-
New FDIC Survey Results and Third-Party Providers
The new FDIC Supervisory Insights Winter 2010 newsletter addresses several issues of interest to bankers, including Trust Preferred Securities, Managing Agricultural Credit, and Senior Life Settlements. But there was also a section that analyzed the results of a survey that was conducted by FDIC examiners over the past year. The more than 2,100 responses…
-
Red Flag enforcement to start 12/31
With the signing of legislation on 12/18 exempting certain health care practitioners and other businesses from complying with the Red Flags Rules, it would seem to clear the way for enforcement to begin at the end of this month. Financial institutions have had to comply with the guidelines since 1/1/2008, but regulatory enforcement has been…
-
SAS 70 replacement…3 alternatives
I’ve written about this here, here and here, and we are still waiting on additional guidance from the AICPA, now expected March/April 2011. But of greater interest to financial institutions is the opinion of the FFIEC, which refers to the SAS 70 in the IT Examination Handbooks 30 times, and has yet to officially…
-
SAS 70 vs. SSAE 16 from the service provider perspective
Although it’s unclear what, if anything, the FFIEC* will say about the new standard before it is officially adopted in June of next year, one thing is certain…both vendors and financial institutions will need to become familiar with the differences in the interim. And one of the most significant differences between the two reporting standards…
-
Mobile devices and information security
The key to addressing the risk of mobile devices is to think of them as functionally equivalent to a PC (with all the information security risks…
