(270) 506-5140 CONTACT US

Mic Cue FDIC: Matters Requiring Board (and your) Attention

Sep 14, 2016 by Branan Cooper

On Aug 22, 2016, the FDIC released the Summer edition of its Supervisory Insights Journal. Okay, officially, it was FDIC Financial Institution Letter 57-2016, but that’s too much of a mouthful, so I’ll just call it the "summer journal." 

Unlike the novel in your summer beach bag, this isn’t quite as entertaining, but if you’re involved with bank or credit union management, you definitely need to pay attention.  While we’re swimming in some pretty voluminous recent regulations and slogging our way through those requirements, this Summer Journal is brief but packed with lots of information.

In particular, this journal contains some indications of where the FDIC is focused – even more relevant for those of us who work in and around vendor management or serve in a senior management capacity, you should really study the Matters Requiring Board Attention.

The FDIC says "'Matters Requiring Board Attention' Underscore Evolving Risks in Banking" discusses how the Matters Requiring Board Attention (MRBA) page within the Risk Management Report of Examination is used to focus the attention of bank management and the directors on issues and recommendations that, if addressed early, will reduce the likelihood that those institutions will experience serious adverse effects in the identified areas. This article describes the MRBA categories cited most often in 2014 and 2015 and highlights trends that can provide an overview of risks that may be developing in the industry.

The Journal serves as an early indication of where exams will be focused and where the regulator believes banks and credit unions may be deficient or failing to properly appreciate the level of risk to which the institution is exposed. 

The guide speaks heavily of the need for proper oversight by the board, including in matters related to vendor management. While there are certainly numerous other items called out in the report, it is worth noting carefully that the Journal specifically mentions vendor management and the policies of the institution throughout the journal. Here’s one example:

 MRBAs in the IT area include the need for management to strengthen the Information Security Program, risk assessments, vendor management, and disaster recovery and business continuity plans. 

It appears the days of suggestions, comments or warnings are over when it comes to third party risk management. We’ve also noticed an up-trend with prospective new clients who are reaching out to us for the first time due to an MRBA or a like item from their specific regulatory body. 

Whether you are a compliance officer, board member, vendor management specialist or a risk manager, this directive requires your attention and active involvement. Too often these nuggets of information go unnoticed until it’s too late and you’re scrambling to answer a finding in your examination that could have easily been avoided with some proactive reading and preparation!

Cue the scary “Jaws” music and get to work!

Mini Vendor Management Handbook

Branan Cooper

Written by Branan Cooper

Branan Cooper is the Chief Risk Officer at Venminder. Branan has nearly 30 years of experience in the financial services industry with a focus on the management of operational and regulatory processes and controls—most notably in the area of third party risk and operational compliance. Branan leads the Venminder delivery team as the third party risk management subject matter expert in residence. Branan also serves as an industry thought leader. He's a member of InfraGard and the Professional Risk Management Industry Association (PRMIA). And, he was selected in 2018 as an advisor to the Center for Financial Professionals (CEFPro) and board member for the Global Sourcing Resource Network (GSRN).

Follow Branan Cooper

Subscribe to the Venminder Blog