There are twelve booklets in the FFIEC IT Examination Handbook series, and ten of them make reference to the importance of managing third-party relationships. Today, the vast majority of financial institutions outsource at least one business function, and almost 50% of institutions outsource at least one critical business function. Among community financial institutions, the percentages […]
Reg Flag enforcement delayed until 12/31/10
The FTC has decided to further delay the enforcement of the “Red Flags” rule (although this does NOT affect the original 11/1/2008 deadline for compliance). This is the second delay since the rule became effective 1/1/2008. Institutions should have a policy and procedures in place NOW, as examiners will undoubtedly be checking policy revision and […]
Disaster Recovery & Strategic Planning: How alignment can reduce risk and cost
If it’s been done correctly, your business continuity program has been developed to support your Banks’ strategic plan. The capabilities of your hardware and software have been carefully selected to coincide with the needs of your target market. Your financial projections are based on your ability to successfully penetrate your target market, and your DR […]
Vendor Management – BITS and Pieces
The effective management of critical vendors is an essential risk control. The FFIEC mentions this several times in their Examination Handbooks, most recently in the “Information Security” Handbook from July, 2006. Although most financial institutions are accustomed to approaching this from their own perspective, i.e. from the serviced side, this white paper will take a […]
Compliance Advisory Committee
Listen to our free-form discussion on timely compliance topics (recorded 5/4/10).