Incident Response Programs: Don't Get Caught Without One
The media has been filled with stories of data compromises and security breaches at all types of organizations. A security incident can damage corporate reputations, cause financial losses, and foster identity theft, and banks are increasingly becoming targets for attack because they hold valuable data that, when compromised, allow criminals to steal an individual's identity and drain financial accounts. To mitigate the effects of security breaches, organizations are finding it necessary to develop formal incident response programs (IRPs). This article highlights the importance of IRPs to a bank's information security program and provides information on required content and best practices banks may consider when developing effective response programs.
Chasing the Asterisk: A Field Guide to Caveats, Exceptions, Material Misrepresentations, and Other Unfair or Deceptive Acts or Practices
Although the vast majority of FDIC-supervised institutions adhere to a high level of professional conduct, the FDIC has seen an increase in violations of Section 5 of the Federal Trade Commission Act (FTC Act), which prohibits unfair or deceptive practices in or affecting commerce. The Act applies to all aspects of financial products and services, and this increase in violations may be the result of increased competition among financial institutions, along with a growing dependence on fee income, expansion into the subprime market, and the increase in the number of products with complex structures and pricing. This article outlines how examiners identify and address acts or practices that may violate the prohibition against unfair or deceptive acts or practices, and it provides information to help financial institutions assess their products and services and develop a plan to avoid violations of Section 5 of the FTC Act.
Understanding BSA Violations
While most insured financial institutions have an adequate system of BSA controls, high-profile cases in which large civil money penalties have been assessed for noncompliance with the BSA highlight the importance of banks' efforts to ensure compliance with the BSA and its implementing rules. Shortfalls in BSA controls can result in violations of the BSA and the implementing rules being cited in Reports of Examination. This article highlights recent USA PATRIOT Act changes, discusses the types of BSA-related violations cited in examination reports, and clarifies the difference between a significant BSA program breakdown and technical problems in financial institutions. The article also provides examples of best practices for maintaining strong BSA and Anti-Money Laundering compliance programs.
From the Examiners
Desk... Examiners Report on Commercial Real Estate Underwriting Practices
Banks are becoming increasingly reliant on commercial real estate (CRE) lending, and, in some markets, underwriting and administration of such loans have deteriorated in the effort to gain market share. This article provides an update on CRE lending nationwide by looking at examples of bank policies and practices in CRE concentrations and presenting best practices for identifying, monitoring, and controlling such risk.
Accounting News... Auditor Independence
When CPAs and their firms provide certain services that require them to be independent, such as audits of financial statements and audits of internal control over financial reporting, they are referred to as independent public accountants, independent auditors, or external auditors. But what does "independence" mean when external auditors provide these services? This article summarizes existing professional standards for auditor independence, including recent developments on tax services and contingent fees as well as the use of limitation of liability clauses in engagement letters.
Supervisory Insights is published by the Division of Supervision and Consumer Protection of the Federal Deposit Insurance Corporation to promote sound principles and best practices for bank supervision.
Sheila C. Bair
Sandra L. Thompson
Director, Division of Supervision
and Consumer Protection
Journal Executive Board
George French, Deputy Director and Executive Editor
Christopher J. Spoth, Senior Deputy Director
John M. Lane, Deputy Director
Robert W. Mooney, Acting Deputy Director
William A. Stark, Deputy Director
John F. Carter, Regional Director
Doreen Eberley, Acting Regional Director
Stan R. Ivie, Regional Director
James D. LaPierre, Regional Director
Sylvia H. Plunkett, Regional Director
Mark S. Schmidt, Regional Director
Bobbie Jean Norris Managing Editor
Christy C. Jacobs Financial Writer
Eloy A. Villafranca Financial Writer
Supervisory Insights is available online by
visiting the FDIC's website at www.fdic.gov.
To provide comments or suggestions for future articles or to request permission
to reprint individual articles, send an e-mail to firstname.lastname@example.org.
To request print copies, send an e-mail to email@example.com.
The views expressed in Supervisory Insights are
those of the authors and do not necessarily reflect official positions of the
Federal Deposit Insurance Corporation. In particular, articles should not be construed
as definitive regulatory or supervisory guidance. Some of the information used
in the preparation of this publication was obtained from publicly available sources
that are considered reliable. However, the use of this information does not constitute
an endorsement of its accuracy by the Federal Deposit Insurance Corporation.