Starting immediately, all FDIC-examined institutions will be subjected to new IT examination procedures, the first major overhaul since December 2007. The new format is dubbed the InTREx program (Information Technology Risk Examination), and is designed to be a bit simpler in the pre-examination phase. In fact, the InTREx has only 26 questions vs. 59 for the 12/07 […]
The FDIC released FIL-17-2016 today, which will increase the examination cycle for community banks meeting certain criteria from 12 months to 18 months, thereby potentially decreasing one of the most intrusive events in the bankers life. The criteria is as follows: Must be less than $1 B in assets Must have a CAMELS composite rating […]
Hey GuruI recently had an FDIC examiner tell me that we needed to make a better distinction between a vendor and a service provider. His point seemed to be that by lumping them together in our vendor management program we were “over-analyzing” them. He suggested that we should be focused instead only on those few […]
Update 1 – 12/5/2011 to add examination procedures*.
Update 2 – 2/13/2012 to emphasize policy requirements.
Update 3 – 10/8/2012 to add specific courses of action
Fact 1 – According to the U.S. Bureau of Labor Statistics, the increasing complexity of financial regulations will spur employment growth of financial examiners. In fact it is expected to experience the third largest growth of all career paths through 2018: Fact 2 – According to Rep. Shelly Moore Capito (R-W.Va.), author of H.R. 3461, […]
Coming soon to your financial institution:
Dear Board of Directors:
Pursuant to the authority of the Dodd-Frank Wall Street Reform…
Read the rest of the article
This request was seen in a recent State examiners pre-examination questionnaire, and although I usually like to see a request a couple of times from different examiners before identifying it as a legitimate trend, this one could prove so potentially problematic that I thought I needed to get ahead of it. Before we go much […]
Based on recent examination findings, it would appear that the FDIC is changing what they expect to see in the annual information security report to the Board of Directors. The requirement for the report is established in the FFIEC Information Security Handbook where it states that a written report to the board should describe the […]
Similar to my previous post on Risk Assessments, I believe Uncertainty is also a 2-part trend: – Uncertainty about future regulatory changes, and – Uncertainty about the interpretation of existing regulations
In reviewing recent audit and examination findings, the issue of access rights and permissions is coming up with increasing regularity. Making sure that end-users have no more access rights than absolutely necessary to do their job is one of the best information security controls. According to the FFIEC, formal access rights administration for users consists […]
I asked in my previous post whether or not the regulators should share any of the blame when institutions fail, and if so, should they shoulder any of the liability? The thought occurred to me as I was reviewing some recent Material Loss Reviews. A Material Loss Review (MLR) is a post-mortum written by the […]