Authorities on Risk Assurance

The Shared Assessments Blog

Viewing Category: Compliance

Setting a New Benchmark – New York State Cybersecurity Requirements

Published on April 17, 2017 By | Posted in: Best Practices, Business Resiliency, Compliance, Education, Framework, Newsletter, Outsourcing, Risk Management, Third Party Risk Management, Vendor Risk Managment

For financial services companies that fall under the New York State Department of Financial Services (DFS) cybersecurity requirements rule, the timeline for implementing 23 NYCRR500 has begun. The new rule became effective March 1st. Each section of the rule has a timeline relating to the development of cybersecurity programs for all “Covered Entities.” The regulation […]

Responsible Innovation The Key to Successful Growth for Banks

Published on June 9, 2016 By | Posted in: Banking, Compliance, Fintech, OCC, OCC Framework

The Office of Comptroller of the Currency (OCC) initiated a working group in 2015 to begin to assess the evolution of technology and innovation in financial services, resulting in publication of a white paper at end of Q1, and requested industry comments on strategic questions. The dialog will continue later this month, at an OCC […]

Will anticipatory compliance be the next best practice?

Published on February 16, 2016 By | Posted in: Blog, Compliance, Huffington Post, Third Party Oversight, Third Party Risk, Vendor Risk, Vendor Risk Managment

I was recently invited to speak on a panel regarding third party risk strategies for the Securities Industry and Financial Markets Association’s (SIFMA) Internal Auditors Society. While there, I had the opportunity to meet and hear from two individuals who are well known and respected in their related fields: former US Attorney General John Ashcroft […]

Compliance Program Presents That Keep On Giving in 2016

Published on December 15, 2015 By | Posted in: Blog, Compliance, Privacy

In my house, the boys are getting excited anticipating the presents that are going to be under the Christmas tree. My figurative presents under the tree are some thoughts from the 2015 Privacy. Security. Risk. (P.S.R.) conference presented by the International Association of Privacy Professionals (IAPP) and the Cloud Security Alliance (CSA). When you open […]

It’s Not Just a Check The Box Exercise: Building a Culture of Compliance

Published on October 13, 2015 By | Posted in: Compliance, Payments, Risk

Last week I outlined ideas on implementing appropriate best practices in structuring effective compliance programs. Leveraging program management disciplines can streamline the logistics of compliance management. However, process alone is not sufficient without the right “tone at the top” to focus an organization’s efforts. Senior leadership within an organization is accountable for managing risk and […]

Back to School Basics: Best Practices for Compliance Program Management

Published on October 7, 2015 By | Posted in: Compliance, Risk Management

School is back in session, fall has begun, and we are approaching the start of Q4. Organizations of all sizes are finishing their financial plans for 2016 and likely conducting end of year internal fall housekeeping on projects and initiatives. This is a great time to dust off the approach to managing compliance with a […]

Social Media Should Require a Compliance Warning

Published on April 2, 2015 By | Posted in: Compliance, Privacy, Risk Management, Third Party Risk

The usage of social media has shifted with customer adoption. The growth of applications and consumers joining the social media bandwagon has influenced how consumers leverage technology; interact with friends, family and coworkers, and purchase with brands they trust. Pew Research Center estimated in 2014 that 73 percent of Americans over age 18 use social […]

Rightsizing Tiered Approaches for Risk & Compliance

Published on February 20, 2015 By | Posted in: Compliance, Risk

Last week was an active week of discussion on issues facing financial services companies. I presented at the 40th annual Roundtable for ISACA’s MN Chapter on The Next Generation of Third-Party Risk Management and attended Deluxe Exchange 2015, where an engaging keynote speech by Sheila Bair, former chair of the FDIC highlighted critical issues facing […]

Heightened Expectations Raise the Bar for All

Published on December 12, 2014 By | Posted in: Compliance, Cybersecurity, Guidance, OCC, Regulatory Compliance, Risk, Risk Management

The Office of the Comptroller of the Currency (OCC) published final guidelines that establish minimum standards for risk governance frameworks for OCC regulated institutions with over $50 billion in assets. While that asset threshold would seem to specifically exclude most community banks, the OCC has reserved the right to apply the guidelines to other organizations […]

How to Respond to the Regulation Avalanche

Published on September 8, 2014 By | Posted in: Compliance, Regulations, Regulatory Compliance, Risk

As follow up to my previous blog on how the avalanche of regulation can stifle innovation in banks and credit unions, I wanted to share some ideas to start the discussion on organizational steps that you can take to enhance the risk and compliance culture. Maturing the processes internally, requires education – and while that […]

Shared Assessments Licensee ZS logo
Shared Assessments Logo yodlee
Shared Assessments Logo radian
Shared Assessments Licensee TD Ameritrade
Shared Assessments Logo usbank
Shared Assessments Logo Iron Mountain
Shared Assessments Logo Deloitte
Shared Assessments Logo dtcc
Shared Assessments Logo sei
Shared Assessments Licensee Pivot Point Security
Shared Assessments Licensee Protiviti
Shared Assessments Logo pwc
Shared Assessments Licensee Power Advocate
Shared Assessments Logo Bank Of New York Mellon
Shared Assessments Licensee-Copytalk
Shared Assessments Licensee ControlCase
Shared Assessments Logo Deluxe Corp
Shared Assessments Licensee Lockpath
Shared Assessments Licensee ctg
Shared Assessments Licensee Identity Theft 911
Shared Assessments Licensee Bank of the West
intralinks-logo
Viewpoint Logo
MetricStream logo
Shared Assessments Logo Ernst & Young
Shared Assessments Logo first data
Shared Assessments Licensee Rsam
Shared Assessments Program licensee Churchill & Harriman logo