Essential Elements of FFIEC Vendor Due Diligence
|
|
- Maximilian Wade
- 8 years ago
- Views:
Transcription
1 Essential Elements of FFIEC Vendor Due Diligence
2 Essential Elements of FFIEC Vendor Due Diligence Overview of the Whitepaper This CBIZ Credit Risk Advisory Group whitepaper was written for lenders, financial institutions, borrowers and other interested parties as a basic overview of the key elements of the FFIEC Examination Handbook on Outsourced Technology Services. It can also be applied to any other vendor or third party that a financial institution may use for services, processes, etc. It is not intended to advocate a position for or against the subject but will try to provide general overview on the topic. Who is the FFIEC? The Federal Financial Institutions Examination Council (FFIEC) was established on March 10, The Council is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB) and to make recommendations to promote uniformity in the supervision of financial institutions. The FFIEC Council is responsible for developing uniform reporting systems for federally supervised financial institutions, their holding companies, and the nonfinancial institution subsidiaries of those institutions and holding companies. It conducts schools for examiners employed by the five federal member agencies represented on the Council and makes those schools available to employees of state agencies that supervise financial institutions. What do we mean by Vendor Due Diligence? For the purposes of this white paper we are talking about the overall process and components including selection, qualification, validation, review, monitoring and other related tasks for any third-party providers of products and services to financial institutions. Do not mistake this for a narrow view or a subsection called Due Diligence within the Service Provider Selection section of the FFIEC IT Examination HandBook. We aim to take an all-inclusive view of the responsibilities, duties and requirements of a financial institution whenever they engage a third party vendor. Purpose of Vendor Due Diligence Performing initial and ongoing vendor due diligence is a best practice for all industries, not just for financial institutions. Because the vitality and business continuity of financial institutions is crucial to the health and wealth of the economy, a special emphasis is placed upon this area by regulators. Whenever a bank, credit union or other financial institution doesn t perform a task, process or service and relies on another party it must validate that party and their ability to perform now and in the future. If it is for a crucial process or service then the effects of that vendor/partner not performing as expected could be catastrophic to the financial institution, its clients, counterparties, and others. Although the FFIEC had policies on vendor due diligence for several years the scope and importance of vendor due diligence became paramount after the global financial crisis of 2008 as many financial institutions, their counterparties and vendors were brought to the brink of extinction. As a result, whenever a financial institution does not perform or provide a product or service itself it must undergo a thorough vetting process across several dimensions.
3 Essential Elements of FFIEC Vendor Due Diligence Essential Elements An Overview The essential elements of a vendor due diligence program should contain the following items: Comprehensive o Your process should include all of the outside, third parties used by the organization. o Your vendor due diligence program should have sufficient depth and breadth. o It should be dynamic versus static and be able to evolve as necessary. Accountability o The board and top management are ultimately responsible for the vendor process. o You have to Know Your Vendor just like you Know Your Customer. o Regulators are frequently citing a lack of or inadequate vendor due diligence in exams. Risk Management Timely Objectivity o It is an essential fiduciary duty of the organization to mitigate risks in its supply chain. o A risk assessment process should be done to prioritize and rank vendors into a spectrum of categories from key/crucial to ongoing operations to non-essential. o The ability of the vendor to perform to expectations should be evaluated periodically. o Information on your vendors should always be up to date and current. o You should be proactive versus reactive to changes in a vendor s ability to perform. o Important information on vendors should be verified and confirmed for accuracy. o The choice and use of vendors should be clear to an independent third party reviewer. Let s walk through each of these essential elements above to see why they need to be part of your vendor due diligence process. The initial step in the process is to do a critical self-assessment to determine where your vendor due diligence currently stands. This should be driven by the board of directors and executive management with the feedback and involvement of the employees and staff that rely on these outsourced services. Consideration should also be given to the potential effects on your customers. You then want to identify any gaps or missing elements, perform a prioritization of vendors into a spectrum from most essential to least essential, and create a roadmap from your current vendor due diligence process to your ideal vendor due diligence process. You need to define the ideal vendor due diligence process to be able to compare and contrast where you are now and what your best possible evolved state would be. Only then will the gaps and shortcomings become apparent and the roadmap to your ideal version become clearly visible.
