Regulatory Reality:

oversight

1

October 22, 2012  2:09 PM

Are banks unfairly scrutinized?



Posted by: David Schneier
ACH, assess, assessment, assessments, Audit, auditor, audits, banking, banks, business, CISA, CISO, community bank, compliance, credit unions, CU, exam, examination, examinations, examiner, examiners, exams, FFIEC, financial institutions, general controls, GLBA, identify theft, identity theft, information security, information security office, Information Technology General Controls, internal audit, internal controls, ITGC, NPPI, observations, oversight, personally identifiable informaiton, PII, privacy, risk assess, risk assessment, risk assessments, risk management, risk-based, risks

A few years back when I first cut over to working somewhat exclusively with financial institutions I memorized an elevator speech that still somewhat defines who I am and what I do professionally.  Part of the speech pointed out that my firm helped "banks and credit unions meet regulatory...

September 21, 2012  3:44 PM

Are self-assessments the right way to go?



Posted by: David Schneier
assess, assessment, assessments, Audit, bank, banking, CISO, CISSP, compliance, compliance officer, compliant, credit union, credit unions, CU, disaster, disaster recovery, DR, enterprise risk, enterprise risk management, ERM, exam, examination, examinations, examiner, examiners, exams, framework, governance, GRC, guidance, information security, information security office, infrastructure, ISO, oversight, policy, procedure, regulation, regulations, regulations audit, regulatory, regulatory guidance, risk assess, risk assessment, risk assessments, risk management, risk-based, risks, technology

About a decade ago a family member chastised me for having an auto repair shop do my oil changes for me.  She (yeah, you’re reading that right – “she”) pointed out how ridiculously easy it was to drain the old oil, replace it with the new stuff and check a wide variety of fluid levels,...


July 29, 2012  6:39 PM

Credit Card Breaches: The times they need a changin’



Posted by: David Schneier
ATM, bank, banking, banks, breach, checking account, community bank, credit, credit card, cyber security, data security, evidence, financial institutions, hack, hacker, hackers, hacking, id theft, identity theft, information security, network, oversight, PCI, personally identifiable informaiton, PII, regulation, regulations, Security, security breach, theft

If my blogging about credit card breaches has a bit of a deja vu feel to it you're not crazy, I last touched on it less than six months ago.  Sadly I was handed a new update this week in the form of my bank card being cancelled from right out underneath me again.   For those of you keeping score...


July 21, 2012  8:25 PM

CFPB: Filling the regulatory void left by Sheila Bair



Posted by: David Schneier
Add new tag, assess, assessment, assessments, bank, banking, banking crisis, banks, community bank, compliance, compliance officer, compliant, control, credit, credit card, data security, Dodd-Frank, economy, enterprise risk, enterprise risk management, ERM, exam, examination, examinations, examiner, examiners, exams, Federal Reserve Bank, FFIEC, financial, financial institutions, framework, information security office, lending, LinkedIn, mortgage, NCUA, NCUA Sheila Bair, NPPI, observations, oversight, personally identifiable informaiton, PII, policy, privacy, procedure, regulation, regulations, regulations audit, regulatory, regulatory guidance, risk assess, risk assessment, risk assessments, risk management, risk-based, risks, security PII, Sheila Bair, social security numbers, technology, third party management, third party oversight, vendor, Vendor Management, vendor risk, vendor risk assessment

I was an unabashed fan of Sheila Bair and made no secret of that fact.  She was a breath of fresh air in a line of work where everything is stale and always at least a little boring.  Not that Martin Gruenberg is any less effective running the FDIC, he's just a whole lot less interesting to pay...


April 26, 2011  6:00 AM

Is compliance moving too fast?



Posted by: David Schneier
assessment, Audit, compliance, exam, examiner, exams, GLBA, governance, GRC, NCUA, oversight, regulations, regulatory, Regulatory Compliance, risk

I joined a new group last week on LinkedIn focusing on compliance within the banking space and during my first visit answered a forum question that started with "How do you manage the flow of compliance information"?  It was a relevant question and I was happy enough to offer my two cents (never a...


March 15, 2011  9:58 PM

Is your examiner a friend or foe?



Posted by: David Schneier
Audit, bank, banking, compliance, credit union, CU, exam, examiner, FDIC, GLBA, NCUA, OCC, oversight, regulations, regulatory, Regulatory Compliance

I was catching up on my industry emails the other day and buried in my FDIC email folder was Financial Institution Letter FIL-13-2011, sent out on March 1st. Truthfully I usually pay close attention to their Friday afternoon blasts regarding bank closings and only skim the rest. But this one...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: