Regulatory Reality:

NCUA


October 30, 2012  3:09 PM

Hurricane Sandy: An epic storm and the ultimate DR test



Posted by: David Schneier
Audit, audits, backup, bank, bank closing, bank closings, banking, banks, BIA, business, business continuity, business continuity plan, business impact analysis, community bank, disaster recovery, DR, examiners, internal audit, internal controls, ITGC, NCUA, pandemic, Pandemic Planning, policy, procedure, risk assess, risk assessment, risk assessments, risk management, risks

I've written similar posts in that past where I start off by apologizing for appearing opportunistic when leveraging a significant news event to generate site content.  However when considering roughly one-third of all my clients are dealing with Hurricane Sandy this represents a rare chance to...

July 21, 2012  8:25 PM

CFPB: Filling the regulatory void left by Sheila Bair



Posted by: David Schneier
Add new tag, assess, assessment, assessments, bank, banking, banking crisis, banks, community bank, compliance, compliance officer, compliant, control, credit, credit card, data security, Dodd-Frank, economy, enterprise risk, enterprise risk management, ERM, exam, examination, examinations, examiner, examiners, exams, Federal Reserve Bank, FFIEC, financial, financial institutions, framework, information security office, lending, LinkedIn, mortgage, NCUA, NCUA Sheila Bair, NPPI, observations, oversight, personally identifiable informaiton, PII, policy, privacy, procedure, regulation, regulations, regulations audit, regulatory, regulatory guidance, risk assess, risk assessment, risk assessments, risk management, risk-based, risks, security PII, Sheila Bair, social security numbers, technology, third party management, third party oversight, vendor, Vendor Management, vendor risk, vendor risk assessment

I was an unabashed fan of Sheila Bair and made no secret of that fact.  She was a breath of fresh air in a line of work where everything is stale and always at least a little boring.  Not that Martin Gruenberg is any less effective running the FDIC, he's just a whole lot less interesting to pay...


July 6, 2012  3:18 AM

Risk: The core issue behind regulatory requirements



Posted by: David Schneier
assess, assessment, assessments, Audit, audits, bank, banking, banks, compliance, compliant, control, credit union, credit unions, CU, enterprise risk, enterprise risk management, ERM, exam, examination, examinations, examiner, exams, FDIC, Federal Reserve Bank, FFIEC, financial institutions, framework, FRB, general controls, GLBA, governance, GRC, guidance, information security, information security office, infrastructure, NCUA, PII, policy, procedure, regulation, regulations, regulations audit, risk assessment, risk assessments, Risk IT, risk management, risk rating, risk-based, risks, threats, vendor, Vendor Management, vendor risk, vendor risk assessment

There's a joke of sorts within my personal circle of family and friends regarding what it is that I do these days.  Ask me and I'll tell you that I'm a regulatory compliance expert who advises financial institutions on how to comply with the myriad rules and regulations governing information...


April 29, 2012  7:43 PM

Internal Audit: Whose side are they on anyway?



Posted by: David Schneier
assessment, assessments, Audit, compliance, control, control owners, controls, findings, GLBA, internal audit, NCUA, regulations, regulatory, Regulatory Compliance, risk, risk assessments, risks

My first encounter with an auditor was back in the mid-90's while working as an application project manager for a Fortune 100 company.  The group responsible for change management was going through an audit of their process and one of the changes that was selected for review happened to belong to...


February 16, 2012  5:49 PM

BITS Shared Assessment – No Free Lunch.



Posted by: David Schneier
BITS, COBIT, compliance, GLBA, ISACA, ITGI, NCUA, regulatory, Regulatory Compliance, Shared Assessement, SIG, Vendor Management, vendor risk, vendor risk assessment

On Monday the BITS Shared Assessment was free, on Tuesday it cost $5,000 per year (at a minimum). My first thought was that it was just like what drug dealers do - they give you free product until you're hopelessly addicted and then start making you pay to feed that addiction.  My second...


February 3, 2012  5:58 PM

Governance, risk and compliance – related but not the same.



Posted by: David Schneier
Audit, auditor, compliance, controls, exam, examiner, FFICE, GLBA, governance, GRC, internal controls, NCUA, regulations, regulatory, Regulatory Compliance, risk

I was sitting in a meeting this week listening to a group of very bright people talking about an initiative centered on installing a software solution and I realized something rather disturbing; somewhere along the way in our industry governance, risk and compliance has started melting together and...


January 8, 2012  9:27 PM

Maintaining compliance is often the Missing Link.



Posted by: David Schneier
assess, assessment, Audit, compliance, exam, examination, examiner, FDIC, GLBA, NCUA, regulations, regulatory, Regulatory Compliance, risk, risk assess, risk assessment

I've been in the solutions selling business on and off for about a decade but exclusively so over these past four years.  Up until becoming a partner in my current practice I pretty much was always only involved in helping sell the solution and usually implementing it before moving on.  Seldom...


November 18, 2011  12:22 PM

Why vendor management is a big GLBA deal.



Posted by: David Schneier
assessment, Audit, compliance, FDIC, Federal Reserve Bank, FRB, GLBA, NCUA, OCC, OTC, regulations, regulatory, Regulatory Compliance, risk, risk assessment, vendor, Vendor Management, vendor risk, vendor risk rating

I don't think I'm due to post about vendor management again at least until January 2012 (I try to limit topics to twice a year) but I've had something kicking around my head for a few days now and it needs a proper vetting. Does anyone know why vendor management is such a big issue for banking...


November 11, 2011  7:41 PM

Vishing, Smishing and Phishing: No end in sight.



Posted by: David Schneier
assessment, Audit, compliance, GLBA, hack, hacker, NCUA, phish, phishing, red flags, red flags identity theft, regulatory, Regulatory Compliance, scam, smish, smishing, vish, vishing

This is something akin to my annual public service announcement (PSA) for anyone who has cash-on-hand, a bank account, an investment account or perhaps even a piggy bank:  As long as you have money there's someone out there right now scheming to try and take it away from you. I'm having that...


October 26, 2011  8:36 PM

Who examines the examiners?



Posted by: David Schneier
assessment, bcp, business continuity plan, GLBA, NCUA, NCUA Part 748, regulations audit, regulatory, Regulatory Compliance, risk, risk assessment, Vendor Management

I remember conducting a risk assessment a few years back for a credit union in which they were missing just about every artifact necessary to prove compliance with NCUA Part 748 (if you're not already aware, thats GLBA for credit unions).  It was, for lack of a better term, a...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: