The Business Forum

"It is impossible for ideas to compete in the marketplace if no forum for
  their presentation is provided or available."           Thomas Mann, 1896

The Business Forum Journal


 Regulatory Issues for 2010

 

By Sheldon Bachus

 

Cloud Computing - When it comes to Risk there is no silver lining.

Cloud computing poses some serious risks for the financial services industry, community banks, and just about any IT user who has outsourced customer data.  There are several issues involved here.

First, there is a question of trust.  Given the competitive world of outsourced IT, are you sure your vendors have not tried to cut costs by shipping your confidential customer data out to the Internet cloud for vitualized 3rd party processing?

This is exactly one of the reasons why we have the Gramm-Leach-Bliley Act (GLBA) - to know what your vendor is doing with your proprietary corporate data.  And, it's also why GLBA due diligence guidelines require you to maintain and review current vendor SAS-70 reports. But there's a catch here...

  • The Problem.  Most likely your vendor SAS-70 reports will be of little value because regulators and auditors have yet to formalize controls over cloud computing or SaaS IT Services.
     

  • The Solution.  You can begin by requiring that your mission-critical IT service providers sign an agreement stipulating that your confidential corporate and customer information will not be subject to cloud computing solutions - especially where 3rd party vendors are engaged.  Additionally, be sure that this policy is part of your formal IT policies and procedures.

Examiners begin 2010 Red Flag Campaign

Indications are that in 2010 financial institutions and other creditors will face increasingly stringent reviews of so-called "red flag" controls over customer identity theft.

Financial institutions can expect examiners to mount a two-front regulatory campaign focusing on (1) risk management practices and (2) compliance procedures.

Examiners assigned to risk management practices will be testing that a formal Identity Theft Prevention Program is in place.  The Program should be designed to detect, prevent, and mitigate identity theft consistent with regulatory guidelines (12 CFR 334).

Regulatory efforts directed toward red flag compliance procedures will focus on controls over customer address discrepancies, and procedures controlling address changes.  Although initially examinations will target "reactive" red flag procedures, future reviews will more likely test for more "proactive" controls - e.g., software to cross-check customer master and credit billing addresses.

Sheldon Bachus is the Principal of Enfra-Tech - an IT consulting firm based in San Francisco, California.  Enfra-Tech specializes in regulatory matters and risk management, computer modeling and simulation, and environmental technology integration.  Sheldon has had almost a decade of service with the United Nations – with postings in Myanmar (Burma), in Ghana, the Bahamas, Mauritania and Western Samoa.  While with the United Nations in Ghana, Sheldon developed a hydrological database and complementary reservoir modeling system supporting the management of Volta Lake, West Africa's largest hydro-electric facility. Today Enfra-Tech focuses computer technology on environmental issues and concerns.  More recently, Sheldon has worked with California Trout, Inc. on a multi-year project that has modeled the optimization of Lake Pillsbury flow releases as a pre-requisite to the maintenance of natural flow conditions on Eel River.  

Visit the Authors Web Site

http://www.enfratech.net

Return to


The Business Forum Journal

Search Our Site

Search the ENTIRE Business Forum site. Search includes the Business
Forum Library, The Business Forum Journal and the Calendar Pages.

Editorial PolicyNothing you read in The Business Forum Journal should ever be construed to be the opinion of, statements condoned by, or advice from, The Business Forum, its staff, workers, officers, members, directors, sponsors or shareholders. We pass no opinion whatsoever on the content of what we publish, nor do we accept any responsibility for the claims, or any of the statements made, within anything published herein.  We merely aim to provide an academic forum and an information sourcing vehicle for the benefit of the business and the academic communities of the Pacific States of America and the World.  Therefore, readers must always determine for themselves where the statistics, comments, statements and advice that are published herein are gained from and act, or not act, upon such entirely and always at their own risk.  We accept absolutely no liability whatsoever, nor take any responsibility for what anyone does, or does not do, based upon what is published herein, or information gained through the use of links to other web sites included herein. Please refer to our: legal disclaimer
 


Home    Calendar    The Business Forum Journal    Features
Concept     History     Library    Formats    Guest Testimonials
 Client Testimonials      Search      News Wire     Why Sponsor
Tell-A-Friend     Join    Experts   Contact The Business Forum


 

 

The Business Forum


 Beverly Hills, California United States of America

Email:  john@bizforum.org

Graphics by DawsonDesign

Webmaster:  bruceclay.com
 

© Copyright The Business Forum Institute 1982 - 2012  All rights reserved.