As part of TRUE’s managed compliance services, our team can help you meet, maintain, and demonstrate FDIC compliance, providing support ahead of and throughout your InTREx examination.
“Financial institutions depend on [Information Technology] to deliver services. Disruption, degradation, or unauthorized alteration of information and systems can affect the financial condition, core processes, and risk profile of an institution. Further, because of the increasing volume and sophistication of cyber threats, it is imperative that financial institutions and their critical third-party service providers maintain diligence in identifying, assessing, and mitigating cybersecurity risks.” (Banker Resource Center, FDIC.gov)
FDIC’s Information Technology Risk Examination (InTREx) Program
Evaluating your IT environment for risks and vulnerabilities that can leave you open to attack is an essential part of any financial institution’s information protection procedures. By nature, risk is not a static value, however, as IT environments constantly change every time you add or remove users, update information, upgrade or improve technology, and so on. Therefore, risk evaluation is an ongoing process that involves periodic, point-in-time assessments to identify your areas of risk.
What to Expect from TRUE’s FDIC Audit Support
Using guidance provided in the Federal Financial Institutions Examination Council (FFIEC) Information Technology (IT) Examination Handbook, TRUE’s Risk Advisory team will identify your current risks, and evaluate the effectiveness of your risk mitigation strategies around each. Our report will provide you with a list of any identified gaps, as well as recommended strategies to address them.
90 Days Ahead of Your Audit:
When you are fully prepared for your examination, the TRUE Risk Advisory team will assist you with completing the Information Technology Profile (ITP), an FDIC questionnaire designed to provide an overview of your existing environment. This document allows FDIC-approved examiners to scope your upcoming assessment and assign their resources accordingly.
Using your ITP and other available documentation (such as previous audit reports, changes or updates to your environment, etc.), your examiner-in-charge will design your upcoming audit to assess environment-specific risks and their corresponding security controls. Using TRUE for your audit preparation process allows you to be fully prepared for this examination, with documentation on-hand and
At Least 45 Days Ahead of Your Audit:
You will receive an IT Request Letter through FDIConnect. This is essentially a more focused questionnaire that is based on your IT profile that will need to be completed and resubmitted within the requested timeframe. This step allows your examiner-in-charge to obtain as much additional information as possible before your audit date, minimizing the amount of time they will need to spend interviewing and gathering documentation from your team on-site.
During Your FDIC Audit:
TRUE’s Risk Advisory team will assist with the audit process, providing documentation to the FDIC’s assigned examiner and answering questions on your behalf. When engaged in an ongoing, managed compliance capacity with your team, we will be engaged alongside you throughout the process. In the event of additional questioning, having an information security professional as part of your team can be key to a successful examination.
Topics you can expect your audit to cover:
- Policies and Procedures
- Cybersecurity Awareness Training Programs
- Access Management
- Vulnerability Management
- Destructive Malware, Spyware, and Ransomware Prevention
- Pharming Attack Prevention
- Phishing Prevention
- VOIP Security Strategies
- Credential Theft Prevention
- Email Security
- Fraud Prevention
- Wireless and Wireless Customer Access Security
- Domain Name Protection
- Client/Server Environment Security
- Identity Theft Protection
- Third Party Risk Management (Supply Chain Attack Prevention)
- Payment Security
- Remote Deposit Capture Risk Management
- ATM and Card Authorization Security
- Disaster Recovery and Business Continuity Plans
- Incident Response Plans
Contact Us Today!
Let us know your business needs and we will make sure to get back with you promptly!