Compliance Insight with David Schneier

Safety, Soundness and Regulatory Compliance

I'm traveling this week and figured I wouldn't have time to make my weekly blog entry while managing through a very full schedule. Writing these posts by itself is simple enough once you have a topic or idea to work with, but air travel, long car rides and fieldwork at multiple client sites don't allow much room for creative thinking. So it was with some degree of surprise that within the first 24 hours of my work week I encountered not one, not two, but three different items of interest that were worth sharing.

While driving through a small city in Middle America and focusing mostly on finding my hotel late Monday night, I saw a huge billboard. It was an ad for a local credit union, listing the name of their institution and three simple words: Safe, Sound, Secure. Nothing about lower interests rates on loans or higher yields on CD's or anything typically thought of as banking-related. It was just a basic message during a very complicated period for our economy and our financial institutions. They were selling trust and confidence instead of products and services. If you'd told me even 12 months ago that a CEO would approve of spending money on such a campaign, I would've thought you were crazy. But despite my initial shock, I quickly came to think that it was a brilliant idea. The FDIC and NCUA can issue statements all day and night about insured deposit amounts, but nothing states it as plainly or effectively.

Then I arrived at the hotel and grabbed a copy of USA Today. There was an article about how consumer confidence was low for mid-sized financial institutions. The perception was that the larger banks were bolstered by the $700 billion bailout, and the smaller banks avoided engaging in risky business practices to begin with and thus were stable, but no one knew for certain about those in-between. It was all the more interesting to me on the eve of Election Day because it got me thinking about how much of our decisions are influenced not by facts, but rather perception (candidates spending equal time selling you on their strengths while framing their opponents' shortcomings). For me, the article was more about how many of the mid-sized banks are suffering from an absence of information or messaging. We all know that the big players have received their public assistance because we've read about it in the newspapers, watched it on TV and heard it on the radio. We have a generally good idea that our local institutions are on solid footing because they've told us as much in the form of mailings, website notices and marketing campaigns (like billboards for example). But those in the middle are taking a page from playbooks of the big players and acting like its business as usual. What's missing is all the free press about how they're receiving federal assistance or a clear message that, due to sound business practices, they're strong. Are they at greater risk than anyone else? I don't really know. What I do know is that your deposits are insured at all FDIC and NCUA institutions up to $250,000 regardless of their size. Oh, and the government is offering them a piece of the bailout as well. However, without the press coverage and without their talking to us, it's not easy to know, and so we form an opinion based on perception, not facts.

Lastly this is a follow-up to a post from a few weeks ago about how size is not relative when it comes to identifying and managing risk. The client that I'm working with this week is of a modest size. Despite trying to maintain an open mind and conducting my fieldwork without bias, it's hard to avoid having expectations based on my experiences. So imagine my surprise when I found them to not only be on top of things, but in many ways raising the bar for what's possible. Through a combination of well-designed documentation, strong controls and a collection of in-house developed software utilities, they've managed to do more with less. I asked the CIO why he thought it was possible for his institution to manage this work while so many others of similar size struggled, and he said it wasn't really an option. Basically their approach was to figure out the right way to conduct the work and than automate where possible. And when you look at what they've implemented, it's not complex or advanced programming; its brilliance is in its simplicity and effectiveness more than anything else. But they took the approach that it was easier to comply than resist, and as a result they've accomplished so much more than what was expected.

Next week I'm hoping to discuss the possibility of Sheila Bair, Chair of the FDIC, becoming the next Treasury Secretary (because I'm still waiting for her to blink or show a little sweat while being in the eye of the storm). However, I still have to wrap up the fieldwork and travel home, and the way this week has gone so far ... who knows what else will present itself to me in the form of ideas for the blog?



About the Author

David Schneier

David Schneier

Director of Professional Services

David Schneier is Director of Professional Services for Icons Inc., an information security consultancy focused on helping financial institutions meet regulatory compliance with respect to GLBA 501(b) and NCUA Part 748 A and B. He has over 20 years' experience in Information Technology, including application development, infrastructure management, software quality assurance and IT audit and compliance.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.