Comments
Regulation: Killing Community Banks?
Newest First  |  Oldest First  |  Threaded View
BankTechAsia
50%
50%
BankTechAsia,
User Rank: Apprentice
1/28/2014 | 12:28:13 AM
re: Regulation: Killing Community Banks?
@ubm_techweb_disqus_sso_-af8da61ccde451f51f10cf37409cd754:disqus, thanks for sharing your insights. Many of the bank's CIO we've spoken to in Asia echoes your view - exorbitant compliance cost vs innovation cost is a difficult balance.

Many of the smaller financial institutions in this part of the world neglect to innovate and are still banking like it's 1980's, which makes it a major challenge for them to compete with the big boys and their big bucks.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
1/27/2014 | 12:17:06 PM
re: Regulation: Killing Community Banks?
Great insights. Thanks for sharing. Is your bank having any luck outsourcing certain processes? Are vendor solutions available that address your needs, but also meet your security and compliance requirements?
DerinBluhm
50%
50%
DerinBluhm,
User Rank: Apprentice
1/26/2014 | 4:59:37 PM
re: Regulation: Killing Community Banks?
As a community bank CIO, I found my days increasingly consumed with analyzing and addressing the impact of ongoing regulatory changes. We were continually reworking business processes to ensure compliance, updating notices, reviewing contracts, and expending resources to deploy yet another compliance update to a system or software package.

The value to the consumer was not particularly apparent, but the impact to operations was obvious. Resources that would have gone to improving customer service or working on strategic projects to grow sales were redirected to reactive activities related to compliance changes.

The reality is that smaller financial institutions don't have the money to simply add systems or staff to deal with the cascading impacts of the next change to a regulation. The economics of community banking don't support adding add another solution that isn't increasing revenue.

For smaller financial institutions, the best solution appears to be to move to outsourced solutions and integrated vendor hosted services, shifting as much effort and risk to the vendor as possible.

This approach would allow the FI to focus on sales and risk management, while ensuring they have best practices based solutions and needed specialized skill sets (through their vendor), but without adding personnel or just trying to make due with already stretched internal staff.

Further, the availability of skilled personnel in small markets is a challenge for many community banks. Outsourcing may be their only option to ensure they can meet their regulatory obligations.
KBurger
50%
50%
KBurger,
User Rank: Author
1/23/2014 | 6:56:02 PM
re: Regulation: Killing Community Banks?
Pam Perdue's comment, "Many community financial institutions continue to rely on one or two individuals and antiquated processes to manage compliance. It's become untenable for an institution to keep up with all of these changes using current methods" raises a critical point. What bank of any size in the current business & competitive (not to mention regulatory) environment thinks it can function effectively with "one or two individuals and antiquated processes" to manage any kind of function? There is absolutely no excuse for even the smallest community bank to not make some investements in automating these critical functions. Companies such as Continuity Control offer solutions specifically targeted to the needs (and budgets) of smaller FIs. Banks should be investing in these types of solutions regardless of whether or not regulation is intensifying. While I agree that much FS regulation should not be "one size fits all" and there definitely are aspects of Dodd-Frank that should be applied primarily or specifically to large banks -- I think complaining about the regulatory burden because you don't have systems to support compliance is a lame, unacceptable excuse.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
1/22/2014 | 7:20:48 PM
re: Regulation: Killing Community Banks?
Good points. As we have seen since the crisis, the big banks have only gotten bigger. And fewer, larger banks are more dangerous and risky than many smaller banks, as we know. It will be interesting to see how this all shakes out over the next couple of years when it comes to the smaller financial firms.
Byurcan
50%
50%
Byurcan,
User Rank: Author
1/21/2014 | 2:30:44 PM
re: Regulation: Killing Community Banks?
Thanks for the comment, glad you liked it! I believe some of the regulatory burden on smaller banks will be lifted in the coming years, as regulators realize that small-mid sized banks weren't the ones who largely contributed to the financial crisis.
BankTechAsia
50%
50%
BankTechAsia,
User Rank: Apprentice
1/21/2014 | 9:34:17 AM
re: Regulation: Killing Community Banks?
Excellent point, and interesting analogy about the just right porridge of regulation.

Considering community banks are mostly not considered SIFI's I can't wrap my head around why the same standards apply.

In some parts of Asia, different category of banks are subject to different LCR


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.