4 Comprehensive Essential Elements of FFIEC Vendor Due Diligence You should endeavor to perform both initial and ongoing due diligence on all of the vendors you utilize. While this may be a difficult and daunting objective when you have hundreds or thousands of vendors, your review should have 100% coverage. Another aspect of a comprehensive vendor due diligence process is the various dimensions, data or aspects it is capturing. What are you confirming and validating? Is it enough to make a good decision on the ability of the vendor to perform as needed? What gaps or deficiencies are there in your vendor due diligence program? The initial and periodic assessments of your vendor due diligence system will allow you to determine what parts are working and what elements are missing. Which important elements or changes should be implemented immediately and which can be deferred or delayed? How does your system or process compare to your peer group? Is your vendor due diligence system and process deficient and inadequate according to your regulator? This also leads to whether your vendor due diligence program is static or dynamic. Is your vendor program rigid and inflexible? Is it reviewed once a year or less frequently? Is your vendor program proactive and able to adapt to change and the environment or is it always out-of-step and reactive? To be considered comprehensive your vendor due diligence should have both depth and breadth of information. In addition to the quantitative it should have qualitative aspects as well. You must be able to make decisions and interpretations on the data that you have and not just view this as a function of data collection and warehousing. Accountability At the end of the day, the financial institution is ultimately responsible for its vendors and any third parties it uses. In addition to the Know Your Customer or KYC requirements that we are all familiar with this concept should also be applied to Know Your Vendor or KYV. For instance, vendors may be entrusted with private and personal information on your customers that if not properly safeguarded could be used for criminal activities. You could be exposing your institution not only to financial liabilities but severe reputational risks as a result of your negligence. Telling a customer, regulator or other stakeholder that a failure or problem isn t the fault of your organization because that was the responsibility of a vendor is not a valid excuse or acceptable transfer of accountability. Financial institutions need to have the involvement and engagement of the board of directors, executive management team and the functional or operational staff that engage and utilize the vendors and third parties. Policies and procedures for vendors need to be reviewed by the board and executive management and revised as necessary. The functional and operational staff needs to be aware of the guidelines of working with and evaluating vendors. The various responsibilities of managing the vendor due diligence within your organization should be driven by your policies and procedures and then carried out by the appropriate individuals or departments based upon their role or function.
5 Risk Management Essential Elements of FFIEC Vendor Due Diligence The reason financial institutions are required to evaluate their vendors is to mitigate the myriad risks by entrusting responsibilities for functions, processes and services to third parties that are beyond the reach of the financial regulators. The inability of a vendor to perform as expected or agreed can have significant negative consequences for your financial institution. Performing appropriate vendor due diligence allows you to better understand the probability of failure of a vendor, for whatever reason, and have contingency plans for most scenarios even if they are unlikely to occur. One of the initial steps to perform in your vendor due diligence is an overall risk assessment and prioritization. This can be done by sorting the vendors by the annual costs, tiers of minimum annual spend levels, if they perform an essential or non-essential function, or if they are a sole provider of a service or function without a backup internally or externally. The ideal method of vendor risk assessment would evaluate and incorporate all of these aspects. By going through the process of vendor risk assessment the financial institution will now be able to categorize and prioritize their vendors. Post-assessment you should be able to easily identify your key/critical vendors, non-essential vendors, and everyone in between as well as better understanding your risks by vendor. Knowing this ranking of vendors will help to better define your due diligence requirements for vendors based upon what they do, your degree/level of reliance on them, and also let you make any necessary adjustments to your policies and procedures. Timely Another often neglected aspect of vendor due diligence is the timeliness of information and data. An annual or even longer cycle of information updates on your vendors is a common deficiency of most vendor due diligence programs. Key vendors for crucial daily processes and functions may only be reviewed once a year. A vendor with financial difficulties or other issues that may affect its ability to perform as expected will likely not disclose such information until it absolutely has to as it almost guarantees some or all of its customers switching to their competitors and accelerating their demise. Having stale information limits your effectiveness in making a good decision today. You also want to have timely data and information to be proactive and not reactive in your decision making process. Objectivity Your vendor due diligence process and program should be able to withstand the scrutiny and review of a third party such as regulators, customers, or any other stakeholders. The assessment, evaluation, prioritization and choice of vendors should make sense to anyone if they were to review your vendor program. By what standards and criteria are you evaluating your vendors? While price should be a consideration, value is more important as well as mitigation of risks. Would an objective third party agree with your internal assessment and process for vendors? Would they assign the same risk judgment? Have you mostly focused on vendor cost when there is much more at stake and at risk? Have you confirmed the vendor data for accuracy and validity? Do you have all the quantitative information and data necessary to make the appropriate decision about using this vendor?
6 Conclusion Essential Elements of FFIEC Vendor Due Diligence Your vendor due diligence process is no longer something that you can ignore, defer, or disregard. Your customers, shareholders, regulators, community and all other stakeholders of your organization are relying on you to perform your fiduciary duty, mitigate risks, and be a safe and sound financial institution that they can trust and depend upon. Whenever a product, service or process is performed by a vendor or third party you must make sure that you have subjected them to an appropriate vendor due diligence process that incorporates the essential elements of the FFIEC guidelines to ensure that they will perform as expected and will not subject your institution to any unnecessary risks or peril. The benefits of a dynamic and robust vendor due diligence process will bring increased efficiencies, reduction of multiple risks, and greater business resiliency. While your initial goal for your vendor due diligence process should be to meet the FFIEC guidelines your long-term goal should be to exceed the guidelines and make this a strategic and competitive advantage for your organization. References and Resources FFIEC Website: FFIEC InfoBase: FFIEC Booklet Outsourcing Technology Services June 2004 FFIEC Booklet Operations July 2004 FFIEC Booklet Business Continuity Planning March 2008 FFIEC Booklet Supervision of Technology Service Providers October 2012
Office of Inspector General
Audit Report OIG-14-034 Not Sufficiently Documented April 21, 2014 Office of Inspector General Department of the Treasury Contents Audit Report Background... 2 Results of Audit... 4 OCC Has Updated Guidance
More informationFINANCIAL SERVICES FLASH REPORT
FINANCIAL SERVICES FLASH REPORT OCC Updates Guidance on Third-Party Relationships December 2, 2013 Introduction On November 4, 2013, the Office of the Comptroller of the Currency (OCC) released Bulletin
More informationGUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More informationFederal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION
Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT
More informationVendor Risk Management in the New Regulatory Environment. kpmg.com
Vendor Risk Management in the New Regulatory Environment kpmg.com Vendor Risk Management in the New Regulatory Environment 2 Vendor Risk Management in the New Regulatory Environment Background Regulators
More informationTO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel
AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,
More information2014 Financial Services Industry Compliance Benchmark Study
2014 Financial Services Industry Compliance Benchmark Study Presented By: and Executive Summary Beginning in early December 2013, SAI Global Compliance conducted a survey among compliance professionals
More informationAny business relationship between a bank and another entity, by contract or otherwise
An Overview for Bank Directors Managing the Third Party Relationship Patrick Neuman Boardman & Clark LLP Madison, Wisconsin Any business relationship between a bank and another entity, by contract or otherwise
More information250 E Street, SW 20 th Street & Constitution Avenue, NW Washington, DC 20219 Washington, DC 20551
James Chessen, Ph.D. Chief Economist (202) 663-5130 jchessen@aba.com May 16, 2011 Communications Division Ms. Jennifer J. Johnson Office of the Comptroller of the Currency Secretary Mail Stop 2-3 Board
More informationIT Insights. Managing Third Party Technology Risk
IT Insights Managing Third Party Technology Risk According to a recent study by the Institute of Internal Auditors, more than 65 percent of organizations rely heavily on third parties, yet most allocate
More informationWHITE PAPER THIRD PARTY MANAGEMENT: FUNDAMENTALS
THIRD PARTY MANAGEMENT: FUNDAMENTALS by Linda Tuck Chapman Sponsored by Third Party Management Fundamentals Third Party Management isn t new, but its importance is growing in every industry and the financial
More informationBlind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks.
Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks. For anyone familiar with the banking industry, it comes as no surprise that banks are
More informationFinTech Webinar Series: Vendor Management Principles
FinTech Webinar Series: Vendor Management Principles Evolving Best Practices of Bank Service Providers February 14, 2013 Speakers Russell Bruemmer Partner Eric Mogilnicki Partner Jeffrey Hydrick Special
More informationThe New Third-Party Oversight Framework: Trust but Verify kpmg.com
Financial Services Regulatory Point of View The New Third-Party Oversight Framework: Trust but Verify kpmg.com The New Third-Party Oversight Framework: Trust but Verify 1 Financial services regulatory
More informationPandemic Planning. Presented by: Ron Wagner, IT Examiner with FDIC & Dana Lavey, Supervision Analyst with NCUA
Pandemic Planning Presented by: Ron Wagner, IT Examiner with FDIC & Dana Lavey, Supervision Analyst with NCUA Regulator Expectations FDIC and NCUA have similar expectations for pandemic planning Pandemic
More informationImportance of the Consumer Financial Protection Bureau
Importance of the Consumer Financial Protection Bureau The aftermath of the financial crisis affected millions of Americans. The U.S. economy was devastated as companies crumbled, homeowners lost their
More informationGAO YEAR 2000 COMPUTING CRISIS. Federal Depository Institution Regulators Are Making Progress, But Challenges Remain
GAO United States General Accounting Office Testimony Before the Committee on Banking and Financial Services, House of Representatives For Release on Delivery Expected at 10 a.m. Thursday, September 17,
More informationTo: Our Clients and Friends March 25, 2014
Financial Services Group To: Our Clients and Friends March 25, 2014 A Significant Change Is Occurring Regarding Regulatory Oversight of Banks and Their Third Party Relationships. Both Banks and their Vendors
More informationVendor Management. Outsourcing Technology Services
Vendor Management Outsourcing Technology Services Objectives Board and Senior Management Responsibilities Risk Management Program Risk Assessment Service Provider Selection Contracts Ongoing Monitoring
More informationCybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015
Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated
More informationOCC 98-3 OCC BULLETIN
To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel
More informationVendor Risk Management (VRM), How Much Is Enough?
Vendor Risk Management (VRM), How Much Is Enough? Purpose: This paper discusses which vendor relationships should be included in an institution s vendor oversight program and to what level they should
More informationRisk Management of Remote Deposit Capture
Federal Financial Institutions Examination Council 3501 FAIRFAX DRIVE ROOM 3086 ARLINGTON, VA 22226-3550 (703) 516-5487 http://www.ffiec.gov Background and Purpose Risk Management of Remote Deposit Capture
More informationVendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd.
Vendor Management: An Enterprise-wide Focus Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd. Why Focus on Vendor Management Increased financial regulatory scrutiny GLBA and Identity Theft Red
More informationPutting the Management Back in Vendor Management February 20, 2014
Putting the Management Back in Vendor Management February 20, 2014 Moderator: Brian O Reilly The Collingwood Group, LLC Panelists: Calvin Hagins, CFPB Ken Markison, MBA Jonathan McKernan, Wilmer Hale Dan
More informationGuidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance
More informationBOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM
BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM Date: April 19, 2016 To: Board of Governors From: Staff 1 Subject: Re-proposed joint rules implementing the incentive compensation requirements of the Dodd-Frank
More informationA Cautionary Tale Plus Cross-Channel Risk
Dan Tobin A Cautionary Tale Plus Cross-Channel Risk IT Examiner Supervision, Regulation & Credit Dan.tobin@bos.frb.org Agenda A Cautionary Tale Shames-Yeakel v. Citizens Financial Bank Cross-Channel Risk
More informationTESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY. Before the
For Release Upon Delivery 10:00 a.m., December 10, 2014 TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY Before the COMMITTEE ON BANKING, HOUSING,
More informationGovernance Guideline SEPTEMBER 2013 BC CREDIT UNIONS. www.fic.gov.bc.ca
Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS www.fic.gov.bc.ca INTRODUCTION The Financial Institutions Commission 1 (FICOM) holds the Board of Directors 2 (board) accountable for the stewardship
More informationBoard of Directors and Senior Management 2. Audit Management 4. Internal IT Audit Staff 5. Operating Management 5. External Auditors 5.
Table of Contents Introduction 1 IT Audit Roles and Responsibilities 2 Board of Directors and Senior Management 2 Audit Management 4 Internal IT Audit Staff 5 Operating Management 5 External Auditors 5
More informationRisk Management of Outsourced Technology Services. November 28, 2000
Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the
More informationAPPENDIX A NCUA S CAMEL RATING SYSTEM (CAMEL) 1
APPENDIX A NCUA S CAMEL RATING SYSTEM (CAMEL) 1 The CAMEL rating system is based upon an evaluation of five critical elements of a credit union's operations: Capital Adequacy, Asset Quality, Management,
More informationAnti-Money Laundering Policy Manual Table of Contents [Sample Client] Table of Contents
Table of Contents [ Client] Table of Contents TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 3 1.1 GOALS AND OBJECTIVES... 3 1.2 REQUIRED REVIEW... 3 1.3 APPLICABILITY... 3 1.4 MONEY LAUNDERING DEFINED...
