Services

FFIEC

NDB's experienced and well-skilled FFIEC compliance auditors and compliance consultants can assist with all your FFIEC needs, from implementing numerous I.T. and operational controls as required by law, to developing documented FFIEC policies and procedures, and more!  FFIEC, the Federal Financial Institutions Examination Council (FFIEC), was established in 1979 and is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB).

Moreover, FFIEC makes recommendations to promote uniformity in the supervision of financial institutions and is responsible for developing uniform reporting systems for federally supervised financial institutions, their holding companies, along with also affiliated subsidiaries, when and where applicable.

FFIEC Infobase Resources
FFIEC has what is known as "InfoBase" (http://ithandbook.ffiec.gov/), a set of resources that provide information related to the following subject matter:

• I.T. Booklets
• Resources
• Referenced Materials
• Presentations
• Glossary

Not only is the "InfoBase" resource portal a great way to learn more about the FFIEC, it is also used by many organizations (especially the I.T. Booklets) as a way for staying on top of the many federally mandated compliance requirements for financial institutions.  Though a fair amount of the subjects within the I.T. Booklets were published in years past, they are still considered a vital, "must have" resource for many entities, and as such, NDB provides a wide range of services relating to FFIEC, and the implementation of many of the required procedures within these I.T. Booklets themselves.

As for the I.T. Booklets, they can be found at http://ithandbook.ffiec.gov/it-booklets.aspx, and consist of the following areas:

• Audit
• Business Continuity Planning
• Development and Acquisition
• E-Banking
• Information Security
• Management
• Operations
• Outsourcing Technology Services
• Retail Payment Systems
• Supervision of Technology Service Providers
• Wholesale Payment Systems

NDB | Your FFIEC Compliance Auditors and Compliance Consultants
Contact Charles Denyer at 1-800-277-5415, ext. 705 or email him directly at  This email address is being protected from spambots. You need JavaScript enabled to view it. regarding NDB’s highly specialized FFIEC auditing and consulting services from a team of talented, well-skilled compliance auditors and consultants.  NDB has years of experience working with FFIEC and can help implement all required controls into one's operational environment along with developing policy and procedure documentation as needed.

 

View »

PCI Level 1 PCI Assessments

NDB provides PCI DSS assessments whereby licensed Qualified Security Assessors (QSA) and supporting consultants and auditors perform Level 1 reports for merchants and service providers throughout the United States.  NDB's lead QSA, Charles Denyer, has developed a seven (7) phase PCI DSS roadmap, which consists of the following:

(1). PCI DSS Readiness Assessment and Gap Analysis
(2). Policy & Procedure (P&P) Analysis and Development
(3). Remediation Activities
(4). Vulnerability Scanning Services
(5). Penetration Services
(6). Assessment | On-site Fieldwork
(7). Issuance of “Report on Compliance” (ROC) and any other necessary reporting deliverables.

Experienced and Efficient PCI-QSA Services at Fixed Fees

This process has been used many times for NDB's Level 1 PCI DSS clients, resulting in an efficient and cost-effective process each year.  What's more, NDB's customized policy and procedure documents are an important component of this process (Phase 2), due in large part to the enormous scope requirements mandated on organizations by PCI for having these required documents in place.  NDB has developed a comprehensive list of easy-to-use and easy-to-implement PCI DSS policy and procedure templates, thus saving businesses thousands of dollars and hundreds of precious man hours.

PCI DSS assessments are only going to continue to grow and expand for all types of business industries and sectors that effectively have a credible relationship or "nexus" to cardholder data.  As such, entities such as data centers, managed services providers, Software as a Service (SaaS) organizations - and many others - will have to prove compliance with PCI DSS, and many times this means an actual PCI DSS Level 1 assessment by a Payment Card Industry Qualified Security Assessor (PCI QSA).  NDB's lead PCI QSA is Charles Denyer, whom you can contact at This email address is being protected from spambots. You need JavaScript enabled to view it. or at 1-800-277-5415, ext. 705, to receive a competitive, fixed-fee proposal for PCI, or if you just have general questions regarding PCI DSS assessments and compliance.

Comprehensive PCI DSS Services for Merchants and Service Providers

Remember that PCI DSS assessments (particularly Level 1 assessments by a QSA) can require a tremendous amount of time and effort on the part of merchants and service providers.  It is vitally important you retain the knowledge of an industry veteran who can guide your organization through an actual PCI DSS assessment in an efficient and timely manner.  Trust the experts at NDB for all of your PCI DSS needs, which include the following:

• Readiness Assessments and Gap Analysis services
• Penetration Testing and Vulnerability Scanning
• Policy and Procedure Writing
• PCI DSS Level 1 Assessments
• Self Assessment Questionnaire (SAQ) Consulting Services

The Official PCI DSS Resource Guide

You can also learn more about PCI DSS compliance by visiting the official PCI DSS Resource Guide, developed exclusively by NDB.  Additionally, read up on PCI Top 10 list, written by our lead PCI-QSA, Charles Denyer. Call NDB's lead PCI-QSA, Charles Denyer at 1-800-277-5415, ext. 705, or email him directly at This email address is being protected from spambots. You need JavaScript enabled to view it. .

 

 

View »

SOC 1 (SSAE 16/SSAE 18) Audits

NDB Accountants & Consultants, LLP (NDB) provides SOC 1 (SSAE 16/SSAE 18) Type 1 and Type 2 assessments to businesses throughout the United States, and at a competitive, fixed-fee rate.  We have been specialists in the regulatory compliance arena for many years, having issued hundreds of former SAS 70 audits reports and current SOC 1 (SSAE 16/SSAE 18) Type 1 and Type 2 reports for a large number of service organizations, ranging from payroll companies to data centers.

Statement on Standards for Attestation Engagements (SSAE) No. 16 is effective for reporting periods ending on or after June 15, 2011, and is part of the American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) framework.  Specifically, SOC 1 Type 1 and Type 2 assessments fall under the SOC 1 reporting option. Thus, it's common to hear people refer to SSAE 16 as "SOC 1" reports.

SOC 1 (SSAE 16/SSAE 18) Reporting

A SOC 1 (SSAE 16/SSAE 18) Type 1 Report is known as a "Report on management's description of a service organization's system and the suitability of the design of controls," which includes the following subject matter:

      • A description of the service organization's "system."
      • A written assertion from management of the service organization that fairly presents the service organization’s system as designed and implemented as of the specified date, and that the controls related to the control objectives stated in the description of the “system” for the service organization were suitably designed to achieve the control objectives as of the specified date.
      • A service auditor’s assurance report.

A SOC 1 (SSAE 16/SSAE 18) Type 2 Report is known as a "Report on management's description of a service organization's system and the suitability of the design and operating effectiveness of controls," which includes the following subject matter:

      • A description of the service organization's "system."
      • A written assertion from management of the service organization that fairly presents the service organization’s system as designed and implemented throughout the specified period, and that the controls related to the control objectives stated in the description of the “system” for the service organization were suitably designed to achieve the control objectives as of the specified period.
      • A service auditor’s assurance report.

SOC 1 (SSAE 16/SSAE 18) Resource Guide

To learn more about the AICPA Service Organization (SOC) reporting framework, which includes SOC 1, SOC 2 and SOC 3 reporting, please visit the official SOC Report Resource Guide, developed by NDB.  Interested parties will find an abundance of information on SOC 1 (SSAE 16/SSAE 18), such as the following (and much more):

  • Why a New Standard?
  • SOC 1 (SSAE 16/SSAE 18) and ICFR
  • SOC 1 vs. SOC 2
  • Description of the System
  • SOC 1 (SSAE 16/SSAE 18) Written Statement of Assertion

NDB can provide your organization with a competitive, fixed fee for your SOC 1 (SSAE 16/SSAE 18) Type 1 and Type 2 reports.  Please contact us today or call Christopher Nickell at 1-800-277-5415, ext. 706 or at This email address is being protected from spambots. You need JavaScript enabled to view it. to discuss your needs.  We're North America's trusted provider of SOC 1 (SSAE 16/SSAE 18) Type 1 and Type 2 audits and assessments at competitively priced fixed fees, along with offering numerous other regulatory compliance services. 

 

View »

SOC 2 Audits

SOC 2 AT 101 Type 1 and Type 2 assessments are provided by NDB Accountants & Consultants, LLP (NDB) at competitive, fixed-fee rates, and to businesses all throughout North America and beyond.  SOC 2 reports, for which you can receive either a SOC 2 Type 1 or Type 2, are part of the AICPA Service Organization Control (SOC) framework.  Additionally, SOC 2 reports are conducted in accordance with AT 101, a professional standard that provides general guidance on attest engagements performed by practitioners (i.e., certified public accountants). Many organizations that don't have a clear relationship or nexus to internal controls related to financial reporting (a concept known as ICFR), should consider undertaking a SOC 2 assessment, or possibly even a SOC 3 assessment.  SOC 2 reports were designed by the AICPA to include the ever-growing number of technology service organizations, such as Software as a Service (SaaS) entities, data centers, and many other related "cloud computing" environments.  Additionally, SOC 2 reports rely on the Trust Services Principles (TSP) as the essential framework of the assessment itself.  Specifically, the Trust Service Principles (TSP) consists of the following:

      • Security
      • Availability
      • Processing integrity
      • Confidentiality
      • Privacy

SOC 2 AT 101 Reporting

Initially, the SOC 2 reporting option did not generate much interest from service organizations and service auditors alike, but this is quickly changing as interested parties are finding real value in SOC 2 reports.  Much of this is based on the fact that a large and growing number of service organizations are identified as technology entities, thus the SOC 2 framework is more applicable to their business environment.  Some organizations are opting for both SOC 1 and SOC 2 reports in order to suffice for their customers' requirements for reporting on internal controls.

SOC 2 Resource Guide

Interested parties can learn much more about SOC 2 reporting from NDB's official SSAE 16 Resource Guide, a site dedicated to all facets of Service Organization Control (SOC) reporting options, which are SOC 1, SOC 2 and SOC 3.  Learn more about notable topics related to SOC 2 reporting, such as the following:

      • SOC 1 vs. SOC 2
      • SOC 2 Reporting Framework
      • SOC 2 Compliance
      • AT Section 101
      • SOC 3

NDB can provide your organization with a competitive, fixed-fee for your SOC 2 AT 101 Type1 or Type 2 assessment.  For more information about SOC 2 reports, please contact us today or call Christopher Nickell at 1-800-277-5415, ext. 706 or at This email address is being protected from spambots. You need JavaScript enabled to view it. to discuss your needs.

 

View »

S​OC 3 Audits

SOC 3 reports are based on the SysTrust | WebTrust assurance and advisory services, more commonly known as the Trust Services.  Within this established SysTrust | WebTrust framework, which was developed jointly by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA), there are the five (5) principles: (1). Security. (2) Availability. (3). Processing Integrity. (4). Confidentiality. (5). Privacy.

SOC 3 Reporting

SOC 3 reports are a very important component of reporting on controls at service organizations, with many technology entities now moving forward with SOC 3 compliance.  The five (5) Trust Services Principles (TSP) that are used for reporting on SOC 3 allow service organizations to demonstrate a high degree of confidence to stakeholders regarding the risks inherent to their environments, as well as the controls in place to address those risks.  SOC 3 reporting, because of its rather large scope (you can include all 5 TSP) and its applicability to many technology and cloud-computing businesses, will continue to evolve as a viable reporting option when SOC 1 (or even SOC 2) is not conducive.  Please contact NDB Accountants at 1-800-277-5415, ext. 706 to speak with Christopher G. Nickell, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. .

WebTrust

Please note that the actual WebTrust assurance platform is designed for businesses with e-commerce systems, as this allows a licensed practitioner to report on an organization's framework and supporting controls regarding online privacy (i.e., the "Privacy" TSP), consumer protection (i.e., the "Processing Integrity" TSP), and other essential principles within the TSP.  Thus, a WebTrust Certification (or seal) is provided to an organization who successfully adheres to the WebTrust assurance services, for which interested parties can view the seal, along with clicking the link embedded from the AICPA within the seal to view the supporting audit report.

SysTrust

SysTrust, on the other hand is more broad-based, and provides a platform suitable for reporting on a wide variety of I.T. systems within an organization.  Specifically, SysTrust assurance services are designed to cover the following subject areas:

1. SysTrust Security
2. SysTrust Processing Integrity
3. SysTrust Availability
4. SysTrust Confidentiality
5. SysTrust System Reliability: Combines the SysTrust Security, Processing Integrity and Availability engagements
6. Generic SysTrust Seal: Spans one or more combinations of any SysTrust engagements listed above

Additionally, there seems to be some confusion as to the "seals" that can be obtained for WebTrust and SysTrust, thus consider the following as helpful guidance on this matter:

Engagement Type

IT Systems

e-commerce Systems

Security

SysTrust

WebTrust

Privacy

-

WebTrust

Processing Integrity

SysTrust

WebTrust

Availability

SysTrust

WebTrust

Confidentiality

SysTrust

WebTrust

Certification Authorities

-

WebTrust

Consumer Protection

-

WebTrust

System Reliability

SysTrust

-

Other Engagement Combinations

SysTrust

WebTrust

You can learn more by visiting http://www.webtrust.org/find-a-seal/item64418.aspx.

