BANK / CREDIT UNION ROAD

Level 1

Level 2

Level 3

Level 4

Level 5

100

What is the name of the regulator that performs audits (which are called EXAMS) on Banks.

Federal Deposit Insurance Corporation

100

What is the formal name of the Exam for Credit Unions?

NCUA Risk‑Focused Examination

100

This document is the Primary Source of Cyber and IT Risk Examination Standards for Banks

FFIEC IT HANDBOOK

100

Does the VP of IT, CTO, CIO, CISO know about every MRA / DOR on every single bank or credit union exam?

Yes - they are required to know about all of them, and often sign off on due dates / review resolutions.

100

Do Exams happen in person or virtually?

Both, but almost never 100% virtual. Usually hybrid?

100

What is the name of the regulator that performs audits on credit unions?

National Credit Union Administration

100

Regulator Portal for Document Submission & Exam Interaction thanks banks or credit unions log into for Banks

FDICconnect

100

This document is the Primary Source of Cyber and IT Risk Examination Standards for Credit Unions

FFIEC IT HANDBOOK

100

Does the Board of Directors know of every single MRA / DOR on an exam ?

Highly likely, maybe not all MRAs, but anything mission critical and final results, exam scores, are included in board meetings.

100

Where can you find this information?

IN the visualizer on the FY26 Bank Sheet.

100

When a bank has a regulator come in for their annual Exam they call it their annual "XYZ EXAM"

BANK exam
FDCI Exam

100

Regulator Portal for Document Submission & Exam Interaction for Credit Unions

MERIT Software

100

When an examiner finds a RED FLAG on an issue for a BANK they call it a .............

MRA = Matters Requiring Attention

100

What is a 30-60-90 day IT fire Drill that the Opentext Cyber Team talks about so much?

Its when a bank or a credit union has an issue on an exam that creates a MRA, or DOR, and the examiner assigns a due date for them to go fix it or be penalized.

100

What is the final naming system for when EXAMS are over?

CAMELS - ( Capital, Asset quality, Management, Earnings, Liquidity, Sensitivity to market risk)

100

When a Credit Unions has a regulator come in for their annual Exam they call it their annual "XYZ EXAM"

NCUA Exam

100

When an examiner comes into your office at a Bank with his checklist to go over for the exam his checklist is called what?

InTrex Guidelines

100

When an examiner finds a RED FLAG on an issue for a BANK but they want the board of directors to specifically fix it because its very intense they call it a.....

MRBA = Matters requiring board attention

100

Who gets MRAs, and who gets DORS?

Plus what are they?

Plus what do they stand for?

Banks get MRAs, and Credit Unions Get Dors.

Matters requiring attention, and documents of resolution.

100

What is the grading Scale for CAMELS?

1-5 with 1 being the best.

1-2 considered good.
3-5 considered bad.

100

What is the formal name of the Exam for banks?

FDIC Safety and Soundness Examination

100

When an examiner comes into your office at a Credit Union with his checklist to go over for the exam his checklist is called what?

NCUA Examiners guide

100

When an examiner finds a RED FLAG on an issue for a Credit Union they call it a .............

Document of Resolution

100

How Frequent are Bank / Credit Union Exams

Every 12 months......

18 months if HIGH EXAM scores and under 1B in assets (which is about 50-200 employees)

100

What happens if you have a bad camels score?

examinations.

Corrective Actions: Enforcement orders (e.g., MRBA, consent orders).

Growth Limitations: Restrictions on expansion, new branches, or acquisitions.

Higher Operating Costs: Increased expenses for compliance and oversight.

Difficulty Raising Capital: Investors and lenders may be less willing to provide funds.

Reputational Damage: Loss of customer trust and business.

Higher Deposit Insurance Premiums: Increased costs from the FDIC.

M&A Obstacles: Challenges in mergers and acquisitions.