Tag: FDIC

18 Aug 2010
From the Field Tom Hinkel 2 Comments

State regulators adopting FDIC pre-exam questionnaire… (Update)

…at least in Georgia.  The most recent Georgia State IT examinations are using a carbon copy of the FDIC 12/07 pre-examination IT questionnaire.  If your primary federal regulator is the FDIC, this makes filling out the State questionnaire much easier.  If not however, you’ll want to familiarize yourself with the format.

There are 5 parts to the questionnaire:

  1. Risk Assessment
  2. Operations Security and Risk Management
  3. Audit/Independent Review Program
  4. Disaster Recovery and Business Continuity Management
  5. either…
    1. Vendor Management and Service Provider Management (newer version), or
    2. Gramm-Leach-Bliley Act/FDIC Rules and Regulations – 12 CFR Part 364 Appendix B (older version)

Also, we’ve definitely seen increased State examiner activity in general.  I’ve seen more State exam questionnaires this month than I’ve seen in the past 4 months.

UPDATE:  Add the State of Maryland to this list, with Vendor Management as Part 5.

09 Aug 2010
Hot Topics Tom Hinkel 1 Comment

FDIC can now step in regardless of primary regulator (part 2)

Further to the previous post, the memorandum requires the FDIC opinion to prevail in the event that an institutions’ PFR (primary federal regulator) CAMELS rating differs from the FDIC:

If the FDIC’s CAMELS ratings for an institution differ from a PFR’s assigned ratings, the FDIC is required to provide the PFR with an explanation of the basis for the FDIC’s position. In the event of a disagreement, the matter must be referred to the FDIC Director of the Division of Supervision and Consumer Protection (Director), or other designee, and the appropriate supervision official of the PFR. Any decision by the FDIC to use an assigned rating different than the PFR’s rating must be made by the Director (or other designee), after consultation with the Chairman of the FDIC.

Again, best advice is to adopt the FDIC interpretation of FFIEC regulations, regardless of your PFR.

13 Jul 2010
Hot Topics Tom Hinkel 1 Comment

FDIC can now step in regardless of primary regulator (part 1)

According to a memorandum of understanding just signed by all the primary federal regulators (FDIC, OTS, OCC and Fed), the FDIC now has the authority to step in whenever they feel the DIF (deposit insurance fund) is in jeopardy. Although this is primarily targeted at larger (>$10b) institutions, it also applies to smaller (<$10b) institutions as well, and applies to ANY threat to the DIF, not just under-capitalization (i.e. any safety and soundness concerns).

There are several potential implications for this, but I think the primary one is that since the opinion of the FDIC examiner will prevail, all other primary regulators will follow their lead when it comes to interpretation of FFIEC guidance. We all know that certain regulators (FDIC) are more stringent than others (OTS, OCC) when it comes to both the interpretation of federal guidance, and the way that is reflected in examination procedures.

Compliance officers would be well advised to be proactive by following FDIC examination procedures regardless of your primary regulator.

09 Jul 2010
From the Field Tom Hinkel 0 comment

DR/BCP Scrutiny – UPDATED

Auditors (and some FDIC examiners) are scrutinizing disaster recovery plans more closely, specifically looking to verify that the plan structure adheres to FFIEC guidance. We’ve definitely seen this regarding the Business Impact Analysis and the Risk Assessment; the first 2 phases specified by the guidance.

FFIEC DR Cycle

UPDATE: At least one regulator (OTS) is demanding that all Recovery Time Objectives (RTO’s) be based on an methodical analysis of the tolerance for downtime for each process, and NOT simply a subjective value.

© 2025 UFS Tech. All rights reserved. Compliance Guru is a registered trademark of UFS Tech. Privacy Policy