-
Say What You Do…But Do What You Say
Feedback from recent regulatory examinations indicates a potentially troublesome trend; regulators are actually reading your policies. Traditionally, regulatory findings are concentrated in policy weaknesses. Either polices don’t exist (social media and mobile banking for example), or they do exist but need “expansion”. (“Expansion” is a vague and often used-term in examination findings to indicate a…
-
Windows XP and Electronic Banking
The FFIEC has previously issued a statement on Windows XP and the regulatory expectations for both financial institutions and TSP’s beyond April 8th, but so far the regulators have not weighed in on the implications to e-banking and RDC customers. According to some estimates, as many as 30-40% of your business customers may still be…
-
A Look Back at 2013…and a Look Ahead – Part 1 (charts edition)
One thing that’s clear from the examination feedback I’ve received from financial institutions in 2013 is that examiners are spending less time in their safety & soundness examinations on the CAMELS “C”, “A”, & “L” (capital, asset quality and liquidity) issues, and more time on the “M” & “E” (management and earnings) issues. (There was…
-
Ask the Guru: The IT Audit “Scope”
Hey Guru Our examiner is asking about the “scope” of our IT audits. What is she referring to, and how do we define a reasonable scope? Audit results are one of the first things examiners want to see, and the “scope” of the audit is very important to examiners. In fact, the term is used…
-
Ask the Guru: Vendor vs. Service Provider
Hey GuruI recently had an FDIC examiner tell me that we needed to make a better distinction between a vendor and a service provider. His point seemed to be that by lumping them together in our vendor management program we were “over-analyzing” them. He suggested that we should be focused instead only on those few…
-
Ask the Guru: Fedline in the lobby
Hey Guru, I have a question about Fedline. Will regulators write us up for having Fedline on a PC in the lobby of the bank? Possibly, I have seen that. The issue is with the extreme sensitivity of data processed on that device, so if you want to leave it where it is, your response…
