Skip to content

How to add predictive analytics into your risk program. Risk reports are often limited to historical insights and issues and do not provide guidance and insights into the future of the organization. Adding predictive analytics can allow your organization to detect emerging risks and create mitigation plans. This can be achieved by combining internal and external key risk indicators (KRIs) and key performance indicators (KPIs) with regulatory intelligence. This ensures that risk reports can detect more issues and highlight areas of concern. Click here to learn more.

Top Story Technology Related


Treasury and IRS plan to modernize business operations

A six-year plan to modernize IRS business operations has been released by Treasury and the IRS. The plan is organized around the following four “Modernization Pillars” critical to the IRS’s mission and future development:

  • Taxpayer Experience
  • Core Taxpayer Services and Enforcement
  • Modernized IRS Operation
  • Cybersecurity and Data Protection


OFAC tech notice on sanctions lists data files

OFAC has posted a technical notice for users of its sanctions lists data files. On or about May 16, 2019, OFAC will be expanding the "Program" field found in OFAC’s legacy data files (DEL, PIP, FF, and CSV formats) from 50 to 200 characters. Updated data specification files for both the SDN and Consolidated Lists will also be published on May 16 as part of the update.


OCC schedules Pittsburgh workshops

The OCC will host two workshops at the Hotel Indigo Pittsburgh East Liberty in Pittsburgh, May 21-22, for directors of national community banks and federal savings associations supervised by the OCC.

  • The Risk Governance: Improving Director Effectiveness workshop on May 21 provides practical information for directors to effectively measure and manage risks. The workshop also focuses on the OCC’s approach to risk-based supervision and major risks in the financial industry.
  • The Credit Risk: Directors Can Make a Difference workshop on May 22 focuses on credit risk within the loan portfolio and techniques for managing them, such as identifying trends and recognizing problems. The workshop also covers the roles of the board and management, how to stay informed of changes in credit risk, and how to effect change.
      Each workshop is limited to 35 registrants.


NCUA announces funding opportunity for LICUs

The NCUA has published [84 FR 14976, 4/12/2019] a Notice of Funding Opportunity to announce the availability of technical assistance grants for low-income designated credit unions through the Community Development Revolving Loan Fund grant program. The grant program serves as a source of financial support in the form of awards that better enable LICUs to support the communities in which they operate. All grant awards made under the program are subject to funds availability and are at the NCUA's discretion.


FDIC reminder on tech service provider contracts

Yesterday, the FDIC issued FIL-19-2019 to share examiner observations about gaps in financial institutions' contracts with technology service providers that may require financial institutions to take additional steps to manage their own business continuity and incident response. The FIL reminded agency-supervised financial institutions that:

  • Their boards of directors and senior management are responsible for managing risks related to relationships with technology service providers.
  • Effective contracts are an important risk management tool for overseeing technology service provider risks, including business continuity and incident response.
  • Recent FDIC examination findings noted that some financial institution contracts with technology service providers lack sufficient detail regarding the contract parties' respective rights and responsibilities for business continuity and incident response.
  • When contracts do not adequately address such risks, financial institutions remain responsible for assessing those risks and implementing appropriate mitigating controls.
  • Financial institutions have a responsibility under Section 7 of the Bank Service Company Act to notify their FDIC regional office of contracts or relationships with technology service providers that provide certain services to the institution.

FDIC examiners have noted that some contracts do not require the service provider to maintain a business continuity plan, establish recovery standards, or define contractual remedies if the technology service provider misses a recovery standard. Other contracts did not sufficiently detail the technology service provider's security incident responsibilities such as notifying the financial institution, regulators, or law enforcement. Also, some contracts do not clearly define key terms used in contractual provisions relating to business continuity and incident response. Undefined and unclear key contract terms could contribute to ambiguity in financial institution rights and service provider responsibilities, and could increase the risk that technology service provider business disruptions or security incidents will impair financial institution operations or compromise customer information.

The FIL included links to several resources that institutions can use to guide them in managing their technology service provider agreements.


Fintech Conference to be co-hosted by FDIC

The FDIC and Duke University's Fuqua School of Business and Innovation and Entrepreneurship Initiative will co-host "Fintech and the Future of Banking," their first financial technology and research conference, on Wednesday, April 24, 2019.

FDIC Chairman Jelena McWilliams and Treasury Secretary Steven Mnuchin will open the conference with a conversation about the role of financial technology and innovation in banking, followed by a series of discussions on regulatory innovation; data and technology in lending; the competitive landscape of 2019 and beyond; fintech funding; and financial advice and consumer decision-making.

The conference will be held from 8:00 a.m. to 6:00 p.m. EDT in the FDIC's Sheila C. Bair Auditorium, 3501 Fairfax Drive, Arlington, Virginia, 22226. Registration is required to attend. Those wishing to attend should complete the online registration by Wednesday, April 3.


Office Depot and tech support firm settle with FTC

The Federal Trade Commission has announced that Office Depot, Inc. and a California-based tech support software provider have agreed to pay a total of $35 million to settle Commission allegations that the companies tricked customers into buying millions of dollars’ worth of computer repair and technical services by deceptively claiming their software had found malware symptoms on the customers’ computers. Office Depot has agreed to pay $25 million and its software supplier,, Inc., has agreed to pay $10 million as part of their settlements with the FTC. The FTC intends to use these funds to provide refunds to consumers.

In its complaint, the FTC alleges that worked with Office Depot for nearly a decade to sell technical support services at its stores. Office Depot and used PC Health Check, a software program, as a sales tool to convince consumers to purchase tech repair services from Office Depot and OfficeMax, Inc., which merged in 2013.


OCC to hold workshops in Kansas

The OCC will host two workshops in Manhattan, Kansas, at the Four Points by Sheraton Manhattan, May 7 and 8, for directors of national community banks and federal savings associations.

  • The Compliance Risk workshop on May 7 addresses the critical elements of an effective compliance risk management program. The workshop also focuses on major compliance risks and critical regulations. Topics of discussion include the Bank Secrecy Act, Flood Disaster Protection Act, Fair Lending, Home Mortgage Disclosure Act, Community Reinvestment Act, and other compliance hot topics.
  • The Operational Risk workshop on May 8 focuses on the key components of operational risk—people, processes, and systems. The workshop also covers governance, third-party risk, vendor management, internal fraud, and cybersecurity.


Change due on MLA website

A notice has been posted on the Department of Defense MLA website that the site will be upgraded to version 4.9 on Tuesday, April 9, 2019. As a result of this upgrade, Name fields (First, Middle, and Last) will no longer accept numeric characters. Users can only enter Alphabetic characters, spaces, dashes, and apostrophes in the Name fields. This change was implemented as an additional security measure.

The notice indicates users should not experience any down time during this release.


Notice for users of OFAC’s Sanction List data files

OFAC has posted an important technical notice for users of its Sanctions List data files. It involves the methods used to access those files. We suggest you share this information with anyone in your institution or service provider whose responsibilities include access the OFAC data files.


Training View All

Penalties View All

Search Top Stories