Mark: Hello, everyone. This is Mark Stetler, CEO of CRINDATA. I’m with our fearless leader, Jim Freis, chairman of CRINDATA. We are going to discuss today… Read More »Third Party Risk Management and Cybersecurity for Banks—Interview with Jim Freis
On May 20, 2022 the Federal Deposit Insurance Corporation published the 2022 Risk Review, the FDIC’s comprehensive summary of emerging risks in the U.S. banking system as observed over the past year.
We write in support of the purpose and the direction of, while also providing specific comments and further recommendations with respect to, the abovementioned Proposed rule to require (i) current reporting about material cybersecurity incidents, as well as updates; and (ii) disclosures about risk management, strategy, and governance as related to cybersecurity, as published in 87 Federal Register 16,590, dated March 23, 2022 (the “Proposed Disclosure Rules”) by the Securities and Exchange Commission, for which comments are requested by May 9, 2022.
We write in support of the purpose and the direction of, while also providing specific comments and further recommendations with respect to, the abovementioned Proposed rulemakings (i) to require registered investment advisers and investment companies to adopt and implement written cybersecurity policies and procedures reasonably designed to address cybersecurity risks; and (ii) report significant cybersecurity incidents affecting the adviser; and other requirements, as published in 87 Federal Register 13,524, dated March 9, 2022 (the “Proposed Rules”) by the Securities and Exchange Commission, for which comments are requested by April 11, 2022.
We write in support of the purpose and the direction of, while also providing specific comments and further recommendations with respect to, the abovementioned Proposed… Read More »Jim Freis comments on proposed SEC incident and cybersecurity reporting requirements
Jim Freis of CRINDATA talks about whether or not financial institutions will likely be required to give notice to their regulators of qualifying events like… Read More »How Likely is it That Financial Institutions Will Be Required to Give Notice to Their Regulators of a Qualifying Event?
In December, we discussed OCC, Fed, and FDIC’s Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers, and we promised a more detailed analysis of our views on the new regulation, which requires compliance by May 1, 2022. In this post we go into more detail.
In this post we discuss the important takeaways and questions/answers on the Incident Notification Regulations (INRs).
Jim Freis talks about chain risk and the subcontractor, sub-outsourcing relationship, and how understanding this chain is essential to proper regulatory due diligence. It’s understandable… Read More »What Does Chain Risk Mean to You, and Why is It Important?
Jim Freis talks about the difference between a one-to-one and a one-to-many relationship model for financial institutions and their service providers in regards to regulatory… Read More »How Does a One-to-Many Relationship Model Help Financial Institutions and Service Providers?
