• Ask the Guru: “The Cybersecurity Assessment Tool… Do we have to?”

    Ask the Guru: “The Cybersecurity Assessment Tool… Do we have to?”

    Hey Guru! Management is asking why we have to complete the FFIEC Cybersecurity Assessment Tool when it is voluntary. They feel it is too much work if it is not mandatory. I think it is still needed even though it is voluntary. Is there any documentation as to why it is still necessary for OCC […]

  • FDIC Updates IT Examination Procedures

    FDIC Updates IT Examination Procedures

    Starting immediately, all FDIC-examined institutions will be subjected to new IT examination procedures, the first major overhaul since December 2007.  The new format is dubbed the InTREx program (Information Technology Risk Examination), and is designed to be a bit simpler in the pre-examination phase.  In fact, the InTREx has only 26 questions vs. 59 for the 12/07 […]

  • FDIC Targets Board Responsibilities

    FDIC Targets Board Responsibilities

    “A topic is at times of such significant interest to bankers and examiners that it warrants a special issue…”  Whenever something from a regulatory body begins this way all bankers should take notice, and the latest Special Corporate Governance Edition from the FDIC is no exception.  In fact the Guru did a little research and the last time the FDIC released […]

  • FDIC Expands Criteria for 18 Month Exam Cycle

    FDIC Expands Criteria for 18 Month Exam Cycle

    The FDIC released FIL-17-2016 today, which will increase the examination cycle for community banks meeting certain criteria from 12 months to 18 months, thereby potentially decreasing one of the most intrusive events in the bankers life. The criteria is as follows: Must be less than $1 B in assets Must have a CAMELS composite rating […]

  • Cybersecurity – Part 2

    In Part 1 I discussed the increasing regulatory focus on cybersecurity, and what to expect in the short term.  In this post I want to dissect the individual elements of cybersecurity, and list what you’ll need to do to demonstrate compliance on each one going forward. So here are the required elements of a cybersecurity program, followed […]

  • Cybersecurity – Part 1

    Cybersecurity has gotten a lot of attention from regulators lately, and with assessments already underway it promises to be a regulatory focus for the foreseeable future.  But exactly what are they expecting from you, and how does that differ from what you may be doing already?  More importantly, how should you demonstrate that you are […]