Regulatory Reality:

vendor

1

December 19, 2012  1:51 PM

CFPB: Dodd-Frank at its best.



Posted by: David Schneier
bank, banking, banking crisis, banks, compliance, compliant, Dodd-Frank, economy, exam, examination, examinations, examiner, examiners, exams, Federal Reserve Bank, FFIEC, financial, financial institutions, FRB, mortgage, regulation, regulations, regulations audit, regulatory, regulatory guidance, requirements, risk, SOX, third party management, third party oversight, too big too fail, vendor, Vendor Management, vendor risk, vendor risk assessment, vendor risk rating

The campaign season that ended with last month’s presidential elections generated more debate and rhetoric than any other in my lifetime.  As I'm an outspoken person who has never shied away from a good argument I routinely found myself engaged in exchanges with a remarkably broad range of...

July 21, 2012  8:25 PM

CFPB: Filling the regulatory void left by Sheila Bair



Posted by: David Schneier
Add new tag, assess, assessment, assessments, bank, banking, banking crisis, banks, community bank, compliance, compliance officer, compliant, control, credit, credit card, data security, Dodd-Frank, economy, enterprise risk, enterprise risk management, ERM, exam, examination, examinations, examiner, examiners, exams, Federal Reserve Bank, FFIEC, financial, financial institutions, framework, information security office, lending, LinkedIn, mortgage, NCUA, NCUA Sheila Bair, NPPI, observations, oversight, personally identifiable informaiton, PII, policy, privacy, procedure, regulation, regulations, regulations audit, regulatory, regulatory guidance, risk assess, risk assessment, risk assessments, risk management, risk-based, risks, security PII, Sheila Bair, social security numbers, technology, third party management, third party oversight, vendor, Vendor Management, vendor risk, vendor risk assessment

I was an unabashed fan of Sheila Bair and made no secret of that fact.  She was a breath of fresh air in a line of work where everything is stale and always at least a little boring.  Not that Martin Gruenberg is any less effective running the FDIC, he's just a whole lot less interesting to pay...


July 6, 2012  3:18 AM

Risk: The core issue behind regulatory requirements



Posted by: David Schneier
assess, assessment, assessments, Audit, audits, bank, banking, banks, compliance, compliant, control, credit union, credit unions, CU, enterprise risk, enterprise risk management, ERM, exam, examination, examinations, examiner, exams, FDIC, Federal Reserve Bank, FFIEC, financial institutions, framework, FRB, general controls, GLBA, governance, GRC, guidance, information security, information security office, infrastructure, NCUA, PII, policy, procedure, regulation, regulations, regulations audit, risk assessment, risk assessments, Risk IT, risk management, risk rating, risk-based, risks, threats, vendor, Vendor Management, vendor risk, vendor risk assessment

There's a joke of sorts within my personal circle of family and friends regarding what it is that I do these days.  Ask me and I'll tell you that I'm a regulatory compliance expert who advises financial institutions on how to comply with the myriad rules and regulations governing information...


November 18, 2011  12:22 PM

Why vendor management is a big GLBA deal.



Posted by: David Schneier
assessment, Audit, compliance, FDIC, Federal Reserve Bank, FRB, GLBA, NCUA, OCC, OTC, regulations, regulatory, Regulatory Compliance, risk, risk assessment, vendor, Vendor Management, vendor risk, vendor risk rating

I don't think I'm due to post about vendor management again at least until January 2012 (I try to limit topics to twice a year) but I've had something kicking around my head for a few days now and it needs a proper vetting. Does anyone know why vendor management is such a big issue for banking...


September 14, 2011  6:27 AM

A new twist on regulatory guidance.



Posted by: David Schneier
assessment, Audit, bcp, business, business continuity, business continuity planning, compliance, disaster recovery, DR, GLBA, NCUA, regulation, regulatory, Regulatory Compliance, risk, risk assessment, vendor, Vendor Management

One of the oddity's of my career is how some issues present themselves in a wide range of my clients despite the fact that there's often no meaningful way to compare them in size.  Some have a single compliance person who is part Compliance Officer and part Information Security Officer and some...


April 18, 2011  6:22 PM

Epsilon: Why vendor management is critical.



Posted by: David Schneier
Audit, bank, banking, compliance, FDIC, FFIEC, GLBA, NCUA, regulatory, Regulatory Compliance, requirements, risk, SAS 70, vendor, Vendor Management

A few years back we hired a local painting contractor to do some work around my house.  Upon completing his sales spiel he announced that he often relies upon subcontractors for the less skilled work and wanted to be upfront about that before we entered into any sort of deal with him.  Anyone he...


October 11, 2010  3:56 PM

Vendor management program efforts still fall (way) short



Posted by: David Schneier
assess, examination, examiner, GLBA, NCUA, periodic review, regulations, regulatory, Regulatory Compliance, risk, risk rating, third party management, third party oversight, vendor, Vendor Management, vendor risk rating

Early last week I downloaded some fresh content covering vendor management.  It turned out that the new information wasn't really new, it's guidance that's been circulating in one form or another for years and tracks closely with guidance ripped from the pages of the Sante Fe Group/BITS Shared...


April 16, 2010  4:56 PM

Regulatory compliance is not optional



Posted by: David Schneier
Audit, bcp, business continuity planning, compliance, exam, examiner, FDIC, NCUA, Regulatory Compliance, vendor, Vendor Management

If I haven't already shared this with you, I'm a partner in a regulatory compliance advisory firm.  We offer services to the banking sector that pretty much cover the entirety of the information security spectrum.  And as you might imagine, there's a fair amount of sales and marketing that go...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: