Compliance Insight with David Schneier

FDIC: Now Hiring 1400 New Examiners

The FDIC announced details regarding their recently approved 2009 operating budget. Not exactly your "stop the presses, hold all my calls" sort of thing, but it was worth my time to read through it. It was fairly mundane in the abstract, but one of the details jumped right off the screen at me: "The Board also approved an authorized 2009 FDIC staffing level of 6,269, an increase of 1,459 positions from the staffing level authorized at the beginning of 2008."

It continued on by explaining that the new hires will be used primarily to conduct bank exams and other supervisory activities.

Wowsa, a 30 percent increase in headcount geared almost entirely to enforcement activities. Now that would make an impression on almost anyone in our industry, but it hit me like a 15-pound sledgehammer between the eyes. 

Wowsa, a 30 percent increase in headcount geared almost entirely to enforcement activities. Now that would make an impression on almost anyone in our industry, but it hit me like a 15-pound sledgehammer between the eyes.

Why, you might ask? Because in the last month or so I've heard an awful lot of chatter from the field about how exams were conducted recently, and several key activities either weren't reviewed or received little more than a passing glance. Gossip is an interesting dynamic of any segment of society, but all the more so within the banking and credit union space. It seems as if every institution knows about every other institution's recent exams, and word spreads like wildfire as a result. I heard at least three times since October 1 that vendor management wasn't receiving very much attention. One of our clients was actually a little annoyed because they have a solid program in place and wanted the chance to show it off (not a self-serving plug for the practice; they did theirs all on their own). I was surprised by this very recent shift because 2008 started with everyone, and I mean everyone going crazy trying to get their Vendor Management programs in place. And there was nothing to explain why the sudden change. Within our ranks, we figured that it likely had to do with bandwidth and skills; there just wasn't enough time to do everything or enough experience to do everything right, and so the examiners were prioritizing differently. It made sense when you consider how none of the bank failures was directly the result of vendor management practices. So it seemed as if though the agencies were pouring what resources they had into activities more closely aligned with the money management issues that contributed to our economic struggles.

But that's all going to change with the New Year. The FDIC now has more resources, they have more money, and they have a well-earned sense of entitlement considering their role as savior during 2008. Now they'll be able to hire qualified Information Security examiners, team them with experienced operation and financial examiners and send fully-formed, well rounded teams into the field. And the teams will likely have more time to conduct their fieldwork, as they no longer need to be in two places at one time. Plus, with everyone still hurting from the near-collapse of the banking industry this year, no one will be able to resist this newly-energized audit army. In past years you may have been able to claim some form of hardship in order to gain leeway or flexibility with the examiners. This next year, though, any attempt to do so will likely be construed as an effort to hide something. 2009 is the year when you publically throw your arms into the air and welcome the examiners into your institution.

One thought comes to mind: What about those institutions that have been reacting to the recent news of relaxed enforcement activities? How many institutions have been slow to complete their compliance agendas this year or have delayed a proper deployment of new ones such as Red Flags? Now they're confronted with not only having to make sure everything is in place and functioning, but also with the prospect of having a way more thorough exam.



About the Author

David Schneier

David Schneier

Director of Professional Services

David Schneier is Director of Professional Services for Icons Inc., an information security consultancy focused on helping financial institutions meet regulatory compliance with respect to GLBA 501(b) and NCUA Part 748 A and B. He has over 20 years' experience in Information Technology, including application development, infrastructure management, software quality assurance and IT audit and compliance.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.