Compliance Guru • FFIEC Guidance
  • Ask the Guru
  • The Guru Speaks
  • About
  • Ask the Guru
  • The Guru Speaks
  • About
The Compliance Guru Pictogram

Are You Ready for the New BCM Handbook?

Take the Quiz

Moving Beyond the ACET: Next Steps

Get a Copy

Role of the Information Security Officer

Get a Copy

Most institutions should prepare for a much more thorough examination
By Tom Hinkel  |  In Hot Topics

FDIC Updates IT Examination Procedures

Starting immediately, all FDIC-examined institutions will be subjected to new IT examination procedures, the first major overhaul since December 2007.  The new format is dubbed the InTREx program (Information Technology Risk Examination), and is designed to be a bit simpler in the pre-examination phase.  In fact, the InTREx has only 26 questions vs. 59 for the 12/07 […]

Read Post 0
More Time
By Tom Hinkel  |  In Hot Topics

FDIC Expands Criteria for 18 Month Exam Cycle

The FDIC released FIL-17-2016 today, which will increase the examination cycle for community banks meeting certain criteria from 12 months to 18 months, thereby potentially decreasing one of the most intrusive events in the bankers life. The criteria is as follows: Must be less than $1 B in assets Must have a CAMELS composite rating […]

Read Post 0
By Tom Hinkel  |  In Ask the Guru, From the Field

Ask the Guru: Vendor vs. Service Provider

Hey GuruI recently had an FDIC examiner tell me that we needed to make a better distinction between a vendor and a service provider.  His point seemed to be that by lumping them together in our vendor management program we were “over-analyzing” them.  He suggested that we should be focused instead only on those few […]

Read Post 2
By Tom Hinkel  |  In From the Field

FDIC Institutions still getting UIGEA (Reg GG) findings – UPDATE

Update 1 – 12/5/2011 to add examination procedures*.
Update 2 – 2/13/2012 to emphasize policy requirements.
Update 3 – 10/8/2012 to add specific courses of action

Read the rest of the article

Read Post 0
By Tom Hinkel  |  In From the Field

5 “random” facts

Fact 1 – According to the U.S. Bureau of Labor Statistics, the increasing complexity of financial regulations will spur employment growth of financial examiners.  In fact it is expected to experience the third largest growth of all career paths through 2018: Fact 2 – According to Rep. Shelly Moore Capito (R-W.Va.), author of H.R. 3461, […]

Read Post 0
By Tom Hinkel  |  In From the Field

CFPB Examinations Are Coming – UPDATE 2

Coming soon to your financial institution:

Dear Board of Directors:

Pursuant to the authority of the Dodd-Frank Wall Street Reform…
Read the rest of the article

Read Post 0
By Tom Hinkel  |  In From the Field

“Data-flow diagrams”

This request was seen in a recent State examiners pre-examination questionnaire, and although I usually like to see a request a couple of times from different examiners before identifying it as a legitimate trend, this one could prove so potentially problematic that I thought I needed to get ahead of it. Before we go much […]

Read Post 0
By Tom Hinkel  |  In From the Field

FDIC changing annual IT report to Board?

Based on recent examination findings, it would appear that the FDIC is changing what they expect to see in the annual information security report to the Board of Directors.  The requirement for the report is established in the FFIEC Information Security Handbook where it states that a written report to the board should describe the […]

Read Post 0
By Tom Hinkel  |  In Hot Topics

2012 Compliance Trends, Part 5 – Uncertainty (UPDATE)

Similar to my previous post on Risk Assessments, I believe Uncertainty is also a 2-part trend: – Uncertainty about future regulatory changes, and – Uncertainty about the interpretation of existing regulations

Read Post 0
By Tom Hinkel  |  In From the Field

Access Rights a frequent finding

In reviewing recent audit and examination findings, the issue of access rights and permissions is coming up with increasing regularity.  Making sure that end-users have no more access rights than absolutely necessary to do their job is one of the best information security controls.  According to the FFIEC, formal access rights administration for users consists […]

Read Post 1
By Tom Hinkel  |  In From the Field

Material Loss Reviews: Does responsibility = liability?

I asked in my previous post whether or not the regulators should share any of the blame when institutions fail, and if so, should they shoulder any of the liability?  The thought occurred to me as I was reviewing some recent Material Loss Reviews. A Material Loss Review (MLR)  is a post-mortum written by the […]

Read Post 0
Newer
12…5
Older

Join Our Community

Browse Posts

  • Ask the Guru
  • Ask the ISO
  • From the Field
  • Hot Topics
  • Reading Between the Lines
  • Resources

Copyright © Compliance Guru®.
All Rights Reserved.

Powered by Safe Systems. Privacy Policy

Stay up to date with these pandemic resources for community banking.See COVID-19 Resources
+