SOC 3 Resource Guide

NDB has also developed the official SSAE 16 Resource Guide, a site dedicated to all facets of Service Organization Control (SOC) reporting – SOC 1, SOC 2, and SOC 3.  To learn more about our services, please contact us today. As such, the following notable topics regarding SOC 3 are discussed:

SOC 3 Reports and the Trust Services Principles (TSP)
SOC 1, SOC 2 and SOC 3 Overview
AT Section 101

 

 

View »

PCI Readiness

NDB provides PCI DSS Readiness Assessments and Gap Analysis consulting services for organizations seeking to become compliant with the Payment Card Industry Data Security Standards (PCI DSS) provisions.  Whether your organization is looking for assistance with the PCI DSS Self-Assessment Questionnaires (SAQ) or requires an actual Level 1 on-site assessment by a Qualified Security Assessor (PCI-QSA), NDB's highly skilled and competent consultants provide the following pre-assessment services:

• Discussing your overall PCI needs, timeframe for compliance, expectations, etc.
• Properly scoping the assessed cardholder data environment (CDE) as required by the PCI DSS provisions for all 12 requirements, sub-requirements, and the all-important Appendix A.
• Providing all necessary PCI DSS policy and procedure templates, along with active assistance in customizing and developing said documents.
• Recommending numerous open-source and cost-effective tools for PCI compliance, such as the following:

      • Web Application Firewalls.
      • Two-factor Authentication systems.
      • File Integrity Monitoring (FIM) solutions.
      • Anti-Virus Software.

PCI DSS Readiness Assessment & Gap Analysis Services - It's About Getting you Ready

It is critical that organizations undertake a PCI DSS Readiness Assessment | Gap Analysis engagement for ensuring the overall success of one's PCI certification process.  A poorly planned, under-funded, incorrectly scoped engagement will lead to numerous delays, operational constraints, and numerous other challenges.  Thus, look upon a PCI DSS Readiness Assessment as not merely an additional cost to the engagement, but a highly useful, proactive, and necessary process for achieving PCI compliance in an efficient, cost-effective, and timely manner.

Keep in mind that one of the most notable areas for remediation for PCI is that of policies and procedures - or the lack of them - for which merchants, service providers and all other intended parties must develop.  Lead PCI-QSA Charles Denyer of NDB has developed his own set of customized PCI policies and procedures, which are included with any type of PCI engagement that NDB undertakes.

NDB has also developed pciassessment.org, a comprehensive website dedicated to the Payment Card Industry Data Security Standards (PCI DSS) provisions.  You can learn more about NDB's PCI DSS services at the official PCI DSS Resource Guide.  Additionally, you can learn more about the top issues often requiring remediation for organizations undertaking PCI DSS compliance via a three (3) part series written exclusively by NDB's lead PCI-QSA, Charles J. Denyer.

Helpful White Papers

Additionally, Charles has written a comprehensive white paper titled "PCI Remediation Plan | A 12 Step Process That Works," which explains in detail the necessary steps organizations should undertake in not only remediating for PCI, but actually planning for the assessment process itself.  Contact Charles Denyer today at  This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more about NDB’s PCI DSS Readiness Assessments along with other PCI services provided, such as Level 1 Report on Compliance (ROC) assessments for merchants and service providers.  Charles and his staff at NDB have helped numerous organizations throughout North America in becoming PCI DSS compliant, and can assist your organization also.

 

View »

EI3PA

NDB provides Experian Independent Third Party Assessment (EI3PA) certification, audit, and compliance services for organizations involved in the processing, storage, or transmission of credit information obtained from Experian which is deemed sensitive).  Additionally, NDB offers a complimentary EI3PA Policy Packet for every client we work with.  Generally speaking, the EI3PA certification is very similar to that of PCI DSS compliance, but with some differences, such as the following: (1). EI3PA is geared towards the protection of Experian-provided data, whereas PCI focuses on cardholder data, and (2). EI3PA approval rests with Experian, unlike PCI DSS, where the major payments brand, the Payment Card Industry Security Standards Council (PCI SSC), and other interested parties that have a voice regarding PCI DSS compliance.

NDB - North America's Leading Provider of Fixed-Fee EI3PA Assessments

Much like PCI DSS compliance, EI3PA has defined levels, along with requirements for quarterly vulnerability scans.  In fact, you may have often heard that it is really identical to PCI DSS, just replace the requirements of "cardholder data" with that of "Experian-provided data," which is a fairly accurate statement.  As for the process of becoming EI3PA certified, it generally begins with a requirement from Experian themselves (Experian Information Security Department) notifying a reseller or some other intended party that EI3PA certification is being required.  And much like PCI DSS, a QSA can conduct the actual Level 1 assessment.  As for NDB's EI3PA certification, audit, and compliance services, it consists of the following:

• EI3PA Readiness Assessment and Gap Analysis
• Remediation (as necessary from the Gap Analysis findings)
• Scanning and Penetration Testing Services
• Onsite fieldwork along with additional remote-fieldwork activities
• Report preparation, closing meeting, followed by issuance of EI3PA Report on Compliance

EI3PA and PCI DSS Framework

Though Experian does not make available to the general public the specific guidelines for its Independent Third Party Assessment (EI3PA) certification, simply viewing the PCI DSS standards will give you a thorough understanding of EI3PA scope.  At a high level, the EI3PA scope would be very similar to the following twelve (12) Requirements within PCI:

Build and Maintain a Secure Network
• Requirement 1: Install and maintain a firewall configuration to protect cardholder data
• Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data
• Requirement 3: Protect stored cardholder data
• Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program
• Requirement 5: Use and regularly update anti-virus software
• Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures
• Requirement 7: Restrict access to cardholder data by business need-to-know
• Requirement 8: Assign a unique ID to each person with computer access
• Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks
• Requirement 10: Track and monitor all access to network resources and cardholder data
• Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy
• Requirement 12: Maintain a policy that addresses information security

Please visit the PCI Security Standards to learn more.  Additionally, please visit NDB's site dedicated specifically to the Payment Card Industry Data Security Standards, at pciassessment.org.  Additionally, because of the similarities with PCI DSS and EI3PA, organizations would highly benefit from reading PCI-QSA Charles Denyer's comprehensive white paper titled "PCI Remediation Plan | A 12 Step Process That Works," which explains in detail the necessary steps organizations should undertake in not only remediating for PCI, but actually planning for the assessment process itself.  The same ideology can simply be applied to EI3PA.  Furthermore, contact NDB's lead PCI-QSA, Charles Denyer, at 1-800-277-5415, ext. 705 or email him directly at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more about NDB's Experian Independent Third Party Assessment (EI3PA) certification, audit, and compliance services.

