Learn More - Click Here!

Page 1 of 2 1 2
New Reply Thread Options
#1515732 - 03/01/11 11:21 AM Time Away From Bank - Five Consecutive Days
Anonymous
Unregistered

How do you enforce this, when in fact a good number of employees have access to the bank's systems and records through bank-owned computers (laptops), blackberrys (e-mail) that are transportable?

I think our risk management department has caved-in as most who have the ability to access bank data via mobile devices think it is an entitlement.

Return to Top Reply Quote Quick Reply Quick Quote
#1515763 - 03/01/11 02:09 PM Re: Time Away From Bank - Five Consecutive Days [Re: Anonymous]
edAudit Offline
Power Poster
edAudit
Joined: Jul 2008
Posts: 4,548
You are here
Delete system entitlements for all bank systems and e-mail.
_________________________
Opinions can be considered as coming from anywhere but my employer.

CAMS


Return to Top Reply Quote Quick Reply Quick Quote
#1515834 - 03/01/11 04:12 PM Re: Time Away From Bank - Five Consecutive Days [Re: edAudit]
Anonymous
Unregistered

EdAudit,

Is this what you do at your organization or is it a best practice?

Return to Top Reply Quote Quick Reply Quick Quote
#1515949 - 03/01/11 06:27 PM Re: Time Away From Bank - Five Consecutive Days [Re: Anonymous]
Anonymous
Unregistered

Our bank locks us out of the system when we are on our required time out. This will also block remote access.

Return to Top Reply Quote Quick Reply Quick Quote
#1515961 - 03/01/11 06:40 PM Re: Time Away From Bank - Five Consecutive Days [Re: Anonymous]
Anonymous
Unregistered

You bring up a good point, but honestly, we've been through many exams lately, both State and Federal, and it's never mentioned. It's our "general policy" that employees should take 5 consecutive days off, but it's not easily verified. Unfortunately it won't become a big deal until someone embezzles from us.

Return to Top Reply Quote Quick Reply Quick Quote
#1516034 - 03/01/11 07:53 PM Re: Time Away From Bank - Five Consecutive Days [Re: Anonymous]
edAudit Offline
Power Poster
edAudit
Joined: Jul 2008
Posts: 4,548
You are here
Originally Posted By: Anonymous
EdAudit,

Is this what you do at your organization or is it a best practice?


I would say that it would be a best practice but my comment was a direct response to the original question "How do you enforce this, ..."

We do not have many mobile users here in a prior bank it was strictly enforced and audited.
_________________________
Opinions can be considered as coming from anywhere but my employer.

CAMS


Return to Top Reply Quote Quick Reply Quick Quote
#1516099 - 03/01/11 08:46 PM Re: Time Away From Bank - Five Consecutive Days [Re: edAudit]
Anonymous
Unregistered

Just completed an exam. Our policy says "strongly encourage employees to take 5 consecutive days off". Examiner in charge said we MUST change our policy to state it is required. She specifically said if anyone has remote access it MUST be disabled during the consecutive days.

Return to Top Reply Quote Quick Reply Quick Quote
#1516104 - 03/01/11 08:53 PM Re: Time Away From Bank - Five Consecutive Days [Re: Anonymous]
Dazed Auditor Offline
Platinum Poster
Dazed Auditor
Joined: Apr 2005
Posts: 637
Acceptance, USA America
Is this issue coming back? Years ago examiners 'required' this. Then it went away. My last employer only required this for certain positions. I am not sure if it is required where I work now.
_________________________
I overstand.

Return to Top Reply Quote Quick Reply Quick Quote
#1516124 - 03/01/11 09:21 PM Re: Time Away From Bank - Five Consecutive Days [Re: Dazed Auditor]
Anonymous
Unregistered

Anon from post #1516099 here again. Yes, this issue went away for years. Our bank's compliance officer has been doing this 30 years and she says every 10 years or so this issue rears its ugly head. The whole thing is ridiculous. This came up in our IT exam for heaven's sake. So we got dinged on the policy not saying "required" and for not documenting exceptions. Except that we didn't HAVE ANY EXCEPTIONS! We went round and round on this one and even requested that this EIC call her supervisor, which she did. It still landed on our report.

Return to Top Reply Quote Quick Reply Quick Quote
#1516173 - 03/01/11 11:19 PM Re: Time Away From Bank - Five Consecutive Days [Re: Anonymous]
califgirl Offline
Diamond Poster
califgirl
Joined: Mar 2002
Posts: 2,355
The O.C., California
Originally Posted By: Anonymous
Anon from post #1516099 here again. Yes, this issue went away for years. Our bank's compliance officer has been doing this 30 years and she says every 10 years or so this issue rears its ugly head. The whole thing is ridiculous. This came up in our IT exam for heaven's sake. So we got dinged on the policy not saying "required" and for not documenting exceptions. Except that we didn't HAVE ANY EXCEPTIONS! We went round and round on this one and even requested that this EIC call her supervisor, which she did. It still landed on our report.


Are you an OCC regulated bank in SoCal, by any chance? I think I know who that examiner is. eek
_________________________
I can explain it to you. I can't understand it for you.

Return to Top Reply Quote Quick Reply Quick Quote
#1516175 - 03/01/11 11:32 PM Re: Time Away From Bank - Five Consecutive Days [Re: califgirl]
Anonymous
Unregistered

Don't feel bad, our examiners want us to have TWO WEEKS out!

Return to Top Reply Quote Quick Reply Quick Quote
#1516186 - 03/02/11 02:37 AM Re: Time Away From Bank - Five Consecutive Days [Re: Anonymous]
rlcarey Online
10K Club
rlcarey
Joined: Jul 2001
Posts: 73,292
Galveston, TX
I'm not really sure what the problem is from a risk management standpoint. Why would a bank even want fight this and not have it as a standard control?????
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top Reply Quote Quick Reply Quick Quote
#1516406 - 03/02/11 05:24 PM Re: Time Away From Bank - Five Consecutive Days [Re: rlcarey]
this is it Offline
Member
Joined: Jun 2006
Posts: 92
Can anyone cite the reg where the # of days out is required? I thought that it was just a best practice

Return to Top Reply Quote Quick Reply Quick Quote
#1516408 - 03/02/11 05:26 PM Re: Time Away From Bank - Five Consecutive Days [Re: this is it]
Kathleen O. Blanchard Offline

10K Club
Kathleen O. Blanchard
Joined: Dec 2000
Posts: 21,277
FDIC:

http://www.fdic.gov/regulations/safety/manual/section4-2.html

If you do not require vacation/time out of bank or rotate staff, your risk assessment should explain what your other mitigating controls are.
_________________________
Kathleen O. Blanchard, CRCM "Kaybee"
HMDA/CRA Training/Consulting/Mapping
The HMDA Academy
www.kaybeescomplianceinsights.com

Return to Top Reply Quote Quick Reply Quick Quote
#1516411 - 03/02/11 05:30 PM Re: Time Away From Bank - Five Consecutive Days [Re: Kathleen O. Blanchard]
Kathleen O. Blanchard Offline

10K Club
Kathleen O. Blanchard
Joined: Dec 2000
Posts: 21,277
OCC - search on vacation. It is always an internal control issue.

http://www.occ.gov/static/publications/handbook/intcntrl2.pdf
_________________________
Kathleen O. Blanchard, CRCM "Kaybee"
HMDA/CRA Training/Consulting/Mapping
The HMDA Academy
www.kaybeescomplianceinsights.com

Return to Top Reply Quote Quick Reply Quick Quote
#1516413 - 03/02/11 05:33 PM Re: Time Away From Bank - Five Consecutive Days [Re: Kathleen O. Blanchard]
Kathleen O. Blanchard Offline

10K Club
Kathleen O. Blanchard
Joined: Dec 2000
Posts: 21,277
_________________________
Kathleen O. Blanchard, CRCM "Kaybee"
HMDA/CRA Training/Consulting/Mapping
The HMDA Academy
www.kaybeescomplianceinsights.com

Return to Top Reply Quote Quick Reply Quick Quote
#1627971 - 11/14/11 04:00 PM Re: Time Away From Bank - Five Consecutive Days [Re: Kathleen O. Blanchard]
happyauditor Offline
Platinum Poster
happyauditor
Joined: Nov 2004
Posts: 802
NY
Does it state anywhere from the OCC that remote access should be disabled during the mandatory vacation period. I only see it mentioned in the FRB transmittal letter. It makes total sense that it should be disbabled.
_________________________
* My opinion is not necessarily that of my employer.

Return to Top Reply Quote Quick Reply Quick Quote
#1627989 - 11/14/11 04:15 PM Re: Time Away From Bank - Five Consecutive Days [Re: happyauditor]
Kathleen O. Blanchard Offline

10K Club
Kathleen O. Blanchard
Joined: Dec 2000
Posts: 21,277
The OCC expects you to cover your risks, but does not tell you how to do so. They expect "Adequate procedures to safeguard and manage assets".

And the handbooks are now here:

http://www.occ.gov/publications/publicat...s-handbook.html
_________________________
Kathleen O. Blanchard, CRCM "Kaybee"
HMDA/CRA Training/Consulting/Mapping
The HMDA Academy
www.kaybeescomplianceinsights.com

Return to Top Reply Quote Quick Reply Quick Quote
#1627992 - 11/14/11 04:18 PM Re: Time Away From Bank - Five Consecutive Days [Re: happyauditor]
Rocky P Offline
Power Poster
Joined: Jun 2003
Posts: 7,029
Florida
My first job, the comptroller was a fixture at his desk. FDIC told president to make him take 2 consecutive weeks off (before cell phone and remote access).

When his assistant was cleaning his desk, she noticed a letter from the state increasing doc stamps from $.10 to $.15 per hundred effective March 1st. This was discovered the end of November. It took 2 people a week to track down every note and physically put doc stamps on each one.

Yes, it is important.
_________________________
Integrity. With it, nothing else matters. Without it, nothing else matters.

Return to Top Reply Quote Quick Reply Quick Quote
#1909340 - 03/27/14 06:19 PM Re: Time Away From Bank - Five Consecutive Days [Re: Anonymous]
Anonymous
Unregistered

Originally Posted By: Anonymous
How do you enforce this, when in fact a good number of employees have access to the bank's systems and records through bank-owned computers (laptops), blackberrys (e-mail) that are transportable?

I think our risk management department has caved-in as most who have the ability to access bank data via mobile devices think it is an entitlement.


Original Anon here - Just an update - It is now 3 years later and management now feels this is a risk. I believe the regulators pushed their buttons.

Return to Top Reply Quote Quick Reply Quick Quote
#1909466 - 03/27/14 08:40 PM Re: Time Away From Bank - Five Consecutive Days [Re: Anonymous]
happyauditor Offline
Platinum Poster
happyauditor
Joined: Nov 2004
Posts: 802
NY
Original anon, what regulatory agency, if I may ask?
_________________________
* My opinion is not necessarily that of my employer.

Return to Top Reply Quote Quick Reply Quick Quote
#1909498 - 03/27/14 09:44 PM Re: Time Away From Bank - Five Consecutive Days [Re: Anonymous]
Rocky P Offline
Power Poster
Joined: Jun 2003
Posts: 7,029
Florida
HA, they may not answer - the post was over 3 years ago
_________________________
Integrity. With it, nothing else matters. Without it, nothing else matters.

Return to Top Reply Quote Quick Reply Quick Quote
#1909544 - 03/28/14 12:35 PM Re: Time Away From Bank - Five Consecutive Days [Re: Anonymous]
happyauditor Offline
Platinum Poster
happyauditor
Joined: Nov 2004
Posts: 802
NY
The original anon posted yesterday.
_________________________
* My opinion is not necessarily that of my employer.

Return to Top Reply Quote Quick Reply Quick Quote
#1909555 - 03/28/14 01:23 PM Re: Time Away From Bank - Five Consecutive Days [Re: happyauditor]
Rocky P Offline
Power Poster
Joined: Jun 2003
Posts: 7,029
Florida
ooooops - the speed reading course did not work sorry

Return to Top Reply Quote Quick Reply Quick Quote
#1909581 - 03/28/14 02:03 PM Re: Time Away From Bank - Five Consecutive Days [Re: happyauditor]
Anonymous
Unregistered

Originally Posted By: happyauditor
Original anon, what regulatory agency, if I may ask?


FDIC

The Directors of Risk Management and Human Resources finally put on their BIG BOY PANTIES however claim this action is a product of their partnership and collective expertise. shocked

The guidance was actually a result of the information technology examination.

Just as poster rcleary said 3 years ago, the emphasis is when employees take their 5 consecutive days away from the bank to disable permissions for VPN service access, smart phone access and facilities access. What is so difficult about that and why should there be push back from risk managment?

Of course there will need to be a collaborative effort between the employee’s management, human resources, facilities management and network services in order to make this work.

Return to Top Reply Quote Quick Reply Quick Quote
Page 1 of 2 1 2
Quick Reply:
HTML is disabled
UBBCode is enabled




Moderated by:  MagicCity, P*Q, Truffle Royale