarding Customer Information, this should sound very familiar to all “traditional” financial institutions, as…
-
A Look Back at 2020 and a Look Ahead to 2021: A Regulatory Compliance Update
From SafeSystems.com/Safe-Systems-Blog Safe Systems recently published a two-part regulatory compliance blog series that looked back at 2020 and ahead to 2021. In Part 1, we explored how regulations related to the Pandemic dominated the compliance landscape early in 2020 forcing financial institutions to make adjustments to their procedures and practices on the fly. In Part…
-
Asset Lifecycle Management
Since both Windows 7 and Server 2008 R2 will reach end-of-life support in January of 2020, many organizations have already made the jump to Windows 10 and Windows Server 2012, 2016, 2019, or Azure. If you have full control over the asset lifecycle management process for your financial institution you may have already completed this…
-
Guru Briefs – OCC on Cybersecurity & MRA’s, FFIEC on Cybersecurity Assessments
(NOTE: Guru Briefs are short takes on recently released regulatory activity. They are not a detailed analysis, but designed to draw attention to the Guru’s initial impressions.) In this edition: The OCC has been particularly active on the regulatory front lately, and even non-OCC institutions may want to pay attention, as the head of the OCC…
