Compliance Insight with David Schneier

IndyMac Proves the System Works

One of the tricks of my trade is to see the forest for the trees. Which is to say that with what our practice encounters during fieldwork, what we hear from the regulatory agencies and what we read/hear about in the news, we need to correlate and figure out what it all means. We then need to apply that toward the services we deliver and help our clients keep up with the expectations of examiners. And it never stops -- never!

Regarding the recent conversion of IndyMac to a conservatorship operated by the FDIC, I scanned through all the agency releases and published articles and came up with this conclusion: The systems established by FDIC appear to be working just fine. FDIC Chair Sheila Bair was quoted as saying that "for insured depositors, IndyMac's conversion has been largely a non-event. The more than 200,000 customers of IndyMac with deposits of $18 billion are fully protected." So, no "It's a Wonderful Life" run on the banks scenario is forthcoming. Bair further went on to put this into perspective that customers "had continued access to their funds through ATMs, debit cards and writing checks over the weekend, and on Monday morning it will be business as usual." And a week later, it appears that she was correct.

With the IndyMac situation in mind, I'm all the more mindful of comments made by Comptroller of the Currency John C. Dugan earlier this month in which he said that "We simply cannot take our eyes off compliance while we address safety and soundness." Or rather, despite the mortgage crisis and the impact on financial institutions, there is equal if not greater vigilance required in addressing regulatory compliance.

Why? Because the system works. Understanding where there's risk to your institution and to your customers/members, and then designing controls to address those risks, results in a more secure, more reliable banking experience.

This is a time when institutions that are concerned about public perception need to remind customers of the various regulatory checks and balances in place that ensure their funds are safe. That the institution isn't going to stop functioning with the depositor's money and information simply being exposed or placed at risk. And this is also why examiners are moving past ensuring the existence of certain controls and looking for proof that they function as expected. It's why you're hearing more about vendor management and business continuity planning. It's why risk assessments are being scrutinized to ensure they're comprehensive and present a realistic view of the institution.

So, when a client asked me last week how I thought all of this would impact their world, I had a simple enough answer: Just continue doing what you're already supposed to be doing, and you'll be fine. And trust that the system works.



About the Author

David Schneier

David Schneier

Director of Professional Services

David Schneier is Director of Professional Services for Icons Inc., an information security consultancy focused on helping financial institutions meet regulatory compliance with respect to GLBA 501(b) and NCUA Part 748 A and B. He has over 20 years' experience in Information Technology, including application development, infrastructure management, software quality assurance and IT audit and compliance.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.