 

View »

HIPAA

NDB provides HIPAA and HITECH compliance auditors and consultants for HIPAA Privacy & Security Rule auditing and consulting services with a proven and experienced team of healthcare auditors who have years of experience working with HIPAA and the newly released HITECH requirements and Final Omnibus Rulings of January, 2013..  As for the Privacy Rule, it includes a number of provisions found within the Code of Federal Regulations | Title 45 | Public Welfare | Parts 1 to 199 effectively detailing the provisions for the Privacy of Individually Identifiable Health Information, which are the following sixteen (16) "sections" for 164.500 - 164.534 :

• 164.500: Applicability
• 164.501: Definitions
• 164.502: Uses and Disclosures of Protected Health Information: General Rules
• 164.504: Uses and Disclosures: Organizational Requirements
• 164.506: Uses and Disclosures to Carry out Treatment, Payment, or Health Care Operations
• 164.508: Uses and Disclosures for Which an Authorization is Required
• 164.510: Uses and Disclosures Requiring an Opportunity for the Individual to agree or to Object
• 164.512: Uses and Disclosures for Which an Authorization or Opportunity to Agree or Object is Not Required
• 164.514: Other Requirements Relating to Uses & Disclosures of Protected Health Information
• 164.520: Notice of Privacy Practices for Protected Health Information
• 164.522: Rights to Request Privacy Protection for Protected Health Information
• 164.524: Access of Individuals to Protected Health Information
• 164.526: Amendment of Protected Health Information
• 164.528: Accounting of Disclosure of Protected Health Information
• 164.530: Administrative Requirements
• 164.532: Transition Provisions
• 164.534: Compliance Dates for Initial Implementation of the Privacy Standards

As for the Security Standards for the Protection of Electronic Protected Health Information, the requirements and applicable sections can be found in the Code of Federal Regulations | Title 45 | Public Welfare | Parts 1 to 199 in Subpart C, sections 164.302 to 164.318.  Specifically, theses "sections" are the following:

• 164.302: Applicability
• 164.304: Definitions
• 164.306: Security Standards: General Rules
• 164.308: Administrative Safeguards
• 164.310: Physical Safeguards
• 164.312: Technical Safeguards
• 164.314: Organizational Requirements
• 164.316: Policies and Procedures and Documentation Requirements
• 164.318: Compliance Dates for Initial Implementation of Security Standards

One of the most challenging tasks of HIPAA and HITECH compliance is gaining a sound understanding and interpretation of the legislation itself, along with implementing policies and procedures for ensuring compliance.  Additionally, both a "covered entity" and a "business associate" often find themselves needing highly customized policy and procedure documentation for HIPAA and HITECH compliance, but lack the internal resources to develop this type of material.  Furthermore, assistance is often needed for actually implementing the required controls and supporting procedures for further ensuring HIPAA and HITECH compliance.  Add to the mix of the Final Omnibus Rulings of January, 2013, the need for top-quality HIPAA assistance becomes even greater.

NDB - Your HIPAA and HITECH Compliance Auditors and Consulting Experts -  Fixed Fee Pricing

NDB has spent years working with organizations in the healthcare industry and can provide you with the following services relating to HIPAA and HITECH:

• Readiness Assessments and Gap Analysis services: An important component of HIPAA and HITECH compliance is knowing what "compliance" actually means.  Specifically, what systems and supporting resources are to be included in the scope, what personnel are involved, along with identifying and understanding many other critical areas.

• Policy and Procedure development: Regardless if you are identified as a "covered entity" or a "business associate," HIPAA and HITECH compliance is highly dependent upon having documented policies and procedures in place specifically related to many of the Privacy & Security Rule requirements.

Additionally, NDB can also assist in procuring the necessary technology resources in further helping assist with one's HIPAA and HITECH compliance requirements.  NDB's experienced HIPAA and HITECH auditors and consultants for the HIPAA Privacy & Security can help your organization get compliant today.  Contact Charles Denyer at 1-800-277-5415, ext. 705 or email him directly at This email address is being protected from spambots. You need JavaScript enabled to view it. today to discuss your HIPAA and HITECH needs and speak with a well-trained, industry veteran healthcare auditor.

 

View »

GLBA

NDB provides GLBA compliance auditing and consulting services for ensuring your organization is compliant with The Gramm–Leach–Bliley Act (GLBA).  As for the Gramm–Leach–Bliley Act (GLBA), it contains three (3) important elements regarding the privacy of information, of which businesses, primarily "financial institutions," need to be aware:

• Financial Privacy Rule
• Safeguards Rule
• Pretexting Protection

The Financial Privacy Rule of The Gramm-Leach-Bliley Act actually requires "financial institutions" to provide each consumer with a privacy notice at the time the consumer relationship is established and annually thereafter, and it must also explain the information collected about the consumer, how the information is shared, used, and protected.  There must also be a right to opt out of the information being shared with other parties pursuant to the provisions of the Fair Credit Reporting Act.  Additionally, if the privacy policy changes at any point in time, the consumer is to be notified, ultimately allowing the consumer to opt out again.

Important provisions of The Gramm-Leach-Bliley Act (GLBA)

Simply stated, the financial privacy rule within The Gramm-Leach-Bliley Act effectively establishes a privacy agreement between the "financial institutions" and the consumer.  As for the actual definition of a "financial institution," they are businesses that are deemed to be "significantly engaged" in "financial activities" for which they offer financial products and/ or services to individuals, ranging from loans to financial and investment advice to many other related financial products and/or services.

The Federal Trade Commission (FTC) defines "financial activities" as the following:

Lending, exchanging, transferring, investing for others, or safeguarding money or securities; insuring, guaranteeing, or indemnifying against loss, harm, damage, illness, disability, or death; providing financial investment or economic advisory services; underwriting or dealing with securities, and engaging in any activity that the Federal Reserve Board has determined to be closely related to banking.

Source: http://www.ftc.gov/privacy/glbact/glboutline.pdf

• As for a "consumer," they are individuals who obtain or have obtained a financial product or service from a financial institution that is to be used primarily for personal, family, or household purposes, or even legal representation.

• And as for the definition of a "customer," this is an actual "customer" who has a "customer relationship" with a financial institution.  Please note that a "customer relationship" is a continuing relationship with a consumer.

GLBA Safeguards Rule - An "Information Security Plan" is a Must-Have

Regarding the Safeguards Rule, this effectively requires financial institutions to develop a written Information Security plan that describing in detail what policies, procedures, and processes are in place for protecting a clients' nonpublic personal information (also known as Personally Identifiable Information or "PII").  Thus, the plan is to include provisions for: (1). Assigning at least one employee to manage the safeguards.  (2). Undertaking a comprehensive risk analysis on each department's handling of clients' nonpublic personal information, or PII.  (3). Developing, monitoring, and testing a designated program to actually secure the information.  (4). Changing the policies, processes, and procedures as needed in conjunction with the changes in how information is collected, stored, and used.

In reality, this rule is doing nothing more than restating and reaffirming what business should be doing anyway: protecting ALL types of data, both internal, corporate information and related assets, and also nonpublic, PII client data.

GLBA Pretexting Protection

Finally, the Pretexting Protection requires that safeguards be in place for protecting against "pretexting" (i.e., social engineering) measures, which is any type of deliberate attempt to gain access to private information for which a person is not allowed to access.

The GLBA measures are far-reaching indeed, as it requires financial institutions and all other related entities to have in place adequate safeguards for regarding the Financial Privacy Rule, the Safeguards Rule and Pretexting Protection.

NDB - Your Gramm-Leach-Bliley (GLBA) Compliance Auditors and Consultants - Fixed-Fee Pricing

NDB has years of experience in working the Gramm-Leach-Bliley Act and provides the following services:

• Readiness Assessments and Gap Analysis services: An important component of GLBA compliance is knowing what "compliance" actually means; specifically, what systems and supporting resources are to be included in the scope, what personnel are involved, along with identifying and understanding many other critical areas.  NDB’s GLBA Readiness Assessments and Gap Analysis Findings will list and detail all relevant material regarding your organization's "preparedness" with the actual GLBA requirements, and what specific measures you'll need to undertake for actually meeting and maintaining GLBA compliance.

• Policy and Procedure development: If you have been identified as a "financial institution" or a related party for purpose of GLBA compliance, then you will need a trusted source to help develop a comprehensive set of policy and procedure documents and materials that actually comply with the GLBA requirement for a "written Information Security plan."

• Implementation of GLBA practices: While GLBA Readiness Assessments and Gap Analysis findings help unearth areas requiring remediation, you will still need a strategy for implementing many of the operational requirements for ensuring GLBA compliance.  NDB can assist in developing a highly structured roadmap for implementing all necessary procedures and related activities in accordance with GLBA.

Call Charles Denyer at NDB today at 1-800-277-5415, ext. 705, or email him directly at This email address is being protected from spambots. You need JavaScript enabled to view it.  to discuss your GLBA compliance needs with an experienced NDB auditor and consultant.  NDB's GLBA compliance auditing & consulting services for the Financial Privacy & Safeguards Rule and Pretexting Protection are well-known throughout the financial services industry.

 

View »

Unclaimed Property

When property is not in the hands of the rightful owner and it has not been abandoned, then it may be considered as Unclaimed Property.  The most common types of Unclaimed Property for which the relevant laws apply are the financial assets, not real or personal property.

These assets may typically include: funds related to lost paychecks, funds that remained in forgotten bank accounts, credit amounts from trade accounts, life insurance premium payouts, insurance premium refunds, securities from forgotten brokerage accounts, unclaimed or non-negotiated rebate checks, overpayments related to extinguished debts, etc. Generally, the determination to identify Unclaimed Property falls to the party in possession of the property and thus may be required to remit the property to the relevant state or other authority. In theory, the State becomes the custodian of the property subject to the claim of the rightful owner. If after a defined period of time the rightful owner does not claim the property, it may then escheat to the State.

Jurisidctions of Authority

There are the fifty states and various local and district authorities that create legislative authority regarding the treatment of Unclaimed Property.  Generally, Unclaimed Property laws in the United States provide for two reporting periods each year, whereby unclaimed bank accounts, stocks, insurance proceeds, utility deposits, un-cashed checks and other forms of "personal property" are reported first to the individual state's Unclaimed Property Office, then published in a local newspaper, and then finally the property is turned over to the State for safe keeping until its rightful owner makes a claim.

Finding Unclaimed Property
The states sponsor a free public site that reports only a portion of the unclaimed property available in the United States.  There are commercial sites as well that provide the same information or portions of the information for a fee.  Some consumer reporting sites conduct the research and assist consumers without charge or expense to the consumers.

Exposure Points for Businesses Regarding Unclaimed Property
The states are looking for various sources of revenue or funds that may be used to fill empty Treasuries.  Many states are expanding their Unclaimed Property laws to encompass more Unclaimed Property.  The exposure point for business is that the State Treasurer’s Office or Comptroller’s Office may request an appointment to come and conduct an audit of a Company’s assets in order to discover these assets.  These types of audits often are too liberal in their definition of Unclaimed Property and may require the escheatment of funds that normally may not need consideration.

NDB | Your Unclaimed Property Auditors and Audit Experts
We can facilitate your company’s self-assessment, discovery, documentation, and proper reporting of the results to the relevant authorities.  There needs to be a clear plan before these activities are undertaken; we can facilitate this through the development of a customized audit program and the proper scoping and matching of the relevant business activities to the presence and discovery of Unclaimed Property.  Also, given the proper circumstances, we can facilitate the notice to the rightful owners such that reporting to authorities may be avoided.

Uniformity Developments
National Conference of Commissioners on Uniform State Laws sought to address the problems arising from these types of property through provisions of the Uniform Unclaimed Property Act.  The Act was first drafted and promulgated in 1981, then revised in 1995.  The Act specifically focuses on the problem of unclaimed money in bank accounts and corporate coffers, and the escheatment thereof.

As a result of the Act, each state operates an Unclaimed Property fund in which the proceeds from abandoned bank accounts, unpresented checks, etc., are to be turned over to the state after a specified period of time.  Depending on state law, the money may be held either in perpetuity (i.e., the funds never escheat to the state; an example would be Texas), or after a long period of time (whereby it is presumed that the owner is deceased with no heirs), the funds will escheat to the state.  Due to the increasing mobility of the population, the vast majority of states have joined together to operate MissingMoney.com, a searchable database which lists unclaimed funds for several states.  Commercial websites, such as UnclaimedMoneyDB.com also exists to cover states not included.  A searchable database for unclaimed money and property is available in Canada from the Bank of Canada as well as LostCash.ca.

Contact Christopher Nickell, CPA, at 1-800-277-5415, ext. 706 or email him directly at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more about NDB's unclaimed property Audits and our services.

