Regulatory Reality:

NCUA


April 18, 2011  6:22 PM

Epsilon: Why vendor management is critical.



Posted by: David Schneier
Audit, bank, banking, compliance, FDIC, FFIEC, GLBA, NCUA, regulatory, Regulatory Compliance, requirements, risk, SAS 70, vendor, Vendor Management

A few years back we hired a local painting contractor to do some work around my house.  Upon completing his sales spiel he announced that he often relies upon subcontractors for the less skilled work and wanted to be upfront about that before we entered into any sort of deal with him.  Anyone he...

March 25, 2011  2:48 PM

A Hard Lesson Learned in Japan’s Disaster



Posted by: David Schneier
business continuity, business continuity plan, business continuity planning, disaster, disaster recovery, FFIEC, GLBA, NCUA, regulations, regulatory, Regulatory Compliance, Security

There will be no shortage of industry articles and analysis that will emerge from the horrific events in Japan over these past few weeks, that's for certain.  This is arguably the most significant event to hit a major regional economy since World War II and it's important to learn as many lessons...


March 15, 2011  9:58 PM

Is your examiner a friend or foe?



Posted by: David Schneier
Audit, bank, banking, compliance, credit union, CU, exam, examiner, FDIC, GLBA, NCUA, OCC, oversight, regulations, regulatory, Regulatory Compliance

I was catching up on my industry emails the other day and buried in my FDIC email folder was Financial Institution Letter FIL-13-2011, sent out on March 1st. Truthfully I usually pay close attention to their Friday afternoon blasts regarding bank closings and only skim the rest. But this one...


February 10, 2011  4:07 PM

Should banks and social networking coincide?



Posted by: David Schneier
bank, banks, credit union, credit unions, email, Facebook, FDIC, LinkedIn, NCUA, regulations, regulatory, Regulatory Compliance, social network, social networking, tweet, tweeting, Twitter, web

A few weeks back my wife asked me, as a favor, if I could join one of Facebook's community-based games because the more "neighbors" you have, the easier it is to succeed and so I did. Truthfully it was a rare moment of weakness for me because I tend to avoid those sort of things as if it were the...


January 29, 2011  1:34 AM

Regulatory compliance is not easy



Posted by: David Schneier
assessment, Audit, bcp, business continuity plan, disaster recovery, DR, FDIC, GLBA, NCUA, regulations, regulatory, Regulatory Compliance

Something happened within our practice this past week that made me recall a story from the very beginning of my audit and compliance career. Way back in 1998 when I was first transitioning from being an application developer/manager to a compliance/audit professional, my first long term engagement...


January 17, 2011  1:55 PM

Is the U.S. banking crisis over?



Posted by: David Schneier
bank closing, bank closings, banking, banking crisis, compliance, FDIC, FFIEC, foreclosure, GLBA, NCUA, regulatory, Regulatory Compliance

As my professional mind started winding down this evening in anticipation of the weekend, my thoughts started drifting towards yard work and time with the family. Then my Droid started chirping it's little sing-song of alerts as a round of emails hit my inbox and I was brought back to reality for a...


November 16, 2010  6:07 PM

What is the practical value of compliance policies?



Posted by: David Schneier
Audit, bcp, compliance, general controls, GLBA, NCUA, regulatory, Regulatory Compliance, risk, risk assessment, Security

My practice recently wrapped up an engagement in which we conducted a tabletop test of a client's business continuity plan.  As always with such exercises, it's interesting to find out how much distance exists between what's documented in an institution's policy/program and how business is...


November 2, 2010  2:33 PM

Risk management process demands vigilance



Posted by: David Schneier
assessment, Audit, controls, GLBA, NCUA, regulatory, Regulatory Compliance, risk assessment

I was in the midst of writing my weekly blog post focusing on threadbare thin compliance efforts when I was distracted by news of a potential terrorist incident.  As you likely know by now, it appears that Al-Qaeda was either attempting to send explosive devices onto airplanes or was conducting a...


October 11, 2010  3:56 PM

Vendor management program efforts still fall (way) short



Posted by: David Schneier
assess, examination, examiner, GLBA, NCUA, periodic review, regulations, regulatory, Regulatory Compliance, risk, risk rating, third party management, third party oversight, vendor, Vendor Management, vendor risk rating

Early last week I downloaded some fresh content covering vendor management.  It turned out that the new information wasn't really new, it's guidance that's been circulating in one form or another for years and tracks closely with guidance ripped from the pages of the Sante Fe Group/BITS Shared...


September 20, 2010  8:28 PM

Regulatory compliance management lacking common sense



Posted by: David Schneier
Audit, compliance, exam, examination, GLBA, HIPAA, NCUA, NERC, PCI, regulatory, Regulatory Compliance, risk, risk assessment, SOX

I stumbled upon an old nemesis of mine recently and the bad taste it left in my mouth continues to offend my senses. In an industry where there are standards that define how standards should be written and websites dedicated to dissecting each standard so that everyone can understand what the...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: