Regulatory Reality:

compliance


May 8, 2011  4:46 AM

Another data breach? What else is new?



Posted by: David Schneier
breach, compliance, data breach, FDIC, NCUA, regulations, regulatory, Regulatory Compliance

The other day I was watching my cat attempt to catch his own tail. Now I know that by itself it’s not unusual for cats or dogs to attempt such a feat but for this one in particular it was unusual as I’ve never seen him do it before. He’s a remarkably athletic animal and...

April 26, 2011  6:00 AM

Is compliance moving too fast?



Posted by: David Schneier
assessment, Audit, compliance, exam, examiner, exams, GLBA, governance, GRC, NCUA, oversight, regulations, regulatory, Regulatory Compliance, risk

I joined a new group last week on LinkedIn focusing on compliance within the banking space and during my first visit answered a forum question that started with "How do you manage the flow of compliance information"?  It was a relevant question and I was happy enough to offer my two cents (never a...


April 18, 2011  6:22 PM

Epsilon: Why vendor management is critical.



Posted by: David Schneier
Audit, bank, banking, compliance, FDIC, FFIEC, GLBA, NCUA, regulatory, Regulatory Compliance, requirements, risk, SAS 70, vendor, Vendor Management

A few years back we hired a local painting contractor to do some work around my house.  Upon completing his sales spiel he announced that he often relies upon subcontractors for the less skilled work and wanted to be upfront about that before we entered into any sort of deal with him.  Anyone he...


April 8, 2011  10:45 AM

GRC is about to see its future.



Posted by: David Schneier
Audit, compliance, GLBA, governance, GRC, HIPAA, PCI, regulations, regulatory, Regulatory Compliance, risk, SOX, UCF

After nearly a quarter century of working in and around the corporate IT domain I have a grand total of four bold predictions I've made that stand out.  Three of them I had nailed dead on and the fourth never panned out a fact that confounds me still to this day. The...


March 15, 2011  9:58 PM

Is your examiner a friend or foe?



Posted by: David Schneier
Audit, bank, banking, compliance, credit union, CU, exam, examiner, FDIC, GLBA, NCUA, OCC, oversight, regulations, regulatory, Regulatory Compliance

I was catching up on my industry emails the other day and buried in my FDIC email folder was Financial Institution Letter FIL-13-2011, sent out on March 1st. Truthfully I usually pay close attention to their Friday afternoon blasts regarding bank closings and only skim the rest. But this one...


March 8, 2011  4:58 PM

Does GRC scale to size?



Posted by: David Schneier
assessment, Audit, bank, banking, compliance, credit union, CU, exam, examination, examiner, exams, governance, GRC, regulation, regulatory, Regulatory Compliance, risk, risk assessment

We were having an internal conversation this past week about governance, risk, and compliance (GRC) and I was asked about its role in the small and...

Bookmark and Share     0 Comments     RSS Feed     Email a friend


January 17, 2011  1:55 PM

Is the U.S. banking crisis over?



Posted by: David Schneier
bank closing, bank closings, banking, banking crisis, compliance, FDIC, FFIEC, foreclosure, GLBA, NCUA, regulatory, Regulatory Compliance

As my professional mind started winding down this evening in anticipation of the weekend, my thoughts started drifting towards yard work and time with the family. Then my Droid started chirping it's little sing-song of alerts as a round of emails hit my inbox and I was brought back to reality for a...


November 29, 2010  3:19 PM

You can’t have partial regulatory compliance



Posted by: David Schneier
assessment, Audit, CISO, compliance, compliance officer, HIPAA, ISO, PII, regulatory, Regulatory Compliance

I recently decided to establish an automatic link between my personal checking account and a mutual fund account that was established for my son years ago when he was a baby.  The account was originally funded with a gift from a family member and while it's grown reasonably well percentage-wise,...


November 16, 2010  6:07 PM

What is the practical value of compliance policies?



Posted by: David Schneier
Audit, bcp, compliance, general controls, GLBA, NCUA, regulatory, Regulatory Compliance, risk, risk assessment, Security

My practice recently wrapped up an engagement in which we conducted a tabletop test of a client's business continuity plan.  As always with such exercises, it's interesting to find out how much distance exists between what's documented in an institution's policy/program and how business is...


October 1, 2010  7:41 PM

Hidden information security threats are still threats



Posted by: David Schneier
Audit, bank, banking, compliance, credit union, CU, FDIC, FFIEC, financial, financial institutions, personally identifiable informaiton, regulations, regulatory, Regulatory Compliance, security PII

Growing up I was a huge fan of the sitcom "The Odd Couple."  Some of my favorite catch phrases have in some part been influenced by lines of dialogue that I memorized.  One in particular serves as the best pure definition for a phenomenon I encounter frequently enough in my audit/compliance...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: