I am hearing from colleagues at other banks that the regulators seem very focused on Vendor Management (oversight for compliance with GLBA, ID Theft, reviewing SAS70's, reviewing financial statements). We just had an external audit this month, and our auditor warned us that Vendor Management was definitely a hot button issue with the regulators recently.
Earlier in the year, I heard from everyone about being sure to have a 3-year risk-based audit plan in place for each business unit (i.e. IT, Compliance, etc.).
"Gratitude makes sense of our past, brings peace for today, and creates a vision for tomorrow." - Melody Beattie