www.e-businessmanagement.com 2004 © Dr. John T. Whiting All Rights Reserved Slide 1 Achieving Compliance with GBLA & Other Laws and Regulations Impacting.

Slides:

Advertisements

Similar presentations

Options appraisal, the business case & procurement

Advertisements

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

Chapter 10 Accounting Information Systems and Internal Controls

Draft Action Plan Update – Agenda Item No. 5D Central Valley Flood Protection Board.

THE COMMUNITY REINVESTMENT ACT Tools for Improving Community Development Lending, Services and Investments.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

Directors’ College 2007 Protecting Your Customers’ Privacy A Directors’ Guide to GLBA By David Abbott, FDIC IT Examiner.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

3rd session: Corporate Governance

Challenge Questions What outcomes have we achieved?

Risk Assessment Frameworks

Euseden INTERNAL AUDIT & ASSURANCE SERVICES.

Eurasian Corporate Governance Roundtable

Paradise Valley Community College Ways to Fit Security Risk Management to Your Environment Using the OCTAVE Methodology Tailoring OCTAVE at Maricopa Community.

Guidance for Managing Third-Party Risk Chicago Region Regulatory Conference Call December 8, 2010.

Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Section 12-2-Regulatory Agencies and Laws.   These agencies make or enforce rules and regulations  Agencies provide oversight or supervision of activities.

INFORMATION SECURITY REGULATION COMPLIANCE By Insert name dd/mm/yyyy senior leadership training on the primary regulatory requirements,

MCUL – Key Regulatory Issues MCUL’s Regulatory Affairs strategy and focus revolve around the central themes of advocacy, information, and implementation.

Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.

Continual Service Improvement Process

OECD Guidelines on Insurer Governance

Corporate Support Richard Brown, Business Director.

Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.

Implementing and Auditing Ethics Programs

Supporting tools in an IT Project & Portfolio Management environment Ann Van Belle -

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.

1 International Conference on Enhancing the Effectiveness of Deposit Insurance Operation, Hanoi March, 2007 ENHANCING THE LEGAL FOUNDATION FOR DEPOSIT.

Effective Management and Compliance 1 ANA GRANTEE MEETING  FEBRUARY 5, 2015.

© Dr. John T. Whiting All Rights Reserved Slide 1 The Rationale for Integrating IT Assets into the Strategic Business.

Dynamics of Financial Services Environment Strategies, statements and planning process.

Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.

CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.

© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.

Roles and Responsibilities

Implementing and Auditing Ethics Programs

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

September 14, David A. Reed Attorney at Law Reed & Jolly, PLLC (703)

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Sharing Information With Affiliates and Third Parties F. Jay Meyer Vice President & Senior Counsel TD Bank, N.A. Portland, Maine.

World Bank Institute Regional Workshop for Anglophone Africa on Auditing and Financial Accountability Addis Ababa KEY ISSUES IN CREATING AN EFFECTIVE INTERNAL.

1 OMB Circular A-123 Lessons Learned: Strategies for Sustained Compliance and Outlook for the Future Presented by Frank Petersen, Director Office of Quality.

© Dr. John T. Whiting All Rights Reserved Slide 1 Information Technology – The Key to Public Education Reform Based.

Privacy Project Framework & Structure HIPAA Summit Brent Saunders

© Prentice Hall, 2007Excellence in Business, 3eChapter Keeping the Engine Running: Financial Management and Banking.

© Dr. John T. Whiting All Rights Reserved Slide 1 The Need to Integrate IT Assets into the Strategic Plan in all Business.

Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.

MANAGING THIRD-PARTY RISK New York Region Regulatory Conference Call March 3, 2011.

Placing Information Security within an Organization

Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.

Compliance August 18, Agenda Outline Status Draft of Answers.

FDIC Perspective on Environmental Risk Presented by: Gordon Stoner Legal Division Federal Deposit Insurance Corporation May 6, 2008.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Using GAO’s Fraud Risk Management Framework

Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

Judy Graham, Program Officer

MANAGEMENT of INFORMATION SECURITY, Fifth Edition

Optimizing Your Regulatory Compliance Program

The CFPB’s Legal Minefield for CREDIT UNIONS

Chapter 9 Control, security and audit

Financial Institutions

Privacy Project Framework & Structure

John Carlson Senior Director, BITS

Corporate Governance It is a system by which companies are managed and directed in the best interests of the owners and shareholders. It refers to the.

CHANGE IS INEVITABLE, PROGRESS IS A CHOICE

University of Maryland Robert H. Smith School of Business

Presentation transcript:

© Dr. John T. Whiting All Rights Reserved Slide 1 Achieving Compliance with GBLA & Other Laws and Regulations Impacting on Financial Institutions A Check List and Strategy for Financial Institution Senior Managers & Boards of Directors

© Dr. John T. Whiting All Rights Reserved Slide 2 Federal Law and Regulation

© Dr. John T. Whiting All Rights Reserved Slide 3 Achieving Compliance is a Challenging Task…

© Dr. John T. Whiting All Rights Reserved Slide 4 Laws & Regulations Governing Financial Institutions Laws: 12 USC 146 (d): Home Owners’ Loan Act 12 USC 1867 (c): Bank Service Company Act 12 USC 1882: Bank Protection Act 15 USC 6801 and 6805 (b): Gramm-Leach-Bliley Act Federal Reserve Board: 12 CFR Part 208, Appendix D-2: Interagency Guidelines Establishing Standards for Safeguarding Customer Information 12 CFR Parts and (i): Protection of customer information 12 CFR Part 225, Appendix F: Interagency Guidelines Establishing Standards for Safeguarding Customer Information Federal Deposit Insurance Corporation: 12 CFR Part 364, Appendix A: Interagency Guidelines Establishing Standards for Safety and Soundness 12 CFR Part 364, Appendix B: Interagency Guidelines Establishing Standards for Safeguarding Customer Information National Credit Union Administration: 12 DFR Part 721: Federal Credit Union Incidental Powers Activities 12 CFR Part 748: Security Program, Report of Crime and Catastrophic Act, Bank Secrecy Act Compliance, and Appendix A – Guidelines for Safeguarding Member Information 12 CFR Part 716: Privacy of Consumer Financial Information 12 CFR Part 741: Requirements for Insurance 12 CFR Part 740: Advertising Office of the Comptroller of the Currency: 12 CFR Part 30, Appendix A: [Interagency] Guidelines Establishing Standards for Safety and Soundness 12 CFR Part 30, Appendix B: [Interagency] Guidelines Establishing Standards for Safeguarding Customer Information Office of Thrift Supervision: 12 CFR Part 570, Appendix A: Interagency Guidelines Establishing Standards for Safety and Soundness 12 CFR Part 570, Appendix B: Interagency Guidelines Establishing Standards for Safeguarding Customer Information

© Dr. John T. Whiting All Rights Reserved Slide 5 Policy Change Escalating of IT Management to the Strategic Business Level IT regarded as a tactical asset and managed at the tactical/ technical level by IT Managers. IT integrated into the strategic business plan and managed by the CEO and the Financial Institution’s Board of Directors.

© Dr. John T. Whiting All Rights Reserved Slide 6 Financial Institution Laws and Regulations Compliance Check List  Is the Financial Institution (FI) fully aware of the Laws and Regulations that must be complied with?  Does the FI have policy defining the process for achieving compliance with laws and regulations?  Does the FI have a process to determine the financial institution’s status and vulnerability regarding compliance with laws and regulations?  Has the FI conducted a full enterprise audit of the institution’s status of compliance?  Has the FI collected valid audit data and analyzed these data to measure the discrepancy between compliance requirements and the financial institution’s status?  Has the FI adopted a Laws & Regulations Compliance Plan (LRCP) to guide the compliance effort, define projects and budget resources to achieve compliance?  Has the LRCP been integrated into the FI strategic plan?  Has the LRCP been implemented?  Are the outcomes measured by formative and summative evaluation?  Is the FIGCP ongoing with refinement and upgrades based on continuous status monitoring, assessment and prioritizing as a routine part of the strategic plan.

© Dr. John T. Whiting All Rights Reserved Slide 7 Phase I - Phase II - Phase III - Phase IV - Phase V - Baseline Company Audit to Identify Government Regulation Compliance Status:  Business Policy Status  Technology/User Status  Compliance status FI Government Compliance Plan (FIGCP) Development and Targeting of Compliance Priorities Prescription of Priority Compliance Targets Projects Priority Compliance Project Implementation & Formative Evaluation Priority Project Completion, Summative Evaluation and Status Re-assessment Discovery of Compliance Status, Discrepancy Analysis and Needs Assessment Diagnosis of Status, FIGCP Development & Priority Targeting Priority Compliance Project Identification Within Key Business Functions & Across the Enterprise Implementation of Priority Projects, Formative Evaluation to Document Progress based on FIGCP Completion of Priority Compliance Projects, Summative Evaluation and Documentation to Meet Reporting Requirements Note: The process is continuous and integrated into the strategic planning and budgeting process! The E-BMC Model for Achieving Compliance

© Dr. John T. Whiting All Rights Reserved Slide 8 Partnering with E-BMC to Achieve FI Compliance The Advantages: The FI can take immediate action, directed by an expert partner, to design direct, lead staff and monitor the FI’s compliance program A compliance program, based on the E-BMC Methodology, that is compatible with and easily integrated into the FI’s strategic business plan and budgeting process A compliance plan based on FI’s staff involvement yielding increased staff awareness, capacity to follow laws and regulations, and use of FI resources A highly cost effective alternative to outsourcing compliance work to a third party accounting, auditing or service provider outside of the FI.

© Dr. John T. Whiting All Rights Reserved Slide 9 Interested in more information… Contact Dr. John T. Whiting at: Village Way – Suite F-6 Vernon, NJ 07462