Regulatory Reality:

Regulatory Compliance

July 8, 2011  3:16 AM

Cloud Computing – at what price?

Posted by: David Schneier
cloud, cloud computing, compliance, regulatory, Regulatory Compliance

Years ago while working on SOX in its early days the team I managed started getting just a little tired of hearing that very term.  It seemed that everything was "SOX-this" or "SOX-that" as everyone was trying to attach themselves to the massively intrusive new regulation and establish that they...

June 24, 2011  2:43 PM

Is new guidance really new or worth waiting for?

Posted by: David Schneier
cloud, compliance, compliant, FDIC, FFIEC, guidance, NCUA, PCI, regulatory, Regulatory Compliance, regulatory guidance

Oh how the times have changed.  Once upon a time I was part of a group of peers who waited for new album releases, camped out over night for concert tickets and once even waited on line for the annual release of Strat-O-Matic's baseball set (perhaps the nerdiest thing I've ever done).  And all of...

June 15, 2011  4:52 PM

The trouble with ineffective controls

Posted by: David Schneier
assess, assessment, Audit, bank, banking, community bank, compliance, credit union, CU, data center, GLBA, NCUA, regulation, regulatory, Regulatory Compliance, Security

I've been visiting with my mother who lives in a gated retirement community. In order for me to gain access to the development I need to pass through a security check point at the main gate. They ask me who I'm visiting, I provide my mother's name and either they find my name on the pre-approved...

June 3, 2011  3:18 PM

What does the “E” stand for in ERM?

Posted by: David Schneier
assess, assessment, Audit, compliance, enterprise risk, enterprise risk management, ERM, GLBA, NCUA, regulations, regulatory, Regulatory Compliance, risk management

Last week while attending a banking conference I found myself in a conversation about Enterprise Risk Management (ERM).   I had made the comment that I was tired of constantly hearing different definitions of what the discipline is and how it should be applied.  It’s the...

May 20, 2011  3:29 AM

Does the banking industry understand what risk-based means?

Posted by: David Schneier
compliance, FFIEC, GLBA, regulation, regulations, regulatory, Regulatory Compliance, risk, risk assessment, risk-based

Years ago I added an addition to my first house. After my second child arrived, we had simply run out of room and decided it was easier to expand our current living space rather than trying to find a bigger one. Plans were drawn up, work scheduled and money deposited. Two days before the first...

May 8, 2011  4:46 AM

Another data breach? What else is new?

Posted by: David Schneier
breach, compliance, data breach, FDIC, NCUA, regulations, regulatory, Regulatory Compliance

The other day I was watching my cat attempt to catch his own tail. Now I know that by itself it’s not unusual for cats or dogs to attempt such a feat but for this one in particular it was unusual as I’ve never seen him do it before. He’s a remarkably athletic animal and...

April 26, 2011  6:00 AM

Is compliance moving too fast?

Posted by: David Schneier
assessment, Audit, compliance, exam, examiner, exams, GLBA, governance, GRC, NCUA, oversight, regulations, regulatory, Regulatory Compliance, risk

I joined a new group last week on LinkedIn focusing on compliance within the banking space and during my first visit answered a forum question that started with "How do you manage the flow of compliance information"?  It was a relevant question and I was happy enough to offer my two cents (never a...

April 18, 2011  6:22 PM

Epsilon: Why vendor management is critical.

Posted by: David Schneier
Audit, bank, banking, compliance, FDIC, FFIEC, GLBA, NCUA, regulatory, Regulatory Compliance, requirements, risk, SAS 70, vendor, Vendor Management

A few years back we hired a local painting contractor to do some work around my house.  Upon completing his sales spiel he announced that he often relies upon subcontractors for the less skilled work and wanted to be upfront about that before we entered into any sort of deal with him.  Anyone he...

April 8, 2011  10:45 AM

GRC is about to see its future.

Posted by: David Schneier
Audit, compliance, GLBA, governance, GRC, HIPAA, PCI, regulations, regulatory, Regulatory Compliance, risk, SOX, UCF

After nearly a quarter century of working in and around the corporate IT domain I have a grand total of four bold predictions I've made that stand out.  Three of them I had nailed dead on and the fourth never panned out a fact that confounds me still to this day. The...

March 25, 2011  2:48 PM

A Hard Lesson Learned in Japan’s Disaster

Posted by: David Schneier
business continuity, business continuity plan, business continuity planning, disaster, disaster recovery, FFIEC, GLBA, NCUA, regulations, regulatory, Regulatory Compliance, Security

There will be no shortage of industry articles and analysis that will emerge from the horrific events in Japan over these past few weeks, that's for certain.  This is arguably the most significant event to hit a major regional economy since World War II and it's important to learn as many lessons...

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: