Answer:
There are no federal regulatory requirements regarding this. This would be considered part of your internal control system, and would most likely be evaluated by your internal and external auditors in conjunction with assessed levels of risk, and other mitigating controls.
First published on BankersOnline.com 2/20/06