-
ID Theft and SAR filings
In the past, authoritative reports on identity theft have used surveys conducted with the general public to collect ID theft related data. However…
-
Dodd-Frank and agency consolidation
Although the specific requirements and burdens of the almost 250 regulations and more than 2000 pages in the Dodd-Frank Act are yet to…
-
Reg. E reform and RDC
I recently ran across an excellent post on this topic regarding the fact that even though Reg. E does not currently regard corporate and municipal accounts the same as consumer accounts, they do, in fact, pose the same risk to the financial institution. As the original post on Krebs’ site points out, why should the…
-
FDIC and State examiners teaming up
I wrote a similar post earlier, but it now seems that perhaps the reason the State of Georgia has adopted the FDIC IT Examination Questionnaire is that the FDIC has been showing up on-site with the State examiners. I’ve gotten reports that this is happening with increasing frequency, and not just in Georgia. My advice…
-
The FFIEC Handbooks and the SAS 70
I’ve written about the 6/15/2011 phase-out of the SAS 70 report in favor of the SSAE 16 series (SOC 1, SOC 2, SOC3) here and here. The AICPA isn’t expected to update their audit guide until sometime early next year, but financial institutions are anxious to get the FFIEC to comment, as the SAS 70…
-
Interview with head of FDIC IT examinations
In an interview with Don Saxinger at bankinfosecurity.com, the head of IT examiner oversight addresses vendor management. Here is my summary of that interview:
