Regulatory Reality:

FFIEC


December 19, 2012  1:51 PM

CFPB: Dodd-Frank at its best.



Posted by: David Schneier
bank, banking, banking crisis, banks, compliance, compliant, Dodd-Frank, economy, exam, examination, examinations, examiner, examiners, exams, Federal Reserve Bank, FFIEC, financial, financial institutions, FRB, mortgage, regulation, regulations, regulations audit, regulatory, regulatory guidance, requirements, risk, SOX, third party management, third party oversight, too big too fail, vendor, Vendor Management, vendor risk, vendor risk assessment, vendor risk rating

The campaign season that ended with last month’s presidential elections generated more debate and rhetoric than any other in my lifetime.  As I'm an outspoken person who has never shied away from a good argument I routinely found myself engaged in exchanges with a remarkably broad range of...

October 22, 2012  2:09 PM

Are banks unfairly scrutinized?



Posted by: David Schneier
ACH, assess, assessment, assessments, Audit, auditor, audits, banking, banks, business, CISA, CISO, community bank, compliance, credit unions, CU, exam, examination, examinations, examiner, examiners, exams, FFIEC, financial institutions, general controls, GLBA, identify theft, identity theft, information security, information security office, Information Technology General Controls, internal audit, internal controls, ITGC, NPPI, observations, oversight, personally identifiable informaiton, PII, privacy, risk assess, risk assessment, risk assessments, risk management, risk-based, risks

A few years back when I first cut over to working somewhat exclusively with financial institutions I memorized an elevator speech that still somewhat defines who I am and what I do professionally.  Part of the speech pointed out that my firm helped "banks and credit unions meet regulatory...


July 21, 2012  8:25 PM

CFPB: Filling the regulatory void left by Sheila Bair



Posted by: David Schneier
Add new tag, assess, assessment, assessments, bank, banking, banking crisis, banks, community bank, compliance, compliance officer, compliant, control, credit, credit card, data security, Dodd-Frank, economy, enterprise risk, enterprise risk management, ERM, exam, examination, examinations, examiner, examiners, exams, Federal Reserve Bank, FFIEC, financial, financial institutions, framework, information security office, lending, LinkedIn, mortgage, NCUA, NCUA Sheila Bair, NPPI, observations, oversight, personally identifiable informaiton, PII, policy, privacy, procedure, regulation, regulations, regulations audit, regulatory, regulatory guidance, risk assess, risk assessment, risk assessments, risk management, risk-based, risks, security PII, Sheila Bair, social security numbers, technology, third party management, third party oversight, vendor, Vendor Management, vendor risk, vendor risk assessment

I was an unabashed fan of Sheila Bair and made no secret of that fact.  She was a breath of fresh air in a line of work where everything is stale and always at least a little boring.  Not that Martin Gruenberg is any less effective running the FDIC, he's just a whole lot less interesting to pay...


July 6, 2012  3:18 AM

Risk: The core issue behind regulatory requirements



Posted by: David Schneier
assess, assessment, assessments, Audit, audits, bank, banking, banks, compliance, compliant, control, credit union, credit unions, CU, enterprise risk, enterprise risk management, ERM, exam, examination, examinations, examiner, exams, FDIC, Federal Reserve Bank, FFIEC, financial institutions, framework, FRB, general controls, GLBA, governance, GRC, guidance, information security, information security office, infrastructure, NCUA, PII, policy, procedure, regulation, regulations, regulations audit, risk assessment, risk assessments, Risk IT, risk management, risk rating, risk-based, risks, threats, vendor, Vendor Management, vendor risk, vendor risk assessment

There's a joke of sorts within my personal circle of family and friends regarding what it is that I do these days.  Ask me and I'll tell you that I'm a regulatory compliance expert who advises financial institutions on how to comply with the myriad rules and regulations governing information...


June 24, 2011  2:43 PM

Is new guidance really new or worth waiting for?



Posted by: David Schneier
cloud, compliance, compliant, FDIC, FFIEC, guidance, NCUA, PCI, regulatory, Regulatory Compliance, regulatory guidance

Oh how the times have changed.  Once upon a time I was part of a group of peers who waited for new album releases, camped out over night for concert tickets and once even waited on line for the annual release of Strat-O-Matic's baseball set (perhaps the nerdiest thing I've ever done).  And all of...


May 20, 2011  3:29 AM

Does the banking industry understand what risk-based means?



Posted by: David Schneier
compliance, FFIEC, GLBA, regulation, regulations, regulatory, Regulatory Compliance, risk, risk assessment, risk-based

Years ago I added an addition to my first house. After my second child arrived, we had simply run out of room and decided it was easier to expand our current living space rather than trying to find a bigger one. Plans were drawn up, work scheduled and money deposited. Two days before the first...


April 18, 2011  6:22 PM

Epsilon: Why vendor management is critical.



Posted by: David Schneier
Audit, bank, banking, compliance, FDIC, FFIEC, GLBA, NCUA, regulatory, Regulatory Compliance, requirements, risk, SAS 70, vendor, Vendor Management

A few years back we hired a local painting contractor to do some work around my house.  Upon completing his sales spiel he announced that he often relies upon subcontractors for the less skilled work and wanted to be upfront about that before we entered into any sort of deal with him.  Anyone he...


March 25, 2011  2:48 PM

A Hard Lesson Learned in Japan’s Disaster



Posted by: David Schneier
business continuity, business continuity plan, business continuity planning, disaster, disaster recovery, FFIEC, GLBA, NCUA, regulations, regulatory, Regulatory Compliance, Security

There will be no shortage of industry articles and analysis that will emerge from the horrific events in Japan over these past few weeks, that's for certain.  This is arguably the most significant event to hit a major regional economy since World War II and it's important to learn as many lessons...


January 17, 2011  1:55 PM

Is the U.S. banking crisis over?



Posted by: David Schneier
bank closing, bank closings, banking, banking crisis, compliance, FDIC, FFIEC, foreclosure, GLBA, NCUA, regulatory, Regulatory Compliance

As my professional mind started winding down this evening in anticipation of the weekend, my thoughts started drifting towards yard work and time with the family. Then my Droid started chirping it's little sing-song of alerts as a round of emails hit my inbox and I was brought back to reality for a...


January 8, 2011  5:41 PM

New year advice on developing a business continuity plan



Posted by: David Schneier
Audit, bcp, BIA, business continuity plan, business impact analysis, exam, examiners, FFIEC, GLBA, regulatory, Regulatory Compliance, risk, risk assessment

One of the first things I had to work on this week (and thus one of the first things to work on in the new year) was finalizing a report from last year. The report covered the results of a Business Continuity Plan desktop test and the client needed some clarifications around the results. I've...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: