Category: Hot Topics

  • Commercially UNreasonable Security

    So an appellate court has just reversed the PATCO court ruling, essentially deciding against the financial institution. They ruled that the banks’ security procedures were commercially UN-reasonable.

  • FFIEC issues Cloud Computing Guidance

    Actually the document is classified as “for informational purposes only”, which is to say that it is not a change or update to any specific Handbook and presumably does not carry the weight of regulatory guidance.  However, it is worth a read by all financial institutions outsourcing services because it provides reinforcement for, and references…

  • Managing Social Media Risk – LinkedIn Edition

    By now everyone has heard about the breach at LinkedIn, where 6.5 million email password hashes were leaked (over half of which have been cracked, or converted into plain text).  Those who read this blog regularly know how I feel about social media in general: “So managing social media risk boils down to this:  You…

  • 5 Keys to Understanding a SOC 2 Report

    Although I have written about these relatively new reports frequently, and for some time now, it still remains a topic of great interest to financial institutions.  Fully 20% of all searches on this site over the past 6 months include the terms “SOC” or “SOC 2”, or “SAS 70”.  Some of this increased interest comes…

  • FDIC Supervisory Letter Issued on Critical Service Provider

    (NOTE:  Although the vendor in question has been publicized by the NCUA, I will not name it here because it is not relevant.  If you currently contract with the vendor you know who it is, and you need to know how to respond to the letter.  If you don’t, you’ll need to know how to…

  • FFIEC Handbook Update – Outsourcing

    The FFIEC has just added a section to the Outsourcing Technology Services IT Examination Handbook, and it should be required reading for financial institutions as well as any managed service providers.  The new section is Appendix D: Managed Security Service Providers, and it is the first significant change to the Handbook since it was released in…