Financial Services Security & Compliance News

CLEARWATER, FL (December 17, 2015) — Security Compliance Associates (SCA) is pleased to announce that the company has recently been awarded as the primary vendor to assist in the completion of IT examinations for credit unions regulated by the Washington State Department of Financial Institutions, Division of Credit Unions. Examinations will be performed from November 2015 through June […]


On Tuesday, September 29, SCA’s President and CEO, Jim Brahm, and San Diego County Credit Union Senior Vice President, Leo Maduzi, delivered a presentation on cybersecurity to the attendees of the 2015 CUNA Technology Council conference in Orlando, FL. For CUNA coverage on the presentation, please visit:


Third-Party Risks Require More Due Diligence In April, the New York State Department of Financial Services issued a report about significant third-party and vendor management risks that numerous banks throughout the state were failing to address (see Banks’ Vendor Monitoring Comes Up Short). See Also: Dispelling the Myths of Malware Attacks Now, just one month […]


Banking Malware Taps Macros

by admin on May 1, 2015

Attackers Use Cloud Services, Trickery to Evade Defenses Macro viruses are back. See Also: Insider Threat: Mitigating the Risk Security firms report a sharp rise in the quantity of attacks that use macro code – designed to automate tasks – to trigger malware downloads, often for the purpose of stealing people’s online banking credentials. “Just […]


Audit: FDIC Must Boost InfoSec Scrutiny

by admin on April 13, 2015

Report Calls for Less Reliance on Banks’ Security Statements The Federal Deposit Insurance Corp. needs to improve the way it determines that banks are taking adequate steps to defend against cyber-attacks, a report from the FDIC inspector general office says. See Also: Malware & Spear Phishing: How to Defend the Enterprise The report, the FDIC’s […]


FFIEC Issues Malware, Attack Alerts

by admin on April 1, 2015

Regulators Detail Destructive Malware, Cyber-Attack Threats The Federal Financial Institutions Examination Council warns U.S. financial institutions that they’re at increased risk from attacks that are designed to steal online credentials – for the purpose of committing fraud or disrupting business – as well as from destructive malware attacks that are designed to wipe all data […]


PCI Issues Penetration Test Guidance

by admin on March 30, 2015

Experts Debate Whether Advice Goes Far Enough New guidance from the PCI Security Standards Council specifies how businesses should use penetration testing to identify network vulnerabilities that could be exploited for malicious activity. See Also: Secure E-Banking: Consumer-Friendly Strong Authentication But while one payments security expert says the guidance could help ensure ongoing compliance with […]


FFIEC to Prepare New Cyber-Risk Policy

by admin on March 19, 2015

Regulators Reveal More Cybersecurity Initiatives The Federal Financial Institutions Examination Council plans to take several additional steps to help banking institutions enhance their cybersecurity risk preparedness. (See Also: Cloud Infrastructure: Same Security Needs, Dynamic New Environment) On March 17, the FFIEC revealed plans to update and supplement various booklets in its Information Technology Examination Handbook […]


FFIEC Issues Cyber-Resilience Guidance

by admin on February 9, 2015

Regulators Outline Cyberthreats to Business Continuity New business continuity guidelines from the Federal Financial Institutions Examination Council paint a more detailed picture of the cybersecurity initiatives banks and credit unions will be asked about during upcoming examinations. See Also: Solving the Mobile Security Challenge These new guidelines are likely the result of the FFEIC’s cybersecurity […]


FDIC: What to Expect in New Guidance

by admin on November 21, 2014

Regulators Will Address Specific Cyberthreats When the Federal Financial Institutions Examination Council releases new cybersecurity guidance, it will address specific types of cyber-attacks and threats, according to examination specialists from the Federal Deposit Insurance Corp., one of the FFIEC’s regulatory agencies. During a Nov. 20 community banking advisory committee meeting, members of the FDIC’s Division […]