Articles & Press Releases OTS Updates Director's Responsibility Guide 10-13-06 Regulation: Guidance Regulatory Body: Office of Thrift Supervision (OTS) Regulation Topic: Disaster Recovery / Business Continuity, Information Security, Risk Management The Office of Thrift Supervision (OTS) is issuing updated versions of the Directors’ Responsibility Guide and the Directors’ Guide to Management Reports to highlight our supervisory expectation for a strong, consistent approach towards sound corporate governance practices, as well as the importance of strong, independent boards of directors. The updated Director’s Guide adds a new section on statutory and regulatory responsibility and clarifies the issue of blurred lines of responsibility between the board and management. We have also added a chart on the applicability of selected Sarbanes-Oxley requirements. The streamlined, restructured Guide to Management Reports consolidates some existing reports and adds additional red flags to monitor internal controls and financial performance. Of particular interest to our audience are the following sections: Payment Systems Risk Authority: 12 CFR Section 210.25 Directors must control the risks of participation in the systems by establishing caps and reviewing policy compliance. Annual Independent Audits and Reporting Requirements Authority: 12 CFR Part 363 If the association has total assets of $500 million or more, the board must establish and independent audit committee. BSA Compliance Authority: 12 CFR Section 563.177(b) The board of directors must approve the BSA compliance program that establishes and maintains procedures reasonably designed to assure and monitor compliance with BSA requirements. Written Security Program Authority: 12 CFR Part 568 The board must ensure that the association has a written security program for the main and branch offices. The board must designate a security officer to report at least annually on the implementation, administration, and effectiveness of the security program. Safety and Soundness Standards Directors and senior management must ensure that the association has a system of internal controls that operate effectively as well as an internal audit function that is appropriate to its size, nature, and scope of activities. Standards for Safeguarding Customer Information Authority: 12 CFR Part 570, Appendix B The board must approve the association's written information security program and oversee the program's development, implementation, and maintenance. Supervisory Policy Statement on Investment Securities and End-User Derivatives Activity Authority: Interagency Policy Statement Directors must approve major policies for conducting investment activities including the establishment of risk limits. Internal Audit Function and its Outsourcing Authority: TB 81 3/17/03 The board and senior management are responsible for having an effective system of internal control and an effective internal audit function in place at their institution. Third Party Arrangements Authority: TB 82a 9/01/04 Directors and management must effectively manage risks that arise from all types of third party arrangements. Business Continuity Planning Authority: CEO Memo Number 176, 6/10/03 Directors and senior management must establish policies and procedures to ensure that comprehensive corporate business resumption, contingency planning, and testing takes place. |
 |
© 1995-2010BAI Security Inc. All Rights Reserved. Privacy Policy | Sitemap