“A topic is at times of such significant interest to bankers and examiners that it warrants a special issue…” Whenever something from a regulatory body begins this way all bankers should take notice, and the latest Special Corporate Governance Edition from the FDIC is no exception. In fact the Guru did a little research and the last time the FDIC released […]
The FDIC released FIL-17-2016 today, which will increase the examination cycle for community banks meeting certain criteria from 12 months to 18 months, thereby potentially decreasing one of the most intrusive events in the bankers life. The criteria is as follows: Must be less than $1 B in assets Must have a CAMELS composite rating […]
This latest update to the IT Examination Handbook series comes 11 years after the original version. And although IT has changed significantly in the past 11 years, the requirement that financial institutions properly manage the risks of IT has not changed. This new Handbook contains many changes that will introduce new requirements and new expectations […]
Hey Guru I saw multiple references to the term “risk appetite” in the FFIEC Cybersecurity Assessment Tool. What exactly is risk appetite, and how can I address this in my institution? They just released Management Handbook contains 10 new references to “risk appetite”, including a requirement that the Board has defined the institution’s risk appetite and it’s risk tolerance levels. […]
UPDATE: Safe Systems just released their Enhanced CyberSecurity Assessment Toolkit (ECAT) – This enhanced version of the FFIEC toolkit addresses the biggest drawback of the tool; the ability to collect, summarize, and report your risk and control maturity levels. Once risks and controls have been assessed (Step 1 below), institutions will now be better able […]
Bankers are being encouraged to register their domain names under the new .bank extension, and although there are reasons to consider making the switch, there are also many questions to answer. Registration is currently open for institutions with a trademarked domain name. Open registration begins June 23. First of all, the regulators have not offered an […]
This caught me by surprise as it was not formally announced in the “What’s New” section, but the Appendix J update to the Business Continuity Planning Handbook apparently constituted a complete update to the Handbook. Here is what the press release said in part: The Federal Financial Institutions Examination Council (FFIEC) members today issued a revised […]
Both statements address recent cybersecurity threats; one targeting online credentials (passwords, usernames, e-mail addresses that may be used by employees or customers to authenticate themselves), and one addressing destructive malware. The statements advise specific risk mitigation steps institutions should consider, and I thought it would be instructive to compare the steps to see which are common to […]
The FFIEC just issued new BCP Guidance in the form of a 16 page addendum to the existing 2008 IT Handbook on Business Continuity Planning. It is titled “Appendix J: Strengthening the Resilience of Outsourced Technology Services”, and it has significant implications for both financial institutions and service providers, and across the entire business relationship […]
The last step in the vendor management process is to manage, or control, the risk that was identified in step 1, and assessed (as inherent risk) in step 2. Controlling risk is defined as applying risk mitigation techniques (or “controls”) to reduce risk to acceptable levels It’s important to understand that risk can never be completely eliminated, […]
