(NOTE: Guru Briefs are short takes on recently released regulatory activity. They are not a
…Read the rest of the article
Guru Briefs – OCC on Cybersecurity & MRA’s, FFIEC on Cybersecurity Assessments
Read the rest of the article
Read the rest of the article
Say What You Do…But Do What You Say
Feedback from recent regulatory examinations indicates a potentially troublesome trend; regulators are actually reading your
…Read the rest of the article
Windows XP and Electronic Banking
The FFIEC has previously issued a statement on Windows XP and the regulatory expectations for
…Read the rest of the article
A Look Back at 2013…and a Look Ahead – Part 1 (charts edition)
One thing that’s clear from the examination feedback I’ve received from financial institutions in 2013
…Read the rest of the article
Ask the Guru: The IT Audit “Scope”
Hey Guru
Our examiner is asking about the “scope” of our IT audits. What is
Read the rest of the article
Ask the Guru: Vendor vs. Service Provider
Hey Guru
I recently had an FDIC examiner tell me that we needed to make
Read the rest of the article
Ask the Guru: Fedline in the lobby
Hey Guru,
I have a question about Fedline. Will regulators write us up for having
…Read the rest of the article
The Problem with PEN Tests
This is a true story, the names have been changed to protect the guilty. Al Akazam (not his real name) is an IT consultant with a solid background in
Read the rest of the article
Read the rest of the article
Examination Downgrades Correlated with Poor Vendor Management
According to Donald Saxinger (senior examination specialist in FDIC’s Technology Supervision Branch) in a telephone briefing given to the ABA in
Read the rest of the article
Read the rest of the article
Implementing the CFPB-required Compliance Management System (Part 2)
CFPB compliance examinations have only just started and the agency has already identified deficiencies in
…Read the rest of the article