|  In

Outsourcing – Rewards and Risks

There are twelve booklets in the FFIEC IT Examination Handbook series, and ten of them make reference to the importance of managing third-party relationships. Today, the vast majority of financial institutions outsource at least one business function, and almost 50% of institutions outsource at least one critical business function. Among community financial institutions, the percentages […]

 |  In

Reg Flag enforcement delayed until 12/31/10

The FTC has decided to further delay the enforcement of the “Red Flags” rule (although this does NOT affect the original 11/1/2008 deadline for compliance). This is the second delay since the rule became effective 1/1/2008. Institutions should have a policy and procedures in place NOW, as examiners will undoubtedly be checking policy revision and […]

 |  In

Vendor Management – BITS and Pieces

The effective management of critical vendors is an essential risk control. The FFIEC mentions this several times in their Examination Handbooks, most recently in the “Information Security” Handbook from July, 2006. Although most financial institutions are accustomed to approaching this from their own perspective, i.e. from the serviced side, this white paper will take a […]