Category: From the Field

  • Windows XP and Electronic Banking

    The FFIEC has previously issued a statement on Windows XP and the regulatory expectations for both financial institutions and TSP’s beyond April 8th, but so far the regulators have not weighed in on the implications to e-banking and RDC customers.  According to some estimates, as many as 30-40% of your business customers may still be […]

  • A Look Back at 2013…and a Look Ahead – Part 1 (charts edition)

    One thing that’s clear from the examination feedback I’ve received from financial institutions in 2013 is that examiners are spending less time in their safety & soundness examinations on the CAMELS “C”, “A”, & “L” (capital, asset quality and liquidity) issues, and more time on the “M” & “E” (management and earnings) issues.  (There was […]

  • Ask the Guru: The IT Audit “Scope”

    Hey Guru Our examiner is asking about the “scope” of our IT audits. What is she referring to, and how do we define a reasonable scope? Audit results are one of the first things examiners want to see, and the “scope” of the audit is very important to examiners.  In fact, the term is used […]

  • Ask the Guru: Vendor vs. Service Provider

    Hey GuruI recently had an FDIC examiner tell me that we needed to make a better distinction between a vendor and a service provider.  His point seemed to be that by lumping them together in our vendor management program we were “over-analyzing” them.  He suggested that we should be focused instead only on those few […]

  • Ask the Guru: Fedline in the lobby

    Hey Guru, I have a question about Fedline.  Will regulators write us up for having Fedline on a PC in the lobby of the bank? Possibly, I have seen that.  The issue is with the extreme sensitivity of data processed on that device, so if you want to leave it where it is, your response […]

  • The Problem with PEN Tests

    This is a true story, the names have been changed to protect the guilty. Al Akazam (not his real name) is an IT consultant with a solid background in
    Read the rest of the article