CAE Agenda: Your Monthly Audit News Roundup

Whitney Sunset by Michael Rosenberg

CAE Agenda: Your Monthly Audit News Roundup


Dear Colleague,

Welcome to the September edition of the CAE Agenda, Protiviti’s monthly roundup of internal audit news and developments for financial services organizations.

We hope our monthly newsletter will continue to be a valuable source for audit executives to stay informed on the industry and regulatory developments impacting your organization.

News and Trends

  1. OCC Seeks Comments on Modernizing Community Reinvestment Act Regulations

    On August 28, the Office of the Comptroller of the Currency released an Advance Notice of Proposed Rulemaking (ANPR) seeking comment on the best ways to modernize the regulatory framework implementing the Community Reinvestment Act (CRA).

    “The comment period will be open for 75 days after the ANPR is published in the Federal Register [Comptroller Joseph M.] Otting said the OCC will need about 75 to 100 days after that to go through the comments and share them with other regulators before proposing a rulemaking notice, which would also have a 75-day comment period. That means a final rulemaking process will not go out until the summer of next year at the earliest.” [Source: American Banker, August 28, 2018]

  2. ABA Survey: Banks Report CRE Lending Concentrations on the Rise

    With the CRE lending market currently booming, banks are increasing their concentrations in this area — particularly in construction lending — according to findings from the 2018 Commercial Real Estate Lending Survey conducted by the American Bankers Association.

  3. IIA Releases New Global Technology Audit Guide on Insider Threat  Programs

    This GTAG helps internal auditors understand insider threats and related risks by providing an overview of common traits of main players, key risks and potential impacts. Additionally, the guide presents security frameworks, techniques, considerations and resources that can help during the planning and execution of audit engagements.

  4. Third Compliance Date Approaching for New York Cybersecurity Regulation

    The third transitional period for New York’s first-in-the-nation cybersecurity regulation for all entities regulated by the Department of Financial Services (DFS) ends on September 4, 2018. The DFS also has reminded regulated entities that under DFS’s regulation, if they utilize third-party service providers, they must evaluate the risk that these service providers pose to the security of those systems and data and ensure those systems and data are protected by March 1, 2019.


Join us during the upcoming IIA Financial Services Exchange conference

Protiviti is proud to be a sponsor and speaker at the event on October 1-2, 2018 at the Renaissance Downtown in Washington, DC.

On day one of the conference, Monday October 1, from 11:15 a.m. – 12:15 p.m., join Protiviti’s Jim McDonald and Brian Kostek for a panel discussion with industry practitioners Abel Clark (TruSight), Amy Hellen (TD Bank), Mazahir Kothari (JPMorgan Chase) and Sriram Padmanabham (Citigroup) on Creating Business Value Through Effective Third-Party Management Auditing and discuss how financial services organizations and audit teams can support the value creation process throughout the third-party risk management life-cycle with innovation and technology supported auditing techniques.


Register Now


Microsite Download View: 

SEC Updates Disclosure Requirements: A blog written by Charles Soranno, Managing Director Internal Audit and Financial Advisory