 

View »

MERS

MERS, which stands for Mortgage Electronic Registration Systems, was developed by a number of notable entities within the mortgage banking industry (Government Sponsored Enterprises [GSE], along with notable originators and loan servicers) for helping create a more transparent and efficient mortgage process by heavily relying on technology and many of today's emerging automated tasks.  Specifically, the actual MERS® system tracks critical mortgage loan information via a unique 18-digit Mortgage Identification Number, known as a MIN, that is essentially registered on the MERS system itself.

NDB, a nationally recognized boutique CPA firm, provides MERS consulting, compliance, and audit services.

MERS Registry and Notable Entities that Must Be Compliant
Additionally, MERS is a privately held entity that runs the registry responsible for tracking critical aspects of a mortgage, such as who owns and services them.  Additionally, MERS is actually owned by holding company MERSCORP, Inc.  Currently, the MERS system is the only true nationwide database that provides free information on the tracking and servicing of mortgages, along with other essential information.  And because the adoption of MERS has been and continues to be widespread - within the mortgage banking industry - the following entities must ensure that a number of policies, procedures and processes are in place with regards to the MERS guidelines:

• Mortgage originators
• Servicers
• Warehouse lenders
• Wholesale lenders
• Retail lenders
• Document custodians
• Settlement agents
• Title companies
• Insurers
• Investors
• County recorders

Thus, according to MERS, "...it acts as a mortgagee in the county land records for the lender and servicer.  Therefore, any loan, for where MERS is the mortgagee and registered on the MERS® System, is inoculated against future assignments because MERS remains the mortgagee no matter how many times servicing is traded."

Source: http://www.mersinc.org/.

If your organization is seeking consulting or auditing services relating to MERS compliance, then talk to the experts at NDB, a nationally recognized PCAOB CPA firm specializing in regulatory compliance, with specialty services for the real estate finance | mortgage industry.  Along with providing services such as Regulation AB, USAP, and others, NDB also specializes in MERS compliance.  Our MERS audits and auditor services have been built upon years of experience in one of the most regulated industries in the country.

It is also interesting to note that there's been a fair amount of criticism placed on MERS; however, much of that is attributed to misconceptions about the role and responsibilities of the MERS system that is responsible for tracking critical aspects of a mortgage.

To learn more about NDB's MERS consulting, compliance, audit, and auditor services, contact our mortgage industry specialist, Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706 or email him directly at This email address is being protected from spambots. You need JavaScript enabled to view it. .

Other notable features worth mentioning about MERS include the following:

• Developed using open, non-propriety standards and technology
• Incorporated into virtually every aspect of the mortgage industry’s loan origination, servicing, and loan delivery software.
• Most of the notable organizations within the residential mortgage finance industry is an active member of MERS - thus electronically connected to the MERS system itself.
• Since 1997, over 60 million home loans have been assigned a MIN and registered on the MERS registry.
• A large percentage of all newly originated mortgage loans, including those from notable GSE's, and other affiliated entities, have a MIN.

NDB.  Your MERS consulting, compliance, and audit specialists.  NDB also provides compliance services for USAP and Regulation AB, Item 1122.

 

View »

ACH

NDB provides ACH audit and auditor services for entities (i.e., Depository Financial Institutions - DFI, Third-Party Service Provider(s) - TPSP, and other relevant organizations) requiring compliance with Appendix Eight (8) "Rule Compliance Audit Requirements," as published by NACHA Operating Rules & Guidelines.  Specifically, entities must undergo an ACH audit on an annual basis in accordance with Appendix Eight (8), which ultimately means that "participating DFI's" must comply with all provisions of the rules as stated. Trust NDB for your competent, and capable ACH audits and auditor services.

As for NACHA's Appendix Eight Rule Compliance Audit Requirements, it consists of the following "Parts":

Part 8.1 - General Audit Requirements

Part 8.1 states that each participating DFI, Third-Party Service Provider (TPSP), and other relevant entities must conduct an actual ACH audit in accordance with the stated rules of Appendix Eight (8).  Furthermore, Part 8.1 denotes the following:

  • A specific audit methodology is not prescribed - rather, the identification key provisions that should be examined for compliance are noted.
  • An annual audit must be conducted no later than December 31.
  • The audit must be performed under the direction of the audit committee, audit manager, senior level officer, or independent external examiner, as stated within Appendix Eight (8).
  • Documentation validating completion of the audit must be retained for a period of six (6) years from the date of the audit.  Failure to do so is a serious rule violation.

Part 8.2 requires verification of the following:

  • Record of each entry is retained for six (6) years.
  • Records in electronic form accurately reflect the information on the record.
  • Participating DFI's conducted an audit of compliance in accordance with Appendix Eight (8).
  • Encryption or a secure protocol is used for banking information.
  • Participating DFI's have reported and paid all annual fees and a per entry fee to the National Association.
  • Participating DFI's have conducted an assessment of ACH risks and have implemented a risk assessment program.

Part 8.3 requires verification of the following:

  • Account numbers contained in a Pre-notification entry are valid.
  • Notifications of changes are transmitted within two (2) banking days.
  • All types of entries are received and accepted, where applicable.
  • The amount of each credit entry received from an ACH operator is made available no later than settlement date.
  • RDFI provides or makes available required information concerning credit and debit entries.
  • RDFI transmits return entries to its ACH operator as required.
  • Return entries are transmitted to RDFI's ACH operator by midnight, etc.
  • RDFI returns any credit entry that are refused.
  • RDFI honors stop payment orders.
  • Written statements are obtained from consumers as required.
  • RDFI provides proper notice as required.
  • RDFI, when requested by the non-consumer receiver, provides all necessary information as required.

Part 8.4 requires verification of the following:

  • ODFI has entered into origination agreements with all originators or third party senders.
  • ODFI has entered into agreements with all sending points that transmit entries as required.
  • ODFI has assessed the risks as required and has implemented an exposure limit.
  • ODFI accepts return entries and extended return entries in compliance with the applicable rules.
  • Information relating to NOC's and corrected NOG's is provided to parties as required.
  • ODFI provides to the RDFI, upon written request, relevant records as required.
  • Late return entries are accepted.
  • Provided originator with proper notice to ensure compliance with UCC Article 4A.
  • ODFI has utilized a commercially reasonable record for establishing identities.
  • Reversing entries and reversing files are initiated in accordance with the requirements.
  • ODFI has established and implemented procedures relating to identification.
  • ODFI has reported return rate information as required.
  • ODFI has complied with three (3) critical points regarding registration, approval, and reporting.
  • ODFI has kept applicable parties informed of their responsibilities under these rules.

