Posted by: David Schneier
compliance, FDIC, GLBA, governance, GRC, HIPAA, PCI, Regulatory Compliance, risk, risk assessment, SOX
In the past, I’ve made sometimes flip and irreverent comments about the weekly FDIC announcements that land in my inbox regarding bank closings. Despite the mind-numbing number of institutions that have been closed over the past year or so and the somewhat extensive list of institutions I’ve done work for, I’ve somehow managed to avoid any direct connection to any that have been shut down. On Friday, that changed and I’m not happy about it.
I’m not sure if I can legally mention the institution’s name and so I won’t, but I wish I could. I wish I could because from working there just over two years ago, I know it was not an institution being mismanaged or poorly run. Quite to the contrary. I met with roughly half of the firm’s management team while conducting an information security risk assessment and what I recall is an institution that was well managed and took regulatory compliance seriously. The people responsible for the infrastructure were on top of things, smart and capable. As a matter of fact, I developed a new technique to frame risk-related information for them so that they could continue to use the information to guide their compliance activities after the engagement concluded. They didn’t want only a point-in-time assessment but also the ability to track related activities to ensure ongoing compliance. Does that sound like an institution that would be ripe for closure?
I don’t understand enough of what goes into the balance sheet to assess their overall management and business strategy. These are tough times and previously viable institutions are being caught in the still tightening grip of the real estate crisis all the time. But I’ve come across financial institutions that were not nearly as organized, where the people I interviewed didn’t present nearly as well. If I was asked to pick five banks I’ve work with that might be closed I’m not sure the one shut down Friday would have even crossed my mind.
Now that the banking crisis has a face (or two) I can associate with it, I’m pretty much certain I won’t have any clever quips to make when the next round of FDIC bank closing announcements lands in my inbox.