A Regulator's Holiday Wish List for the Year Ahead

A Regulator’s Holiday Wish List for the Year Ahead

On the hunt for a perfect gift for your examiner and primary regulator? Look no further! We’ve been taking notes at industry conferences and meetings all year and know exactly what the federal regulatory agencies are hoping you’ll get them this year. On the wish list: Run your ideas past them before implementation. You talk

More
How to Control the Financial Risk of a Data Breach

How to Control the Financial Risk of a Data Breach

How much does a data breach cost? Understanding the costs—and why some breaches cost more than others—can help your financial institution mitigate the financial risks of a data breach. A data breach costs $242 per lost record in the United States, according to the 2019 Cost of a Data Breach Report by IBM and Ponemon

More
The Difference Between Data Privacy & Security

The Difference Between Data Privacy and Security

Data privacy and security has been getting a lot of press as the industry looks ahead to when the California Consumer Privacy Act takes effect January 1. Financial institutions are well-prepared for this sweeping new law which will give Californians—and by extension Americans—the right to know what personal data is being collected and sold and

More
When it Comes to Fintech, You've Got a Friend in Your Regulator

When it Comes to Fintech, You’ve Got a Friend in Your Regulator

Most financial institutions have good relationships with their regulators—but many aren’t making the most of what the financial regulatory agencies have to offer when it comes to fintech strategy. Several of the agencies have introduced offices of innovation over the past few years to better understand the fintech landscape and work with banks to deal

More
FFIEC Business Continuity Management

FFIEC: Business Continuity Planning is Now Business Continuity Management

Fill in the blank. Business continuity                                         . Did you answer “plan”? In the past, you’d have been right. But under new guidance issued by the Federal Financial Institutions Examination Council (FFIEC) this month (you can read it here), you’re going to want to adjust your business continuity mindset to a new reality. New FFIEC

More
What Does the OCC Look for in a CMS?

What Does the OCC Look for in a CMS?

The Office of the Comptroller of the Currency (OCC) defines a compliance management system (CMS) as “the method by which a bank manages consumer compliance risk, supports compliance with consumer protection-related laws and regulations, and prevents consumer harm.” The Comptroller’s Handbook CC-CMS, published in June 2018, specifically addresses CMSs designed to manage consumer compliance risk.

More
What Does the Federal Reserve Look for in a CMS?

What Does the Federal Reserve Look for in a CMS?

The Federal Reserve defines a compliance management system (CMS) as a credit union’s overall approach to managing compliance risk. Compliance risk is the potential for violating any of the laws and regulations that govern bank operations, including those related to federal consumer financial protection. From the Bank Secrecy Act to the SAFE Act, it seeks

More
Risk Management Aids Prep for Risk-Focused Exams

Risk Management Aids Prep for Risk-Focused Exams

Risk management helps financial institutions anticipate and guard against all kinds of risks—everything from cyber threats to compliance mistakes to careless third-party vendors. But did you know it can also help prepare for exams? According to a recent American Bankers Association compliance survey, “Examiner review of a bank’s risk management system appears to reduce examination

More
Agile Approach to Compliance

Can You Adopt an Agile Approach to Compliance?

One of the buzzwords in business these days is “agile.” If you’re looking to learn more about what an agile approach is, and how it can be used in compliance, this post is for you. You’ve probably heard the word “agile” to describe a way of working. The “agile” approach is a common term in

More

A Risk Assessor Origin Story Courtesy of Stephen King’s IT

*** Warning: This blog contains spoilers for the horror movie IT (2017) and IT Chapter Two (2019). ***   Movies are chockfull of superhero origin stories, but what about us regular risk management folks? Well, we finally have one thanks to horror movies IT and IT Chapter Two, released in 2017 and 2019 respectively. Based

More
Michael Berman at FDIC

What Does the FDIC Look for in a CMS?

The FDIC expects a bank’s board of directors and management to have a compliance management system (CMS) adapted to its business strategy to effectively manage compliance risk. It should be consistent with the size and complexity of its products, services, and markets. Compliance risk is the potential for violating any of the laws and regulations

More