ACH Audits and Consulting Expertise | That's the NDB Difference.
NDB.  Your competent and capable ACH audits and auditor services for Appendix Eight (8) "Rule Compliance Audit Requirements," as published by NACHA Operating Rules & Guidelines.  Contact Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706 or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. .

 

View »

Internal Audit

NDB provides expert outsourced internal audit services for today's growing, fast-paced, and dynamically changing businesses.  We know internal auditing inside and out, and can assist your organization with all of its outsourced internal audit needs.

Internal Auditing | A Growing Part of Regulatory Compliance
Outsourced internal audit firms and their respective services have grown tremendously in the past decade, especially since the passage of the 2002 Sarbanes-Oxley Act, which placed great emphasis on internal controls within an organization.  Fast-forward and businesses are now facing even more stringent requirements for internal audits, due in large part to continued growth in legislation, coupled with an increased emphasis on risk assessment, which now includes components related to Information Technology.  And let's not forget that “listed companies must maintain an internal audit function to provide management and the audit committee with ongoing assessments of the company’s risk management processes and system of internal control” - New York Stock Exchange listing standards (as approved by the Securities and Exchange Commission).

Additionally, auditing standards, such as the American Institute of Certified Public Accountants' (AICPA) SSAE 16 standard allows auditors to assess an organization's "internal audit function" for purposes of reliance and reporting on SSAE 16 Type 1 and Type 2 reports.

But, what really is internal auditing and how can outsourced internal audit firms and their respective services - such as NDB - help organizations?

First and foremost, internal auditing is an independent, objective process whereby a defined set of practices are used for improving an organization's effectiveness in many areas. Additionally, many times internal auditing is the process of measuring compliance with an organization's stated policies and procedures.  Moreover, comprehensive documentation and formalized reporting are vital elements within internal auditing.  Because the field of internal auditing is broad and varied, its practice can be undertaken on almost any entity, industry, or sector.

NDB | Outsourced Internal Audit Firm Experts | Auditors with Years of Experience
With that said, NDB has worked with numerous organizations in assisting with all of their internal audit needs.  In fact, many of our highly-skilled auditors were "deep in the trenches" many years ago when Sarbanes-Oxley was passed - a significant milestone for many involved with internal auditing.  Over the years, NDB has provided outsourced internal audit services for organizations in every conceivable industry and sector, and we've worked very closely with a number of notable organizations in developing highly specialized internal audit and compliance reporting mechanisms for purposes of regulatory compliance and best-of-breed practices.

NDB Outsourced Internal Auditor Services
When looking for outsourced internal audit firms, internal auditors and their respective services, consider NDB, as our expertise and "know-how" can provide businesses with the following services:

• Assistance in properly planning, scoping, and ultimately developing a comprehensive, yet scalable and efficient outsourced internal audit process.
• Highly skilled staff capable of conducting internal audit procedures in accordance with industry-leading benchmarks, frameworks, and standards, such as those put forth by the Institute of Internal Auditors, the American Institute of Certified Public Accountants (AICPA), and other notable organizations.
• Implementing risk-based internal auditing and other, as-needed measures for ensuring the overall outsourced internal audit function is competent, objective, and results-driven.
• Delivering formalized documentation from all relevant findings from the internal audit process itself, coupled with active communication with all appropriate parties as determined.
• Providing recommendations and suggestions for improving upon on organization's internal controls, along with all other supporting operational, technical, and financial processes and procedures.
• The ability to plan and perform highly specialized, outsourced internal audit services quickly and efficiently.

Additionally, our staff consists of Certified Public Accountants (CPA), along with members carrying numerous I.T. and auditing certifications and designations, such as CISA and CRISC, just to name a select few.  Contact Chris Nickell at 1-800-277-5415, ext. 706 or email him directly at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more about NDB's outsourced internal audit services.

 

View »

Real Estate Consulting

NDB's real estate, lease management & consulting services include the following:

• Potential Tenant Credit Analysis
• Property Performance Modeling (from acquisition to reversion)
• Portfolio Management
• Drafting Lease Provisions
• Lease Administration
• Lease Abstraction
• Continuing Lease and Invoice Payment Review
• Payment Functions
• Lease Audits

Potential Tenant Credit Analysis
Before letting a tenant take possession of the property for an extended lease term, due diligence should be performed on the likelihood that the contemplated tenant has credible business operations such that the terms of the lease can be complied with financially.  We consider balance sheet and income statement trends and ratios, along with other facts & circumstances to assist the landlord with making proper tenant acceptance judgments.

Property Performance Modeling
By using various modeling tools, along with the relevant data for the marketplace applicable to the location, property type, and professional judgment, we can assist in modeling various real estate performance criteria for portfolio projection on an after-tax basis.  The analysis can model various outcomes on a best-case to worst-case scenario, along with impacts on the client financial position and the greater portfolio performance.

Portfolio Management
Portfolio Management services can vary based on the needs of our clients from buy-sell decision assistance to the actual management of service providers, tenant management, asset management, and other general services.

Lease Administration
For landlords that are not present and need some supervision of the management company, the tenant, or the service providers, the Lease Administration services can involve oversight of tasks or function including other professionals, managing critical dates, rents, real estate taxes, property insurance, common area charges, tenant improvement allowance reconciliation and recovery.

Lease Abstraction
For keeping complex documents in a useable format, a lease abstract is summary of the key financial, business and legal information that exists in a commercial real estate lease. It brings any unusual lease provisions, financial obligations or other important issues to the reporting and consideration forefront for the lease administration.  Each abstract will vary in length and detail depending on the particular needs of the client.  An abstract is like an outline of the lease, providing a summary of selected lease information and directing the reader where to obtain further information.  More specifically, a lease abstract provides a lease summary, together with referenced section headings so that all critical lease information is readily accessible.  Lease abstracting becomes particularly important prior to an acquisition, merger or assignment and allows for effective decision-making.  Abstracts also permit a lease administrator, leasing agent or property manager to easily review all relevant lease information without taking the time to search and read through each page of the lease.  By aggregating the lease information, abstracts allow users to better manage a portfolio of leases.  Lease abstracting serves to organize your lease data, which is a crucial benefit when leases contain many amendments, when landlords or tenants hold sizeable lease assets, or when dealing with a variety of lease formats.  The lease information that should be abstracted depends on the individual needs of the client and is contingent on several factors, including the reasons for abstracting and the length and complexity of the lease documents.

Lease Auditing
A Lease Audit can uncover problems and help clients save money in:

• Operating Expenses
• Utilities Costs
• Real Estate Taxes
• Additional Services

The Corporate Real Estate Services Lease audit typically consists of a three-phase process:
1. Pre-Qualification Analysis: We conduct an analysis of all lease and occupancy charges to pre-qualify the client's specific situation.  We also will perform an expense trend analysis and market comparison during this phase to evaluate the potential for overcharge.
2. Detailed Audit: We will conduct an in-depth and thorough audit of landlord records to pinpoint errors that affect you.  This phase includes a review of the general ledger and other accounting records, paid invoices, service contract, calculations and adjustments used to arrive at the amounts billed.
3. Resolution: We will also handle the process of negotiating a settlement, which includes recovering overpayments and achieving a mutual agreement for future billing practices.

Contact Christopher Nickell, CPA, at 1-800-277-5415, ext. 706 or at This email address is being protected from spambots. You need JavaScript enabled to view it. , to learn more about NDB's Real Estate services.

 

View »

Tax Consulting

NDB offers comprehensive tax consulting services for helping businesses succeed in today’s complex and ever-changing global landscape.  From high net worth tax consulting and preparation, to international tax laws and regulations, trust the tax experts at NDB.  NDB’s tax services include the following:

  • Federal Income Tax
  • Property Tax
  • Sales and Use Tax
  • International Tax
  • And many other specialty areas

Call Christopher Nickell, CPA at 1-800-277-5415, ext. 706 to learn more.

View »

Regulation AB

Regulation AB is a comprehensive set of new rules and amendments that address the registration, disclosure and reporting requirements for asset-backed securities (ABS) under the Securities Act of 1933 and the Securities Exchange Act of 1934.  Because the ABS market is a relatively new and fast growing component of the U.S. capital markets, regulators and industry professionals alike sought to bring about transparency and clarity regarding registration, disclosure, and reporting requirements for asset backed securities.

Regulation AB Overview
Thus, the main focus of Regulation AB consists of twenty-four rules, commonly known as “items”, which are numbered items 1100 through 1123.  These twenty-four items comprehensively address the four primary regulatory areas affecting asset-backed securities: Securities Act Registration, disclosure, communications during the offering process, and ongoing reporting under the exchange act.  In rolling out Regulation AB, the SEC sought to update and create a higher degree of clarity regarding securities act registration requirements for asset-backed securities, along with expanding the various types of securities that may be offered.  Additionally, a consolidation of existing conditions regarding exchange act reporting and streamlining existing positions for written communication in a registered ABS offering was also sought.  Lastly, the remediation of no-action, disjointed servicing standards, such as the USAP, was to be augmented, and ultimately replaced, by a more comprehensive, stringent, and thorough servicing standard.

NDB | Your Regulation AB Auditor and Compliance Experts
NDB provides a wide range of services to help clients meet the demands of Regulation AB compliance.  Though in its infancy, Regulation AB will quickly require considerable time and resources from servicers for ensuring all aspects of Item 1122 and Item 1123 have been complied with.  Our goal is to provide an efficient, cost-effective approach for Regulation AB compliance.

Our services for Regulation AB are comprised of the following areas:

• Regulation AB Item 1122 Readiness Assessment
• Regulation AB Item 1122 Compliance with Applicable Servicing Criteria
• Regulation AB Item 1123 Servicer Statements
• Regulation AB Consulting and Support Services

NDB also provides compliance services for MERS and USAP.

For more information on our Regulation AB services, please visit our Regulation AB site at www.regulationab.com or contact Christopher Nickell, CPA, at 1-800-277-5415, ext. 706 or email him directly at This email address is being protected from spambots. You need JavaScript enabled to view it.

 

View »

USAP

The Uniform Single Attestation Program - known simply as USAP to many, originally began its life as The Uniform Single Audit Program for Mortgage Bankers; however, the program - and the publication itself - has been revised throughout the years.  Of note was the joint effort by the American Institute of Certified Public Accountants (AICPA) and the Mortgage Bankers of Association of America (MBA) to include professional standards provisions with USAP reporting.  As of today, many entities involved in the mortgage industry - particularly issuers and/or servicers of publicly registered securities - must comply with the USAP provisions, but also with those in accordance with Regulation AB, Item 1122. Because many of these organizations are still contractually obligated to perform USAP audits - even with the rise of Regulation AB Item 1122 - NDB has recognized this unique need, and provides fixed fee audit engagements for USAP.

Learn more about USAP by visiting the Mortgage Bankers Association of America, and learn more about Regulation AB by visiting the official REG AB Resource Guide, developed exclusively by NDB.

NDB, a nationally recognized PCAOB CPA firm, specializes in USAP and Regulation AB Item 112 reporting, as our highly talented team of professionals has years of experience in the real estate finance industry.  Not only does NDB specialize in USAP and Regulation AB reporting, but the firm also offers audit services for MERS compliance, appraisal management, property management, and other various areas.  Real estate finance is a large and complex industry - no question about it - which is why businesses need professional, competent, and capable personnel, such as those at NDB.

Interested in learning more about NDB's USAP audit services and Regulation AB Item 1122 reporting?  ontact Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, or email him directly at This email address is being protected from spambots. You need JavaScript enabled to view it. .

Note: According to the Mortgage Bankers Association of America, they "...have suspended all plans to update the current, 1995 version of the USAP until further notice,” which is largely based on the emergence of Regulation AB, Item 1122.

NDB.  Your USAP Audit and Regulation AB Item 1122 experts.

 

View »

Cyber Security

Today’s ever-growing cyber security threats are placing enormous challenges on businesses, ultimately requiring them to undertake ongoing regulatory compliance audits, along with implementing numerous protection measures.  We live in a world where information security has rapidly – and forever – changed our lives, yet with great benefits also comes great responsibilities.  Hackers and other malicious individuals are attacking systems each and every day, desperately trying to disrupt and destroy critical network infrastructures, and they often succeed.  What’s worse, many times they actually penetrate databases, web servers and other critical systems, stealing highly sensitive and confidential information from businesses.  It’s time to fight back and put in place measures for helping ensure the confidentiality, integrity, and availability (CIA) of your critical system resources.

Proven and Trusted Cyber Security Solutions from the Experts at NDB
NDB offers a wide variety of services for helping businesses around the globe protect their vital assets, from regulatory compliance audits to penetration tests, information security policy and procedure writing, security awareness training, and much more.  Contact Charles Denyer today at This email address is being protected from spambots. You need JavaScript enabled to view it. or call him directly at 1-800-277-5415, Ext. 705 to learn more about NDB’s cyber security initiatives for your business.

 

View »
From I.T.consultants to seasoned regulatory compliance auditors, our firm's wide expertise is diverse, cross-functional, and highly experienced in all our service lines.

From I.T.consultants to seasoned regulatory compliance auditors, our firm's wide expertise is diverse, cross-functional, and highly experienced in all our service lines.