More informationOutsourced Third Party Relationship Management/ Vendor Management. TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP
Outsourced Third Party Relationship Management/ Vendor Management TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP 1 Risk Management Guidance 2 3 Appendix J: 4 - Key Elements Third Party Management
More informationthe evolving governance Model for CYBERSECURITY RISK By Gary owen, Director, Promontory Financial Group
the evolving governance Model for CYBERSECURITY RISK By Gary owen, Director, Promontory Financial Group 54 Banking PersPective Quarter 2, 2014 Responsibility for the oversight of information security and
More informationNIST Cybersecurity Framework & A Tale of Two Criticalities
NIST Cybersecurity Framework & A Tale of Two Criticalities Vendor Management & Incident Response Presented by: John H Rogers, CISSP Advisory Services Practice Manager john.rogers@sagedatasecurity.com Presented
More informationFEDERAL FINANCIAL INSTITUTIONS EXAMINATION COUNCIL. Docket No. FFIEC-2016-0001. Uniform Interagency Consumer Compliance Rating System
FEDERAL FINANCIAL INSTITUTIONS EXAMINATION COUNCIL Docket No. FFIEC-2016-0001 Uniform Interagency Consumer Compliance Rating System AGENCY: Federal Financial Institutions Examination Council (FFIEC) ACTION:
More informationInformation Technology Risk
Information Technology Risk Joint World Bank/Federal Reserve System Seminar for Senior Bank Supervisors from Emerging Economies Adrienne Haden & Mike Wallas Board of Governors of the Federal Reserve System
More informationParticipant Protections for Defined Benefit Plan Benefits: Benefit Security
TOPICS IN Pension risk management Participant Protections for Defined Benefit Plan Benefits: Benefit Security As persistent economic and related market factors continue to keep volatility front and center
More informationFederal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK
Federal Financial Institutions Examination Council FFIEC Business Continuity Planning BCP FEBRUARY 2015 IT EXAMINATION H ANDBOOK Table of Contents Introduction 1 Board and Senior Management Responsibilities
More informationHow Lenders Manage Third Party Vendor Compliance for Field Services. Whitepaper
How Lenders Manage Third Party Vendor Compliance for Field Services Whitepaper November 2014 Contents Introduction Current Compliance Issues New Law, New Rules The Software Powering the Solution The Value
More informationFederal Regulatory Agencies Administrative Guidelines. Implementation of Interagency Programs for the Supervision of Technology Service Providers
Federal Regulatory Agencies Administrative Guidelines Implementation of Interagency Programs for the Supervision of Technology Service Providers OCTOBER 2012 for the Supervision of Technology Service Providers
More informationCREDIT RISK MANAGEMENT GUIDANCE FOR HOME EQUITY LENDING
Office of the Comptroller of the Currency Board of Governors of the Federal Reserve System Federal Deposit Insurance Corporation Office of Thrift Supervision National Credit Union Administration CREDIT
More informationFFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors
Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed
More informationNavigating to tomorrow: Serving clients and creating value PwC, Global Private Banking and Wealth Management Report 2013 PMAC Canada 26 November 2013
Navigating to tomorrow: Serving clients and creating value, Global Private Banking and Wealth Management Report 2013 PMAC Canada 26 November 2013 Key themes and strategic priorities 1 2 3 Pervasive regulatory
More informationChief Executive Officers of All National Banks, Department and Division Heads, and All Examining Personnel.
