Risk Assessments

Crypto-Asset Safekeeping by Banking Organizations: Regulatory Guidance and Risk Assessments

An overview of Crypto-Asset Safekeeping regulatory landscape, risk management expectations, and practical considerations for cybersecurity and IT professionals at financial institutions.
Quick Links:
No items found.
No items found.

As digital assets become increasingly integrated into the financial sector, banking organizations are under growing pressure to provide secure, compliant safekeeping solutions for crypto-assets. The Office of the Comptroller of the Currency (OCC), Federal Reserve Board, and Federal Deposit Insurance Corporation (FDIC) have issued a joint statement clarifying how existing laws, regulations, and risk management principles apply to crypto-asset safekeeping. This article provides a detailed overview of the regulatory landscape, risk management expectations, and practical considerations for cybersecurity and IT professionals at financial institutions.

NETBankAudit experts have over 25 years of experience in cybersecurity and risk management audits. We offer Crypto-Asset Safekeeping Risk Assessments designed to help your organization not just adapt, but lead with confidence in this new frontier. If you have any questions after reading this guide, please reach out to our team.

Defining Crypto-Asset Safekeeping: Scope and Regulatory Context

Term Definition
Crypto-Asset Safekeeping Holding digital assets on behalf of customers, distinct from broader custody services
Fiduciary Safekeeping Safekeeping provided under fiduciary authority, subject to 12 CFR 9 or 150 and applicable state law
Non-Fiduciary Safekeeping Safekeeping provided by contract, aligned with a bank’s controls and risk standards
Cold Wallet Offline key storage with reduced exposure to cyber threats
Hot Wallet Online key storage enabling faster movement but with higher exposure risk

What Constitutes Crypto-Asset Safekeeping?

Crypto-asset safekeeping is the service of holding digital assets on behalf of customers. This is distinct from broader custody services, which may include a range of activities such as settlement, reporting, and asset servicing. Safekeeping can be provided in either a fiduciary or non-fiduciary capacity, each with its own regulatory requirements and risk profiles.1

Regulatory Applicability and Oversight

Banking organizations subject to OCC, Federal Reserve, and FDIC oversight must comply with federal and state laws, including 12 CFR 9 or 150 for fiduciary activities. The agencies’ statement does not introduce new supervisory expectations but clarifies how existing frameworks apply to crypto-asset safekeeping. Fiduciary safekeeping requires adherence to heightened standards and compliance with specific regulations and state laws, while non-fiduciary safekeeping is governed by client contracts and must still meet baseline regulatory and risk management standards.1

  • Fiduciary safekeeping involves acting as a trustee, executor, administrator, or investment advisor, with authority to manage assets as permitted by law and the governing instrument.
  • Non-fiduciary safekeeping is established by client contract and must be consistent with the institution’s control environment and risk management practices.

Risk Management Fundamentals for Crypto-Asset Safekeeping

Risk Assessment and Governance

Before offering crypto-asset safekeeping, banking organizations must conduct a thorough risk assessment. This assessment should consider the institution’s core financial risks, the complexity of the asset class, the strength of the control environment, and contingency planning for unexpected challenges. The evolving nature of the crypto-asset market and underlying technologies requires a dynamic risk governance framework that adapts to new threats and opportunities.

  • Boards, officers, and employees must possess sufficient knowledge and understanding of crypto-asset safekeeping to establish operational capacity and appropriate controls.
  • Significant resources may be needed to develop or procure new technology, establish a robust control environment, and ensure staff have appropriate technical expertise.
  • Price volatility and rapid technological evolution can impact both the demand for safekeeping services and the value of assets held.
Cryptographic Key Management: Tips on How to Prevent Loss
Cryptographic Key Management: How to Prevent Loss

Cryptographic Key Management: The Core Security Challenge

The primary risk in crypto-asset safekeeping is the compromise or loss of cryptographic keys, which could result in asset loss or unauthorized transfers. Effective key management is essential to maintaining control and meeting the standard of care required by law. Control is established when the institution can demonstrate that no other party, including the customer, has access to information sufficient to unilaterally transfer the asset.

Key Management Best Practices

  • Initial control typically requires transferring the asset to the institution’s address on the distributed ledger, not just taking possession of existing keys.
  • Key management systems must be regularly evaluated and updated to address technological developments and emerging threats.
  • Contingency planning for lost or compromised keys is critical, as is the secure generation and storage of keys and backup materials.
  • Wallets used for key storage exist on a spectrum from “cold” (offline) to “hot” (online), with varying security implications. Not all wallets are compatible with all crypto-assets.

Cybersecurity Environment: A Critical Focus

Given the virtual nature of crypto-assets, the cybersecurity environment is a key focus of risk management. Institutions must ensure that their cybersecurity controls are robust and aligned with industry standards such as the NIST Cybersecurity Framework. The OCC’s Cybersecurity Supervision Work Program provides additional considerations for aligning with supervisory guidance.

Additional Risk Management Considerations

Asset Selection and Technical Due Diligence

Not all crypto-assets are created equal. Different assets may require different key management solutions and may present unique technical, operational, and legal risks. Institutions should perform a detailed analysis of each asset before accepting it for safekeeping, including identifying vulnerabilities and dependencies that could impact safety and soundness.

  • Analyze technical, operational, strategic, market, legal, and compliance considerations for each asset and its underlying ledger.
  • Stay informed about material developments related to supported assets and their ledgers.
  • Perform a comprehensive analysis of each crypto-asset before safekeeping, including identifying vulnerabilities and dependencies that could create material risks.

Control Environment and Account Models

Maintaining an effective control environment is essential. This includes regular independent assurance by individuals with the necessary expertise. The choice between omnibus and separate account models also introduces different risk profiles. Omnibus accounts may offer efficiency but can create larger targets for theft, while separate account models require managing more key pairs but may enhance security and segregation of assets.

  • Standard custodial risk management principles apply to the storage of cryptographic keys and sensitive information, but may need to be tailored to the specific services provided.
  • Carefully consider the potential risks associated with different types of account models for safekeeping crypto-assets.

THE GOLD STANDARD IN
Cybersecurity and Regulatory Compliance

Request For ProposalAsk a Question

Legal and Compliance Risk: Navigating the Regulatory Landscape

Legal and Compliance Risk of Crypto Safekeeping

BSA/AML, CFT, and OFAC Compliance

Crypto-asset safekeeping is subject to Bank Secrecy Act (BSA), anti-money laundering (AML), countering the financing of terrorism (CFT), and Office of Foreign Assets Control (OFAC) requirements. These laws require customer identity verification, due diligence, ongoing monitoring, and transaction blocking in accordance with sanctions. Distributed ledger technology may complicate compliance, especially when identifying information is not readily available.

Compliance Challenges and Best Practices

  • Involve the BSA officer, board, and senior management in assessing money laundering and illicit finance risks before offering services.
  • Draft clear customer agreements outlining duties, responsibilities, and specifics such as on-chain governance, forks, airdrops, and storage methods.
  • Provide transparent, accurate, and timely information to customers about the institution’s role and responsibilities.
  • Follow all applicable recordkeeping and reporting requirements, including those related to the “Travel Rule” and evolving tax laws that may affect customer obligations.

Customer Communication and Disclosure

Crypto-asset safekeeping activities present a risk that the customer could be misinformed of the banking organization’s role in the arrangement. Banking organizations may be able to mitigate this risk by providing clear, accurate, and timely information to customers about their crypto-asset safekeeping activities, including the banking organization’s role in any governance or other voting matter related to the crypto-asset.

Third-Party Risk Management: Sub-Custodians and Technology Providers

Engaging Sub-Custodians

Some institutions may contract with third-party sub-custodians or technology providers to deliver safekeeping services. The banking organization remains responsible for the activities performed by these third parties and must ensure robust risk management practices are in place. Conduct thorough due diligence on sub-custodians, evaluating their key management solutions, internal controls, and adherence to standard practices.

