DiCom Logo Blue Web Background
DiCom Software Newsletter
July, 2015  

CQS 9.2 
CQS 9.2 is available and ready for client download from DiCom's secure FTP site. The release includes improved comment text box functionality, the ability to use the Report Designer for Monitor and Problem Loan reporting, and several other UI improvements.  If you are a current client and are interested in this release, please contact our technical services team as soon as possible to begin your upgrade. 

CQS 9.5 
CQS 9.5 is currently being developed for release later this year.  User group meetings are taking place to gather input on the functionality in this release.  If you wish to take part in these user group meetings, please contact our Product Manager here

Learn More and 


Welcome to the twelfth edition of DiCom's e-newsletter!  We use this tool to keep you informed of the latest credit risk and loan review industry updates.  This month we focus on the concerns related to cybersecurity and what expectations the regulators have published that banks can look to for guidance.

As always, your input on topics for future newsletters, as well as suggestions for enhancements to our suite of credit risk management software solutions is heartily encouraged!

The Latest Hot Topic...


Cybersecurity is not a new subject to the financial industry.  The concerns related to security of data, breaches of security that have been publicized and expensive for many corporations, and the impact it has had on many individuals make this an issue that is real, personally and professionally for everyone.


The emphasis in the financial sector has increased dramatically in the past year, and seems to have reached a crescendo in the past month.  On June 30th, which now seems fortuitous in an unfortunate way, the FFIEC released its Cybersecurity Assessment Tool.1  The timing coincided with the OCC release of its Semiannual Risk Perspective.  While the FFIEC publication was solely focused on Cybersecurity, even the OCC noted in its single page on operational risk that they considered operational risk level elevated, due to "greater interconnectedness and interdependencies, increased sophistication of cyber threats, and pervasive technology vulnerabilities."2  The GAO also weighed in on the subject on July 2nd, publishing a report on cybersecurity at banks and other depository institutions, indicating that most regulators lacked information that would enable them to better assess information security during their reviews.  According to this GAO report, the regulators had already begun to take steps to educate their staffs on current information technology issues.3

As if on cue, July 8th saw a trio of high profile outages which led many to question if there was a broad scale cyber-attack in action.  The NYSE saw trading shut down for three hours in what they subsequently reported as a 'technical issue' related to a failed upgrade.  United Airlines had all flights grounded for two hours that morning due to a 'network connectivity issue' which impacted its passenger reservation system.  The Wall Street Journal lost its' cyber connection to readers when its' homepage went down for a period of time that day.  Reporters quickly took the question to the White House, with the press secretary addressing this topic in between questions about Greece and Bill Cosby's Medal of Freedom.  At this point the Department of Homeland Security continues to indicate 'no signs of malicious activity' and so the conclusion would be that these types of outages actually will happen more regularly if the standards for security systems are not improved.


Other organizations have been focusing on cyber security as well.  In February, FINRA published a report on Cybersecurity Practices, and the report included results of a survey they conducted regarding the top cyber risks financial services organizations were facing.  Not surprisingly, the top concern was hackers penetrating systems.4  The New York State Department of Financial Services published a report last year that referred to a 2013 survey they conducted of 154 institutions on cyber security.  In it they identify five key pillars of an effective Information Security Framework.5 They are:

  1. A written information security policy
  2. Security awareness education and employee training
  3. Risk management of cyber-risk, inclusive of identification of key risks and trends
  4. Information security audits
  5. Incident monitoring and reporting

What the FFIEC document provides is a tool for banks to incorporate all the best practices, as well as the regulatory guidance, to appropriately address the cyber-risk concern for their institution.  They have presented their assessment tool in two parts.  One section addresses the risk profile of the institution, and one addresses the maturity of the institutions' current controls and processes.  Steps are laid out for bank management to follow to enhance their oversight of the risk that exists relative to cybersecurity for their institution.  Responsibilities of the CEO and the board of directors are listed in conjunction with the conclusions management will present based on their efforts. 


Having been given these clearly identified instructions on what regulators expect, it is imperative that institutions of all sizes incorporate these elements into their risk management plans and risk appetites.  Devoting resources to not only the avoidance of DDoS/Denial of Service events, but actual data breaches is of course imperative.  Doing this in a structured and thorough way, based on proven industry standards, will be expected going forward.  Risk management staff should consider this FFIEC framework for any program they expect to present successfully to their regulators, and build on this foundation as they work to prevent a cyber-event at their institution.



http://www.occ.gov/publications/publications-by-type/other-publications-reports/semiannual-risk-perspective/semiannual-risk-perspective-spring-2015.pdf, page 34



Coming up in August DiCom will host a webinar, How Strong is Your Third Line of Defense?, on August 25th and 27th. To register for that webinar click here.

If you have questions about any of the information in this newsletter or about DiCom's suite of Credit Risk Management products, please do not hesitate to contact us at 407-246-8060.
View our profile on LinkedIn          DiCom Software, 1800 Pembrook Drive, Suite 450, Orlando, FL 32810  (407) 246-8060