Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank

Home > News & Events > Press Releases

Press Releases

FDIC's Supervisory Insights Reports How Banks can Effectively Handle Security Breaches Through Incident Response Programs

Other supervisory "hot topics" covered - best practices for identifying and controlling risk in commercial real estate (CRE) lending, how examiners identify and address unfair or deceptive acts or practices, and understanding Bank Secrecy Act violations.

January 3, 2007
Media Contact:
David Barr (202-898-6992)

How a financial institution can create an effective incident response program to mitigate a data security breach is reported in the FDIC's winter 2006 edition of Supervisory Insights, released today. Other topics covered in today's edition are: an update on CRE lending nationwide, with a look at best practices in CRE concentrations, particularly for identifying, monitoring and controlling risk in this lending area; the increasing number of unfair or deceptive acts or practices, and how examiners identify and address those violations; and highlights of recent USA PATRIOT Act changes and the types of Bank Secrecy Act (BSA)-related violations that examiners are citing.

"This edition of Supervisory Insights focuses on the need to protect consumer data now more than ever, particularly with the increasing sophistication of online fraud," said Sandra Thompson, Director of the FDIC's Division of Supervision and Consumer Protection.

"We also examine CRE lending nationwide in our regular feature 'From the Examiner's Desk.' Examiners have observed higher CRE concentrations, as well as the willingness of some institutions to gain market share at the expense of good underwriting and loan administration in this area. These findings support the banking agencies' recently issued CRE lending guidelines - the goal of which was not to decrease volume, but to ensure that these loans are prudently underwritten and well-managed.

"We are pleased to share our views about these topics and others of importance to bankers and the regulatory community in each edition of our Supervisory Insights journal," said Director Thompson.

Data compromises, security breaches and other Web-related crimes can damage the reputation and relationships of all types of businesses, including financial institutions. An incident response program can mitigate risk and assess the damage of these crimes. "Incident Response Programs: Don't Get Caught Without One" reports on how some institutions are protecting themselves, and the importance of incident response programs to a bank's overall information security program.

BSA violations can have serious implications for financial institutions. Several high-profile cases in which large civil-money penalties have been assessed for noncompliance with BSA highlight the importance of banks' efforts to ensure compliance with the Act. "Understanding BSA Violations" addresses recent USA PATRIOT Act changes and some best practices for banks' BSA compliance programs.

With an increasing number of unfair or deceptive acts or practices (Section 5 of the Federal Trade Commission Act), Supervisory Insights explains how the FDIC evaluates product offerings for compliance. "Chasing the Asterisk: A Field Guide to Caveats, Exceptions, Material Misrepresentations, and Other Unfair or Deceptive Acts or Practices" also discusses how increased competition and lower profit margins have placed some institutions in jeopardy of violating Section 5 when they expand their product lines.

Regular features in Supervisory Insights include "Capital and Accounting News," which examines "auditor independence" and what that means for insured financial institutions; and "Regulatory Roundup," which provides an overview of the most recently released supervisory guidance.

Supervisory Insights provides a forum for discussing how bank regulation and policy are put into practice in the field, sharing best practices, and communicating about the emerging issues that bank supervisors face. The journal is available online by visiting the FDIC's Web site at Suggestions for topics for future issues and requests for permission to reprint articles should be e-mailed to Requests for print copies should be e-mailed to


Congress created the Federal Deposit Insurance Corporation in 1933 to restore public confidence in the nation's banking system. The FDIC insures deposits at the nation's 8,743 banks and savings associations and it promotes the safety and soundness of these institutions by identifying, monitoring and addressing risks to which they are exposed. The FDIC receives no federal tax dollars - insured financial institutions fund its operations. FDIC press releases and other information are available on the Internet at, by subscription electronically (go to and may also be obtained through the FDIC's Public Information Center (877-275-3342 or 703-562-2200). PR-1-2007

Last Updated 01/03/2007

Skip Footer back to content