AL 2000 9 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Third-Party Risk TO: Chief Executive Officers of All National Banks, Department and Division Heads,
More informationEVALUATION OF THE INVESTMENT COMPENSATION SCHEME DIRECTIVE DG INTERNAL MARKET AND SERVICES EXECUTIVE REPORT AND RECOMMENDATIONS
EVALUATION OF THE INVESTMENT COMPENSATION SCHEME DIRECTIVE DG INTERNAL MARKET AND SERVICES EXECUTIVE REPORT AND RECOMMENDATIONS 1. BACKGROUND Directive 97/9/EC, known as the Investment Compensation Scheme
More informationAllowance for Loan and Lease Losses: Building the Right Model
Allowance for Loan and Lease Losses: Building the Right Model By Amit Govil, Partner, P&G Associates Recent regulatory emphasis, the changes in the economic climate, the uncertainty in the real estate
More informationInteragency Statement on Pandemic Planning
Interagency Statement on Pandemic Planning PURPOSE The FFIEC agencies 1 are jointly issuing guidance to remind financial institutions that business continuity plans should address the threat of a pandemic
More informationFinancial Crimes Enforcement Network
Financial Crimes Enforcement Network 1 Special Due Diligence Programs for Certain Foreign Accounts Special Due Diligence Programs for Certain Foreign Accounts An Assessment of the Final Rule Implementing
More informationAppendix J: Strengthening the Resilience of Outsourced Technology Services
Appendix J: Strengthening the Resilience of Outsourced Technology Services Background and Purpose Many financial institutions depend on third-party service providers to perform or support critical operations.
More informationMISSION VALUES. The guide has been printed by:
www.cudgc.sk.ca MISSION We instill public confidence in Saskatchewan credit unions by guaranteeing deposits. As the primary prudential and solvency regulator, we promote responsible governance by credit
More informationBOARD OF DIRECTORS RESPONSIBILITIES FOR COMPLIANCE MANAGEMENT SYSTEMS
BOARD OF DIRECTORS RESPONSIBILITIES FOR COMPLIANCE MANAGEMENT SYSTEMS Shannon Phillips Jr. Independent Bankers Association of Texas 1700 Rio Grande Street Austin, Texas 78701 sphillips@ibat.org 512.275.2221
More informationCommunity Banking. Regulators raise the bar on outsourcing relationships. A D V I S O R Fall 2014
Community Banking A D V I S O R Fall 2014 SWOT analysis is solid armor for lenders Uncover risks among your business loan customers 5 tips for a successful succession plan Bank Wire Regulators raise the
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationIntegration of Accounting into Project Management Curriculum. Todd Carothers, MBA, CPA
Integration of Accounting into Project Management Curriculum Todd Carothers, MBA, CPA University of Wisconsin Platteville, 1 University Plaza, Platteville, WI 53818 ABSTRACT This study examines the accounting
More informationAre You Ready for the New Foreclosure Processing Regulations?
Are You Ready for the New Foreclosure Processing Regulations? New regulator guidance provides banks servicing residential mortgages with expectations in effectively assessing foreclosure processing. The
More informationIdentity Theft Red Flags & Address Discrepancies under the FACT Act of 2003. Summary of Final Rule
Identity Theft Red Flags & Address Discrepancies under the FACT Act of 2003 Summary of Final Rule On November 9, 2007, the Office of the Comptroller of the Currency ( OCC ), Federal Reserve Board ( Board
More information6/8/2016 OVERVIEW. Page 1 of 9
OVERVIEW Attachment Supervisory Guidance for Assessing Risk Management at Supervised Institutions with Total Consolidated Assets Less than $50 Billion [Fotnote1 6/8/2016 Managing risks is fundamental to
More informationJoint Statement on the New Accounting Standard on Financial Instruments - Credit Losses
Board of Governors of the Federal Reserve System Federal Deposit Insurance Corporation National Credit Union Administration Office of the Comptroller of the Currency Joint Statement on the New Accounting
More informationCredit Card Related Merchant Activities
Credit Card Related Merchant Activities Standards Examiners should evaluate the above-captioned function against the following control and performance standards. The Standards represent control and performance
More informationOutsourcing Technology Services A Management Decision
Outsourcing Technology Services A Management Decision A Telephone Seminar for National Banks Tuesday, July 20, 2004 And again on Wednesday, July 21, 2004 Agenda Outsourcing activities and relationships
More informationWhen should becomes shall
Deloitte Center for Regulatory Strategies When should becomes shall Rethinking compliance management for banks Contents Introduction 3 Find your baseline: Strategic self-assessment 4 Make the map: Strategic
More informationTHE UH OH MOMENT. Financial Services Enterprises Focus on Governance, Transparency and Supply Chain Risk
THE UH OH MOMENT Financial Services Enterprises Focus on Governance, Transparency and Supply Chain Risk By Lois Coatney, Chuck Walker and Joseph Yacura, ISG Directors www.isg-one.com INTRODUCTION A top
More informationPreparing for the Outsourcing Challenge: Legal Due Diligence to Ensure a Winning Service Provider Relationship
THE 4 TH NATIONAL CONFERENCE ON OUTSOURCING IN FINANCIAL SERVICES NEGOTIATING, MANAGING & TERMINATING OUTSOURCING RELATIONSHIPS WHILE ENSURING REGULATORY COMPLIANCE Renaissance Mayflower, Washington, DC
More informationBusiness Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com
Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?
