Compliance Guru • FFIEC Guidance
  • Ask the Guru
  • The Guru Speaks
  • About
  • Ask the Guru
  • The Guru Speaks
  • About
The Compliance Guru Pictogram

Are You Ready for the New BCM Handbook?

Take the Quiz

Moving Beyond the ACET: Next Steps

Get a Copy

Role of the Information Security Officer

Get a Copy

Do we have to complete the FFIEC's CAT?
By Holly Hooks  |  In Ask the Guru

Ask the Guru: “The Cybersecurity Assessment Tool… Do we have to?”

Hey Guru! Management is asking why we have to complete the FFIEC Cybersecurity Assessment Tool when it is voluntary. They feel it is too much work if it is not mandatory. I think it is still needed even though it is voluntary. Is there any documentation as to why it is still necessary for OCC […]

Read Post 1
By Tom Hinkel  |  In From the Field

Guru Briefs – OCC on Cybersecurity & MRA’s, FFIEC on Cybersecurity Assessments

(NOTE:  Guru Briefs are short takes on recently released regulatory activity. They are not a detailed analysis, but designed to draw attention to the Guru’s initial impressions.) In this edition: The OCC has been particularly active on the regulatory front lately, and even non-OCC institutions may want to pay attention, as the head of the OCC […]

Read Post 1
By Tom Hinkel  |  In Hot Topics

FDIC Re-issues Service Provider Guidance

Originally released in 2001, the FDIC recently re-issued 3 publications related to managing outsourced relationships: Effective Practices for Selecting a Service Provider Tools to Manage Technology Providers’ Performance Risk: Service Level Agreements Techniques for Managing Multiple Service Providers What struck me about this re-release, and the fact that they were released without modification of any […]

Read Post 0
By Tom Hinkel  |  In Hot Topics

The OCC Sets a New Standard for Vendor Management…

…but will it become the new standard for institutions with other regulators?  UPDATE – The answer is yes, at least for the Federal Reserve.  Readers of this blog know that I’ve been predicting an increase in vendor management program scrutiny since early 2010.  And although the FFIEC has been very active in this area, issuing […]

Read Post 0
By Tom Hinkel  |  In From the Field

“Operational Risk Increasing”

In a recent speech to the Exchequer Club1, Thomas J. Curry, the new head of the OCC, stated that although asset quality has improved, charge-off rates have fallen, and capital now stands at its highest level in a decade, another type of risk is gaining increasing prominence; Operational Risk. “Some of our most seasoned supervisors, […]

Read Post 0
By Tom Hinkel  |  In From the Field

Material Loss Reviews: Does responsibility = liability?

I asked in my previous post whether or not the regulators should share any of the blame when institutions fail, and if so, should they shoulder any of the liability?  The thought occurred to me as I was reviewing some recent Material Loss Reviews. A Material Loss Review (MLR)  is a post-mortum written by the […]

Read Post 0
By Tom Hinkel  |  In Hot Topics

Dodd-Frank and agency consolidation

Although the specific requirements and burdens of the almost 250 regulations and more than 2000 pages in the Dodd-Frank Act are yet to…

Read Post 0
By Tom Hinkel  |  In Hot Topics

FDIC can now step in regardless of primary regulator (part 2)

Further to the previous post, the memorandum requires the FDIC opinion to prevail in the event that an institutions’ PFR (primary federal regulator) CAMELS rating differs from the FDIC: If the FDIC’s CAMELS ratings for an institution differ from a PFR’s assigned ratings, the FDIC is required to provide the PFR with an explanation of […]

Read Post 1
By Tom Hinkel  |  In Hot Topics

FDIC can now step in regardless of primary regulator (part 1)

According to a memorandum of understanding just signed by all the primary federal regulators (FDIC, OTS, OCC and Fed), the FDIC now has the authority to step in whenever they feel the DIF (deposit insurance fund) is in jeopardy. Although this is primarily targeted at larger (>$10b) institutions, it also applies to smaller (<$10b) institutions as well, and applies to ANY threat to the DIF, not just under-capitalization (i.e. any safety and soundness concerns)…

Read Post 1

Join Our Community

Browse Posts

  • Ask the Guru
  • Ask the ISO
  • From the Field
  • Hot Topics
  • Reading Between the Lines
  • Resources

Copyright ©2021 Compliance Guru®.
All Rights Reserved.

Powered by Safe Systems. Privacy Policy

Stay up to date with these pandemic resources for community banking.See COVID-19 Resources
+