Due Diligence 101: Are On-Site Visits Required?
Let’s start with guidance on the subject. There is very little guidance requiring on-site due diligence. It’s peppered with words like “may” or...
Creating Value with A Culture of Risk Management
Many bankers think the concept of a “risk management culture” is thought exercise. It’s the kind of psychobabble that takes up time that could be dedicate
GAO Grades Regulatory Agencies on Risk Management Supervision
The board will consider whether there are specific factors Federal Reserve staff should consider when escalating supervisory concerns.
Wishing for More Regulatory Tailoring? You’ll Love Risk Management
In a world where bankers feel overwhelmed and disadvantaged by a seemingly one-size-fits-all regulatory environment, there remains one place where a fina
Brokered Deposits & Vendor Management
As the industry pushes for more flexibility to make it easier to work with deposit brokers, bankers can help make their case with strong vendor management.
We Listen So You Don’t Have To: FDIC’s Crisis & Response Podcast
What went down during the financial and banking crises, and what did the FDIC learn from it? The FDIC has released a 7-part podcast.
Do Small Institutions Need Risk Management?
Risk management isn’t just for large institutions. The case can be made that it’s even more important for smaller FIs to address risk management.
Embezzlement in La La Land: How a TV Studio Credit Union CEO Stole $40 Million Over 20 Years
Would you believe a story where the villain steals over $40 million from a FI that only had $21 million in assets? The truth is stranger than fiction.
Game of Thrones: Risk Assessing The Iron Bank
Game of Thrones has returned for its final season! In honor of the ending of this series, let’s identify the biggest risks facing The Iron Bank of Braavos.
Are You Making This Common Vendor Management Mistake Observed by the FDIC?
FIs aren’t doing enough to ensure their contracts with third-party vendors sufficiently address business continuity and incident response.
3 Tips for Avoiding an Equifax-Style Breach
When one of the nation’s largest credit reporting companies reports a breach involving the private financial data of over 145 million Americans, people
Why Vendor Cyber Monitoring Matters
No matter how strong a financial institution’s own cyber defenses are, it’s really only as strong as its weakest vendor.
Risk Management: Knowing When It’s Time to Start Again
How can you tell if a risk management program needs to be totally reinvented? The benefits of a complete overhaul can often outweigh the inconvenience.
How to Discover Vendor Cybersecurity Flaws Before Data Thieves Exploit Them
How do you know if a cybersecurity rating is covering all the bases? Make sure it monitors these key areas...
GAO & OCC Disagree Over Risk Management
Have you felt like an examiner, auditor, or other reviewer just didn’t get you, your bank, or a program/business line? The OCC can relate.
3 Tips for Avoiding UDAAP Violations
If you've ever wondered how to avoid unfair, deceptive, or abusive acts or practices, this post is for you! You'll see three great tips to help you...
Is the Absence of Risk Stunting the Next Generation of Risk Managers?
If we don’t give children the opportunity to encounter reasonable, relatively low-stakes risk, how will they be prepared for risk at the enterprise level?
UDAAP Compliance: Defining Unfair, Deceptive, & Abusive Acts and Practices
Get clear definitions for each of the key terms involved in UDAAP compliance, including how to define unfair, deceptive, and abusive acts and practices!
Celebrating Abraham Lincoln's Banking Legacy: A Podcast
In honor of Abraham Lincoln's birthday and President's Day, enjoy this podcast from ABA Banking Journal celebrating Lincoln's banking impact...
Training Risk Management Heroes, Part 1: Banking on the Frontline
Frontline staff at FIs are trained to protect both the institution and its customers by identifying fishy transactions, but staff are capable of going
The Bad Guys Keep Getting Smarter. Let’s Hope Financial Institutions and Vendors Can Keep Pace.
Cyber criminals are growing increasingly clever.Just consider what happened to Tampa Bay Credit Union recently...
Fintech Update: Agencies Encourage Increased Regulator Oversight of Third Parties, but Will Anything Happen?
Increased risk exposure from third-party providers poses threats to the entire financial system, and banking regulatory agencies should have the ability
Third-Party Management of Cloud Computing
While 'the cloud' may seem mysterious to the layperson, there shouldn’t be anything secretive about your third-party vendors’ cloud use. If your vendor
2019 Risk Outlook: Concentration Risk
Concentration risk is most commonly associated with lending. Looking ahead, the New York Fed is warning of a different kind of concentration risk
Is Apple Pay a Vendor?
Apple Pay is not a direct vendor. This raises an interesting question. Should financial institutions (FI) using Apple Pay have to review Apple as a vendor?
NCUA Eyes Economic Environment, Change Management & Third-Party Risk With 2019 Supervisory Priorities
The NCUA has made adjustments to its Supervisory Priorities for 2019 - emphasizing controlling risks, including a new focus on third-party risk management.
The Top 8 Internal Cybersecurity Vulnerabilities Challenging Financial Institutions
Internal vulnerabilities are the aspects of cybersecurity that your institution has direct control over. The eight most significant internal vulnerabilitie
How the Government Shutdown is Affecting Regulatory Agencies
The partial government shutdown has furloughed workers at the national parks, the Smithsonian museums, the IRS, courts, and other federal institutions, but
Your Vendor Talks Risk Management Talk, but Does It Walk the Walk?
The words “manage, mitigate, and reduce risk” from a third-party vendor are music to the ears of a risk manager. Unfortunately, talk is cheap—and legal
Inside the Life of an Information Security Officer
What’s it like to be the information security officer at a $1.5 billion-asset community bank? We chatted with one to learn more about the challenges ISO