More informationWhite Paper on Financial Institution Vendor Management
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
More informationNavigating Vendor Management Issues in Today s Regulatory Environment
Navigating Vendor Management Issues in Today s Regulatory Environment May 6, 2015 Elizabeth E. McGinn, Partner Moorari K. Shah, Counsel 1 Disclaimer The information contained herein is for informational
More informationWhite paper: Nine Simple Steps to Vendor Management
White paper: Nine Simple Steps to Vendor Management March 2014 White Paper: Nine Simple Steps to Vendor Management Using a third-party vendor naturally subjects an institution to risks outside its control.
More informationTABLE OF CONTENTS INTERAGENCY ADVISORY ON ACCOUNTING AND REPORTING FOR COMMITMENTS TO ORIGINATE AND SELL MORTGAGE LOANS
TABLE OF CONTENTS INTERAGENCY ADVISORY ON ACCOUNTING AND REPORTING FOR COMMITMENTS TO ORIGINATE AND SELL MORTGAGE LOANS Executive Summary 1 Background 2 Definitions 2 Derivative Loan Commitment 2 Forward
More informationRemarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014
Remarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014 It s a pleasure to be with you back home in Boston. I was here just six weeks ago
More informationThank you for taking the time to send me a letter regarding your concerns about Secure Settlements, Inc.
VIA UPS OVERNIGHT SERVICE Escrow Institute of California PO Box 1069 Carlsbad CA 92018-1069 Dear Ms. Stidham, Thank you for taking the time to send me a letter regarding your concerns about Secure Settlements,
More informationRemarks by. Thomas J. Curry Comptroller of the Currency. At the. Bank Information Technology Training Conference. Atlanta.
Remarks by Thomas J. Curry Comptroller of the Currency At the Bank Information Technology Training Conference Atlanta October 2, 2012 Good morning everyone. Thank you, Carolyn, for your gracious introduction,
More informationMember Business Loans; Commercial Lending Comments on Proposed Rulemaking for Part 723
August 31, 2015 Mr. Gerard S. Poliquin Secretary of the Board National Credit Union Administration 1775 Duke Street Alexandria, VA 22314-3428 Re: Member Business Loans; Commercial Lending Comments on Proposed
More informationCharles Schwab Bank. 2015 Annual Dodd-Frank Act Stress Test Disclosure
Charles Schwab Bank 2015 Annual Dodd-Frank Act Stress Test Disclosure June 2015 I. Dodd-Frank Act Stress Test Results A. About Charles Schwab Bank Charles Schwab Bank (the Bank) is a wholly-owned subsidiary
More informationCapital Projects and Construction: Building in Risk Management and Project Controls
Capital Projects and Construction: Building in Risk Management and Project Controls Making Every Dollar Count The global economic crisis sparked by the subprime mortgage debacle, the collapse of the securitized
More informationRisk Management Programme Guidelines
Risk Management Programme Guidelines Submissions are invited on these draft Reserve Bank risk management programme guidelines for non-bank deposit takers. Submissions should be made by 29 June 2009 and
More informationCFPB Consumer Laws and Regulations
Secure and Fair Enforcement for Mortgage Licensing Act 1 The Secure and Fair Enforcement for Mortgage Licensing Act of 2008 2 () was enacted on July 30, 2008, and mandates a nationwide licensing and registration
More informationNATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL
NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL OFFICE OF FOREIGN ASSET CONTROL COMPLIANCE REVIEW Report #OIG-06-09 December 18, 2006 William A. DeSarno Inspector General Released By:
More informationServicing Issues Update
September 2014 Servicing Issues Update Regulatory Developments 1. Future Rulemaking. CFPB has indicated that it is reviewing its mortgage servicing regulations and may issue additional amendments and clarifications.
