Hard to believe that November 1 is already upon us, bringing the onset of the Identity Theft Red Flags Rule compliance. We've been reading about and discussing it for so long that it almost seemed as if though it would always remain six months away, but even a watched regulation eventually transitions into effect. ...
It's interesting how with everything going on in our industry this year, between the credit crisis, bank mergers, bank closings and emerging regulatory compliance requirements (and on and on and on), that we haven't had time to discuss much else. However, work continues out in the trenches, money is still moving into...
Like most of our readership I've been so caught up in the drama of our current economic crisis that I've thought of little else. But just the other day I participated in a management discussion in which I was asked what the practice has been hearing in the field. Are our clients consumed or distracted by what's...
In discussing our current banking crisis with a colleague earlier this week, I was surprised by the level of cynicism he displayed towards the regulatory agencies and their efforts to govern the institutions they oversee. He's a practitioner like me, and I'd always thought of him as being of an equal mind on such...
I was presenting at a credit union conference this week, where the session before mine covered current economic conditions. The timing was perfect in a macabre sort of way, as the 24 hours prior were filled with news about the Merrill Lynch rescue and Lehman Brothers collapse. As part of the Q&A phase, a prediction...
So, I'd started my weekly blog entry intending to discuss application security (I'm keenly interested in what the just-released BIS survey is going to reveal) when the following headline came across on my BIS RSS feed "Social Engineering Hits Brit Bank Head, Victim of Fraud."
You'll have to forgive me for being so...
The OTS released their examination procedures this past week for the looming ID Theft Red Flags requirements due to go into effect in 75 days (not that I'm counting). In discussing this both with members of our management team and fellow practitioners, I'm finding that there's a decided split as to what the impact is...
I'm out in the field this week conducting a series of services for one our clients. At the moment I'm heavily focused on completing a draft of a new vendor management program for them to implement. Although we have a standard methodology that's been used by the practice for several years, I've taken it upon myself...
During my formative years, I developed a tendency to spend considerable time trying to figure out ways to circumvent the myriad systems teenagers and young adults are confronted with. So much of what was expected of me just didn't make sense, and I didn't want to simply go-along-to-get-along. My father would often...
One of the tricks of my trade is to see the forest for the trees. Which is to say that with what our practice encounters during fieldwork, what we hear from the regulatory agencies and what we read/hear about in the news, we need to correlate and figure out what it all means. We then need to apply that toward the...
I no sooner finished my most recent post on Business Continuity Planning, and we (BIS) published the transcript of a podcast conducted with Roger Batsel CISO Interviews: Roger Batsel, Republic Bank, on Business Continuity/Disaster Recovery), SVP, Managing Director of Information Systems at Republic Bank, Louisville,...
My recent post on Business Continuity Planning and its role in supporting institutions affected by the recent Midwest flooding generated more than its fair share of dialogue with my peers.
So much of what's required by regulation often presents itself as a documentation exercise and rarely transcends the...
Keeping abreast of what's going on in the regulatory compliance domain is something I need to do. It's sort of the life-blood of my career these days, as I spend most of my time either managing or executing audit and assessment activities predicated upon the various regs. Beyond wanting to be certain that my clients...
I started scoping out my next blog entry with PCI in mind (and how it will likely find its way into the community-bank/credit union space in a few years) and was blind-sided by one of my favorite nits to pick recently: the risks presented by poorly managed third-party vendor relationships.
With all due respect to the pugilist fan base still out there, the FDIC used a classic left-right combo this past week aimed squarely at the jaw of the third-party service provider community.
First Sheila C. Bair, the Chairman of the FDIC, touched on emerging guidance regarding third-party service providers in
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.