Compliance Guru • FFIEC Guidance
  • Ask the Guru
  • The Guru Speaks
  • About
  • Ask the Guru
  • The Guru Speaks
  • About
The Compliance Guru Pictogram

Are You Ready for the New BCM Handbook?

Take the Quiz

Moving Beyond the ACET: Next Steps

Get a Copy

Role of the Information Security Officer

Get a Copy

Looking Ahead to 2021
By The Safe Systems Compliance Team  |  In From the Field

A Look Back at 2020 and a Look Ahead to 2021: A Regulatory Compliance Update

From SafeSystems.com/Safe-Systems-Blog Safe Systems recently published a two-part regulatory compliance blog series that looked back at 2020 and ahead to 2021. In Part 1, we explored how regulations related to the Pandemic dominated the compliance landscape early in 2020 forcing financial institutions to make adjustments to their procedures and practices on the fly. In Part […]

Read Post 0
Ask the Guru – Can We Apply Similar Controls to Satisfy Both GLBA and GDPR
By The Safe Systems Compliance Team  |  In Ask the Guru

Can We Apply Similar Controls to Satisfy Both GLBA and GDPR?

Hey Guru! Are the Gramm–Leach–Bliley Act (GLBA) and the General Data Protection Regulation (GDPR) similar enough to apply the same or equivalent set of layered controls? My understanding is that GDPR has placed a higher premium on the protection of a narrower definition of data. So, my question is more about whether FFIEC requirements for […]

Read Post 0
How does this change your current approach?
By The Safe Systems Compliance Team  |  In Hot Topics

FFIEC Issues Joint Statement on Cyber Insurance

The statement is here, and is intended to provide additional awareness about the possible use of cyber insurance to off-set financial losses resulting from cyber incidents. Here are a few high-level observations: First of all, we’ve seen several announcements from various organizations stating that “the FFIEC has released new guidance…”. The statement makes it clear […]

Read Post 0
Banker looking over the CAT
By The Safe Systems Compliance Team  |  In Hot Topics

FFIEC Cybersecurity Assessment Tool Update

The FFIEC recently released a long-awaited update to the Cybersecurity Assessment Tool, and we think overall it is a relatively minor but useful evolution. But before we get into the details of what the update does address, it’s important to note that it did not address the ambiguity issues that plague the current assessment. One […]

Read Post 0
Late Night Exam Questions
By Tom Hinkel  |  In Ask the Guru

Ask the Guru: How Can I Best Determine My Cyber Risk Profile?

Hey Guru! We just completed the Cybersecurity Assessment, so now we have our current risk and control maturity levels identified.  Can we draw any conclusions about our average risk and control levels?  For example, most of our risks are in the Least and Minimal areas, but we do have a few Moderate as well.  Can we […]

Read Post 0
Do we have to complete the FFIEC's CAT?
By Holly Hooks  |  In Ask the Guru

Ask the Guru: “The Cybersecurity Assessment Tool… Do we have to?”

Hey Guru! Management is asking why we have to complete the FFIEC Cybersecurity Assessment Tool when it is voluntary. They feel it is too much work if it is not mandatory. I think it is still needed even though it is voluntary. Is there any documentation as to why it is still necessary for OCC […]

Read Post 1
iStock_000074483739_Double
By Tom Hinkel  |  In Hot Topics

FFIEC Updates (and Greatly Expands) the Management Handbook

This latest update to the IT Examination Handbook series comes 11 years after the original version.  And although IT has changed significantly in the past 11 years, the requirement that financial institutions properly manage the risks of IT has not changed.  This new Handbook contains many changes that will introduce new requirements and new expectations […]

Read Post 0
How's your appetite?
By Tom Hinkel  |  In Ask the Guru

Ask the Guru: Cybersecurity “Risk Appetite”

Hey Guru I saw multiple references to the term “risk appetite” in the FFIEC Cybersecurity Assessment Tool.  What exactly is risk appetite, and how can I address this in my institution? They just released Management Handbook contains 10 new references to “risk appetite”, including a requirement that the Board  has defined the institution’s risk appetite and it’s risk tolerance levels. […]

Read Post 2
Assessing the Assessment
By Tom Hinkel  |  In Hot Topics

FFIEC Releases Cybersecurity Assessment Tool

UPDATE:  Safe Systems just released their Enhanced CyberSecurity Assessment Toolkit (ECAT) – This enhanced version of the FFIEC toolkit addresses the biggest drawback of the tool; the ability to collect, summarize, and report your risk and control maturity levels.   Once risks and controls have been assessed (Step 1 below), institutions will now be better able […]

Read Post 4
iStock_000020616677_Med
By Tom Hinkel  |  In Hot Topics

.Bank or .Bust? New Top Level Domain Promises Increased Security (and Plenty of Questions)

Bankers are being encouraged to register their domain names under the new .bank extension, and although there are reasons to consider making the switch, there are also many questions to answer.  Registration is currently open for institutions with a trademarked domain name.  Open registration begins June 23. First of all, the regulators have not offered an […]

Read Post 1
By Tom Hinkel  |  In Hot Topics

FFIEC Issues 2 Statements on Cybersecurity

Both statements address recent cybersecurity threats; one targeting online credentials (passwords, usernames, e-mail addresses that may be used by employees or customers to authenticate themselves), and one addressing destructive malware.  The statements advise specific risk mitigation steps institutions should consider, and I thought it would be instructive to compare the steps to see which are common to […]

Read Post 0
Newer
12
Older

Join Our Community

Browse Posts

  • Ask the Guru
  • Ask the ISO
  • From the Field
  • Hot Topics
  • Reading Between the Lines
  • Resources

Copyright © Compliance Guru®.
All Rights Reserved.

Powered by Safe Systems. Privacy Policy

Stay up to date with these pandemic resources for community banking.See COVID-19 Resources
+