More informationNew CFPB mortgage servicing rules present significant challenges for mortgage servicers
New CFPB mortgage servicing rules present significant challenges for mortgage servicers Prepared by: Jose Vivar, Director, McGladrey LLP 312-634-4394, jose.vivar@mcgladrey.com Michael Sher, Partner, McGladrey
More informationBeyond BOM 101: Next Generation Bill of Materials Management whitepaper
An Arena Solutions whitepaper www.arenasolutions.com whitepaper Summary In the world of product development and manufacturing, the bill of materials (BOM) is a critical product information record for both
More informationVENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium
1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management
More informationFive Simple Steps to CRM Selection
Lasso CRM Whitepaper 1. Determine your requirements 2. Generate buy in from stakeholders 3. Decide between on demand or on premise software 4. Select vendor carefully 5. Integrate wisely How do you decide
More informationFederal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning MARCH 2003 IT EXAMINATION H ANDBOOK
Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT RESPONSIBILITIES...
More informationPrivacy of Consumer Financial Information
Background and Overview Introduction Title V, Subtitle A of the Gramm-Leach-Bliley Act ( GLBA ) 1 governs the treatment of nonpublic personal information about consumers by financial institutions. Section
More informationRE: Proposed Minimum Requirements for Appraisal Management Companies (AMCs)
June 9, 2014 Legislative and Regulatory Activities Division Office of the Comptroller of the Currency 400 7 th Street, SW, Suite 3E 218, Mail Stop 9W 11 Washington, DC 20219 Docket ID OCC 2014 0002 Robert
More informationIIA Position Paper: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL
IIA Position Paper: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL JANUARY 2013 TABLE OF CONTENTS Introduction... 1 Before the Three Lines: Risk Management Oversight and Strategy-Setting...
More informationReport on Internal Control
Annex to letter from the General Secretary of the Autorité de contrôle prudentiel to the Director General of the French Association of Credit Institutions and Investment Firms Report on Internal Control
More informationTO CREDIT UNIONS DATE:, May 12, 1998
NATIONAL CREDIT UNION ADMINISTRATION NATIONAL CREDIT UNION SHARE INSURANCE FUND LETTER LETTER NO.: 98-CU-10 TO CREDIT UNIONS DATE:, May 12, 1998 TO: SUBJECT: FEDERALLY INSURED CREDIT UNIONS Testing for
More informationINTERAGENCY GUIDANCE ON THE ADVANCED MEASUREMENT APPROACHES FOR OPERATIONAL RISK. Date: June 3, 2011
Board of Governors of the Federal Reserve System Federal Deposit Insurance Corporation Office of the Comptroller of the Currency Office of Thrift Supervision INTERAGENCY GUIDANCE ON THE ADVANCED MEASUREMENT
More informationThe 5 Questions You Need to Ask Before Selecting a Business Intelligence Vendor. www.halobi.com. Share With Us!
The 5 Questions You Need to Ask Before Selecting a Business Intelligence Vendor www.halobi.com Share With Us! Overview Over the last decade, Business Intelligence (BI) has been at or near the top of the
More information14 TRUTHS: How To Prepare For, Select, Implement And Optimize Your ERP Solution
2015 ERP GUIDE 14 TRUTHS: How To Prepare For, Select, Implement And Optimize Your ERP Solution Some ERP implementations can be described as transformational, company-changing events. Others are big disappointments
More informationSupporting Effective Compliance Programs
October 2015 Supporting Effective Compliance Programs The Oversight Roles of the Board Audit and Risk Committees in Regulatory Compliance By Paul Osborne, CPA, CAMS, AMLP, and Peggy Sepp, CIA To be effective,
More informationThree Cost-Effective Ways to Improve Your Business Continuity Planning and Protect Your Firm
Three Cost-Effective Ways to Improve Your Business Continuity Planning and Protect Your Firm In the past few years, business disruptions have brought the financial industry under greater scrutiny. Superstorm
More informationThere are a number of reasons why more and more organizations
Christopher G. Nickell and Charles Denyer Statement on Auditing Standard No. 70 (SAS 70) is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants
More informationBuilding a strong business continuity plan
Building a strong business continuity plan Protect your clients and firm with a well-planned business continuity plan A solid business continuity plan (BCP) is about more than simply staying in compliance.
More informationEnterprise-Wide Risk Assessment
Enterprise-Wide Risk Assessment Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively assess, manage,
More information