…at least in Georgia. The most recent Georgia State IT examinations are using a carbon copy of the FDIC 12/07 pre-examination IT questionnaire. If your primary federal regulator is the FDIC, this makes filling out the State questionnaire much easier. If not however, you’ll want to familiarize yourself with the format. There are 5 parts […]
Starting next year (or this year for Type II engagements that extend beyond 6/11), the traditional SAS 70 is being phased out in favor of the SSAE 16. The biggest difference is that the “A” no longer stand for “Audit”, but “Attestation”: Management of the service provider asserts that controls relative to security, availability, integrity, confidentiality and privacy are both adequate and effective, and the auditor attests to the assertion.
The Council is a formal inter-agency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), […]
The head of the World Health Organization (WHO) today declared the H1N1 influenza pandemic over, saying worldwide flu activity has returned to typical seasonal patterns and many people have immunity to the virus. WHO Director-General Margaret Chan said “The H1N1 virus has largely run its course.” This likely means that you are unlikely to encounter […]
Further to the previous post, the memorandum requires the FDIC opinion to prevail in the event that an institutions’ PFR (primary federal regulator) CAMELS rating differs from the FDIC: If the FDIC’s CAMELS ratings for an institution differ from a PFR’s assigned ratings, the FDIC is required to provide the PFR with an explanation of […]
A complete listing of ALL FFIEC Tier I and Tier II examination procedures in one place, courtesy of the BITS Shared Assessments project. Very handy!
According to a memorandum of understanding just signed by all the primary federal regulators (FDIC, OTS, OCC and Fed), the FDIC now has the authority to step in whenever they feel the DIF (deposit insurance fund) is in jeopardy. Although this is primarily targeted at larger (>$10b) institutions, it also applies to smaller (<$10b) institutions as well, and applies to ANY threat to the DIF, not just under-capitalization (i.e. any safety and soundness concerns)…
Auditors (and some FDIC examiners) are scrutinizing disaster recovery plans more closely, specifically looking to verify that the plan structure adheres to FFIEC guidance. We’ve definitely seen this…
This whitepaper talks about the recent FFIEC guidance on Retail Payment Systems.
Recent updates to the FFIEC handbooks: Retail Payment Systems, March 2010
Watch this educational webinar presented by the Compliance Guru and Attus.