-
Risk Assessing Internet Banking – Two Different Approaches
One of the big “must do” take-aways from the updated FFIEC Authentication Guidance was the requirement for all institutions to conduct risk assessments. Not just prior to implementing electronic banking services, but periodically throughout the relationship if certain factors change, such as: changes in the internal and external threat environment, including those discussed in the…
-
BCP plans continue to draw criticism
In a recent FDIC IT Examination, the examiner made the following criticism of the institutions’ DR/BCP: “Business continuity planing should focus on all critical business functions that need to be recovered to resume operations. Continuity planing for technology alone should no longer be the primary focus of a BCP, but rather viewed as one critical…
-
Looking back – 2010 compliance hits & misses
Every year about this time, I’m asked to look ahead to the upcoming year and prognosticate on regulatory compliance trends. I intend to do just that in a future post, but today I wanted to do something very few other prognosticators do…look back at last years’ predictions and see which ones hit and which missed…
-
DR Plans – Compliant or Recoverable?
When addressing the issue of your disaster recovery plan, the ultimate goal is both. But if you’re faced with limited resources (time, personnel, and money), and need to decide whether you’ll conduct a test or re-write your existing plan, what should you do? A successful test demonstrates that you can recover if you have to. …
-
WHO declares H1N1 pandemic over
The head of the World Health Organization (WHO) today declared the H1N1 influenza pandemic over, saying worldwide flu activity has returned to typical seasonal patterns and many people have immunity to the virus. WHO Director-General Margaret Chan said “The H1N1 virus has largely run its course.” This likely means that you are unlikely to encounter…
-
DR/BCP Scrutiny – UPDATED
Auditors (and some FDIC examiners) are scrutinizing disaster recovery plans more closely, specifically looking to verify that the plan structure adheres to FFIEC guidance. We’ve definitely seen this…