  • Analyze the treatment of customer assets in the event of sub-custodian insolvency or operational disruption.
  • Ensure contracts specify notification requirements for material events, such as key compromise or transaction errors.
  • Segregate customer assets from those of the sub-custodian to avoid commingling and potential loss in bankruptcy scenarios.
  • Evaluate the appropriateness of the sub-custodian’s risk management and recordkeeping practices.

Third-Party Technology Risk

Even when providing safekeeping directly, institutions may rely on third-party software or hardware. Effective risk management includes weighing the risks of purchasing versus maintaining technology as a service and ensuring ongoing oversight. Evaluate the effectiveness of third-party technology solutions and ensure they align with the institution’s control environment and risk management objectives.

NETBankAudit’s Crypto-Asset Safekeeping Risk Assessment: Your Strategic Advantage

Why a Specialized Risk Assessment is Crucial Now

Providing crypto-asset safekeeping services opens up new opportunities, but also exposes your institution to significant risks. Without a clear understanding of these risks, your organization could face financial losses, legal trouble, reputation damage, and operational headaches. NETBankAudit’s Crypto-Asset Safekeeping Risk Assessment is designed to help you identify and address these risks before they become costly problems.

  • Financial Losses: Due to theft, technical failures, or losing control of digital keys.
  • Legal Trouble: Not following the latest laws and rules for digital money.
  • Reputation Damage: If customer assets are lost or systems are breached.
  • Operational Headaches: Struggling with new technologies and complex processes.

Our Unique Approach: What We Cover

NETBankAudit’s assessment examines every angle of crypto-asset safekeeping, providing a clear picture of your organization's strengths and weaknesses:

  • Strategic & Business Risks: Do you fully understand the digital asset landscape? Do you have the right people and tools? Are you ready for fast changes in prices and technology?
  • Operational Risks: How safe are your cryptographic keys? Are your systems and controls robust? Is your cybersecurity ready for digital threats?
  • Compliance & Legal Risks: Are you following all laws to prevent misuse of digital assets? Are your customer agreements and records strong?
  • Third-Party Risks: Are your sub-custodians and technology partners safe and reliable? Do you check them carefully?
  • Audit & Oversight Risks: Do you have strong ways to check your own digital asset safekeeping? Do your auditors know enough about digital money?

Benefits for Your Executive Team

Our Crypto-Asset Safekeeping Risk Assessment empowers your leadership by:

  • Clarity: Providing a simple, clear understanding of complex risks.
  • Confidence: Helping you make informed decisions about offering digital asset services.
  • Protection: Identifying weaknesses before they are exploited.
  • Compliance: Ensuring you meet regulatory expectations and build a strong, compliant program.
  • Competitive Edge: Positioning your organization as a secure and reliable partner in the digital economy.

Why NETBankAudit is the Trusted Partner for Crypto-Asset Safekeeping Audits

As regulatory expectations and technological complexities continue to evolve, financial institutions need a trusted partner to navigate the challenges of cybersecurity, including crypto-asset safekeeping. NETBankAudit offers specialized audit and compliance services tailored to the unique needs of banking organizations engaging in digital asset safekeeping. Our team brings over 25 years of experience in IT, cybersecurity, and regulatory compliance, ensuring your institution meets all applicable requirements while maintaining a strong control environment.

Contact NETBankAudit today to learn how our audit and risk assessment services can help your institution manage risk, enhance compliance, and build trust with your customers.

References

Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, & Office of the Comptroller of the Currency. (2023). Interagency statement on crypto-asset safekeeping by banking organizations. https://www.fdic.gov/interagency-statement-crypto-asset-safekeeping.pdf

 
class SampleComponent extends React.Component { 
  // using the experimental public class field syntax below. We can also attach  
  // the contextType to the current class 
  static contextType = ColorContext; 
  render() { 
    return <Button color={this.color} /> 
  } 
}
Table of Contents
This is also a heading
This is also a heading
This is a heading

Mitigate Risks with Comprehensive Audits & Assessments

Request For Proposal
NEWS & ARTICLES

Explore Our Learning Center

View All Articles
Risk Assessments
Crypto-Asset Safekeeping by Banking Organizations: Regulatory Guidance and Risk Assessments
An overview of Crypto-Asset Safekeeping regulatory landscape, risk management expectations, and practical considerations for cybersecurity and IT professionals at financial institutions.
Read more
Cybersecurity
NVD and CVE: The Backbone of Vulnerability Management in Financial Institutions
Background and recent news on the CVE and NVD and how financial institutions can increase vulnerability management to protect against cybercrime.
Read more
Compliance
The Gramm-Leach-Bliley Act (GLBA): Compliance Guide for Financial Institutions
While the GLBA fostered competition and innovation, it also introduced a robust framework for consumer privacy and data security. For compliance professionals, understanding GLBA’s structure, requirements, and enforcement mechanisms is essential to safeguarding both institutional integrity and consumer trust.
Read more
Compliance
The Truth in Lending Act (TILA): 2025 Compliance Guide for Financial Institutions
Since its enactment in 1968, TILA has evolved to address new risks, market practices, and regulatory priorities. Recent regulatory changes, especially those effective in 2024 and 2025, require compliance professionals to update their programs and stay vigilant for further developments.
Read more
Compliance
Community Reinvestment Act (CRA) Compliance Guide: Current Rules, Examination Procedures, and Rescinded 2023 Changes
This guide provides a detailed overview of the CRA, the 2023 proposed modernization and its subsequent rescission, and a thorough breakdown of examination procedures for large institutions, intermediate small banks, and small banks.
Read more
Industry News
Ransomware Response for Banks: Key Audit Decisions, Compliance Triggers & Regulatory Risks
Prepare for and respond to ransomware attacks with guidance on audit considerations, incident response planning, regulatory notification requirements, cyber insurance pitfalls, and emerging threat trends facing financial institutions.
Read more
Industry News
Reexamining Regulator Cybersecurity: Data Risks and Oversight Gaps in the Financial System
Recent cyber breaches at the OCC and U.S. Treasury have exposed gaps in federal data handling practices. This article from NETBankAudit explores the risks centralized supervisory data poses to financial institutions, highlights oversight inconsistencies, and outlines key audit actions to mitigate exposure.
Read more
Industry News
OCC Rejects Call to Rescind Preemption Rule: What It Means for the Dual Banking System
Understand the OCC’s reaffirmation of federal preemption and its impact on the dual banking system, including legal context, industry response, and audit implications for financial institutions navigating federal and state oversight.
Read more
Industry News
Insights From BSA Coalition’s AI and Fraud Webinar
Explore key takeaways from the BSA Coalition’s AI and Fraud webinar, including deepfake risks, synthetic ID fraud, governance gaps, and practical strategies for financial institutions to stay secure and compliant.
Read more
Industry News
NETBankAudit Announces Elaine Rudolph-Carter as Regulatory Oversight and BSA Specialist
NETBankAudit welcomes Elaine Rudolph-Carter as Regulatory Oversight and BSA Specialist. With decades of experience at the Federal Reserve and as a BSA Coalition co-founder, Elaine enhances our compliance and audit expertise.
Read more
Cybersecurity
Social Engineering Testing: Safeguarding Financial Institutions from Human-Centric Cyber Threats
Discover how financial institutions can protect against social engineering attacks through phishing, vishing, pretexting, and more. Learn the value of internal and third-party testing to strengthen employee awareness and regulatory compliance.
Read more
Compliance
Flood Disaster Protection Act: Lender Compliance, Insurance Requirements, and Regulatory Oversight
Understand lender obligations under the Flood Disaster Protection Act, including flood insurance purchase requirements, force placement, escrow management, and private policy acceptance. Essential guidance for financial institutions.
Read more
Compliance
Regulation B – Equal Credit Opportunity Act: Practical Guide for Fair Lending Compliance
Explore key requirements of Regulation B and the Equal Credit Opportunity Act, including fair lending rules, prohibited practices, application standards, and recent enforcement actions. Essential for compliance professionals in financial services.
Read more
Compliance
Right to Financial Privacy Act: Safeguarding Customer Financial Records from Unwarranted Government Access
Learn how the Right to Financial Privacy Act (RFPA) protects customer financial records from unwarranted government access. This guide explains RFPA procedures, exceptions, enforcement actions, and how financial institutions can stay compliant.
Read more
Risk Assessments
Independent Network Testing Requirements And Recommendations
Explore essential network testing protocols and best practices to ensure optimal performance, reliability, and compliance in modern IT infrastructures.
Read more
Cybersecurity
Assessing It Department Performance And Staffing
Learn how to evaluate IT department efficiency and staffing needs using key performance indicators and strategic assessment methodologies.
Read more
Cybersecurity
Artificial Intelligence: Opportunities And Threats for Financial Institutions
Understand the risks and benefits of AI in financial institutions, with actionable strategies to ensure ethical use, regulatory compliance, and resilience.
Read more
Compliance
Regulatory Landscape Shift: What is the Status of CFPB and Other Regulatory Agencies?
Stay ahead of U.S. regulatory changes impacting financial institutions, including CFPB restructuring, OCC priorities, and Basel III Endgame considerations.
Read more
Cybersecurity
Vulnerability & Patch Management in Financial Institutions
Discover a compliance-first approach to vulnerability and patch management, minimizing security risks within financial organizations.
Read more
Compliance
Understanding Customer Identification Program (CIP) Requirements
Gain insights into CIP mandates for financial institutions, ensuring compliance with KYC regulations and enhancing customer verification processes.
Read more
Cybersecurity
Ransomware in 2025: A Persistent Threat in a Shifting Landscape
Analyze the diminishing influence of ransomware groups and understand the factors contributing to their reduced impact in the cybersecurity landscape.
Read more
Cybersecurity
Generative AI Controls and Risk Assessments for Financial Institutions 
Uncover potential risks of generative AI, including ethical, legal, and operational challenges, and learn strategies to mitigate them effectively.
Read more
Risk Assessments
Enhanced Due Diligence: A Practical Guide for Compliance Officers in Financial Institutions
Explore how Enhanced Due Diligence protects financial institutions from high-risk clients by meeting FATF, FinCEN, and FFIEC compliance expectations.
Read more
Risk Assessments
The CRI Cyber Profile: A Guide for Financial Institutions
Learn how the CRI Cyber Profile helps financial institutions meet FFIEC standards through scalable risk assessments and enhanced regulatory alignment.
Read more
Compliance
Protecting Elderly Customers: NETBankAudit's Elder Fraud (EFE) Audit Services
NETBankAudit offers specialized Elder Fraud Audit Services designed to help financial institutions detect, prevent, and respond effectively to EFE, ensuring compliance with regulatory standards and reinforcing trust with their customers.
Read more
Compliance
Key Findings from NETBankAudit’s 2024 BSA/AML Audits and MIS Verification Audits
View results of over 30 Bank Secrecy Act (BSA) Compliance Audits across community banks, credit unions, and other financial institutions in 2024.
Read more
Compliance
Guide to Currency Transaction Reports (CTRs): Strategies and Best Practices
Currency Transaction Reports (CTRs) serve as critical tools in the fight against money laundering, terrorist financing, and other financial crimes.
Read more
Compliance
Enhancing Transaction Monitoring and Suspicious Activity Reporting: Strategies for Effective Compliance
Learn about Transaction Monitoring and Suspicious Activity Reporting best practices for Financial Institutions.
Read more
Compliance
Risk Assessment Best Practices for BSA/AML/CFT and OFAC Compliance
Fortify your institution’s BSA AML risk assessment processes by weaving together best practices, real-world examples, and authoritative guidance from global regulatory entities.
Read more
Compliance
Emerging Threats to BSA/AML/CFT and OFAC Compliance: Navigating AI, Cryptocurrency, and Machine Learning Risks
Understand the impact of emerging technologies such as AI, Machine Learning, Crypto and more on BSA, AML and CFT compliance.
Read more
Industry News
Key Cybersecurity Deadlines and New DFS Requirements Coming in 2025
Updates on The New York Department of Financial Services (DFS) new requirements under its amended Cybersecurity Regulation (23 NYCRR Part 500).
Read more
Industry News
FFIEC CAT Sunset Prep: A Guide to NIST CSF 2.0, CRI Cyber Profile & CIS Controls
With the Federal Financial Institutions Examination Council (FFIEC) announcing the sunset of the Cybersecurity Assessment Tool (CAT) by August 31, 2025, financial institutions must pivot to new resources to manage cybersecurity risks effectively.
Read more
Compliance
FCA Final Rule on Cyber Risk Management: The 2025 Guide for Financial Institutions
The Farm Credit Administration (FCA) has issued a groundbreaking final rule on Cyber Risk Management, reshaping how institutions within the Farm Credit System (FCS) address cybersecurity.
Read more
Cybersecurity
Farm Credit Administration Guidance on Navigating AI and Emerging Cybersecurity Risks
Discover how the Farm Credit Administration's guidance helps financial institutions navigate AI integration and emerging cybersecurity risks. Learn key strategies for compliance and effective risk management.
Read more
Industry News
2024 Annual Audit and Exam Issues: Insights from NETBankAudit
A 2024 survey of examination and audit issues collected from over 250 audit engagements to assist our clients in identifying commonly reported examination and audit issues.
Read more
Compliance
Understanding Placement, Layering, and Integration: The Core Stages of Money Laundering
This guide delves into each stage of money laundering—Placement, Layering, and Integration— highlighting common methods, red flags, and the challenges inherent in detection.
Read more
Compliance
Structuring and Smurfing Explained: Strengthening AML Compliance
This guide delves into the definitions, methods, legal implications, real-world examples, and best practices associated with structuring and smurfing, providing actionable insights to bolster compliance programs.
Read more
Compliance
Circular Transactions & Funnel Accounts: Unveiling Money Laundering Tactics
This guide delves into the methodologies of circular transactions and funnel accounts, highlights red flags for their identification, and provides actionable best practices for robust compliance.
Read more
Compliance
Navigating BSA, AML, CFT and OFAC: An Overview of Finance Regulations
This guide provides an overview of the Bank Secrecy Act (BSA), Anti-Money Laundering (AML) protocols, and Office of Foreign Assets Control (OFAC) regulations.
Read more
Cybersecurity
Elder Financial Exploitation and Fraud: What You Need to Know
This article delves into the scope, trends, and impacts of elder fraud, highlighting red flags and strategies to protect one of society’s most vulnerable groups.
Read more
Risk Assessments
Understanding Gift Card Scams: Regulations, Risks, and Tips for Safe Usage
Learn about gift card scams including essential regulations, common risks, and actionable tips to ensure you can use gift cards wisely and securely.
Read more
Risk Assessments
FFIEC Development, Acquisition, and Maintenance (DA&M) Booklet: What You Need to Know
Understand the FFIEC's Development, Acquisition, and Maintenance (DA&M) Booklet including key updates and their implications on financial entities.
Read more
Cybersecurity
Phishing in Financial Services: Protecting Your Institution Against Cyber Threats
Phishing Attacks on financial institutions are increasing in frequency and complexity. We explain the tactics, regulations and strategies to protect your institution from cyber threats.
Read more
Cybersecurity
Penetration Testing Methodology and Procedures for Financial Institutions
Learn the process, methodologies, tools, and best practices for conducting effective penetration tests in financial institutions.
Read more
Cybersecurity
IT Governance: Aligning Technology with Business Strategy for Optimal Performance
Explore how financial institutions can implement effective IT governance frameworks to align their technology initiatives with business objectives, manage risks, and ensure regulatory compliance.
Read more
Cybersecurity
Common Cybersecurity Attacks and Penetration Testing Solutions For Financial Institutions
Understand common cybersecurity attacks and penetration testing solutions to mitigate risk in an increasingly sophisticated environment.
Read more
Industry News
Bank-Fintech Partnerships: Analysis of the Federal Reserve Board's 2024 Guidance
Analysis of bank-fintech partnerships, risks, and regulatory programs with a focus on the Federal Reserve Board's 2024 guidance.
Read more
Industry News
Risks and Strategies for AI Cybersecurity Risks: Key Takeaways from NY DFS Letter
Learn key AI cybersecurity risks and controls from the October 2024 letter from New York Department of Financial Services
Read more
Cybersecurity
IT Risk Management Solutions for Financial Services: Safeguarding Your Digital Assets
This article explores key IT risk management solutions for the financial sector, offering practical insights to help institutions protect their digital assets and maintain regulatory compliance.
Read more
Cybersecurity
IT Business Continuity Plans for Financial Institutions
This article explores the essential components of IT business continuity planning, emphasizing the unique needs of financial institutions drawing from FFIEC guidance.
Read more
Cybersecurity
IT Change Management for Financial Services
This guide covers IT change management for financial services, providing insights, best practices, and strategies for successfully navigating the complexities of managing IT changes.
Read more
Cybersecurity
Data Assurance in Financial Services: Ensuring Integrity of Financial Information
This guide delves into the critical aspects of data assurance in financial services, offering insights, best practices, and forward-looking perspectives to help you navigate this complex field.
Read more
Cybersecurity
IT Crisis Management Guide for Financial Services: Protecting Your Institution
This guide explores the critical aspects of IT crisis management in financial services, offering insights and strategies to help financial institutions navigate through disasters.
Read more
Industry News
2023 Annual Audit and Exam Issues: Insights from NETBankAudit
Read NETBankAudit's insights from the 2023 audit season, based on over 250 audit and over 750 technical testing engagements with financial institutions.
Read more
Compliance
Customer Due Diligence (CDD) Guide for Financial Institutions
Learn best practices for of Customer Due Diligence (CDD) for financial institutions, designed to prevent money laundering, terrorist financing, and other financial crimes.
Read more
Risk Assessments
Ransomware Assessment Facilitation for Financial Institutions
Get an in-depth look at ransomware assessment facilitation, focusing on the tools and strategies available to financial institutions to protect themselves against this pervasive threat.
Read more
Risk Assessments
URSIT Analysis – A Six Part Whitepaper Series
Learn about the the Uniform Rating System for Information Technology (URSIT) and the importance for financial services risk management.
Read more
Compliance
CECL Model and Validation: Ensuring Compliance with Regulatory Requirements
Learn about the Current Expected Credit Loss (CECL) model, introduced by the Financial Accounting Standards Board (FASB) with best practices for model validation.
Read more
Cybersecurity
IT Network Security Management: Protecting Your Digital Assets
Explore the key components of IT network security management, best practices for implementation, and emerging trends that are shaping the future of cybersecurity.
Read more
Cybersecurity
IT Security Incident Reporting: A Guide for Financial Institutions
Explore the critical aspects of IT security incident reporting, tailored specifically for smaller financial institutions.
Read more
Cybersecurity
Guide to Cybersecurity Assessments for Financial Institutions
A guide to cybersecurity assessments for financial institutions including guidance for the discontinuation of the CAT in 2025 and the shift to NIST 2.0 and CISA CPGs.
Read more
NETBankAudit Logo PNG
2024 NETBankAudit. All Rights Reserved.
Privacy PolicyTerms of Service
Ask a Question
Thank you! We will email you the answer to your question shortly!
Oops! Something went wrong while submitting the form.
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept