February Topic: Enterprise Risk Management

In this month’s webinar, we will present some of the background and history behind Enterprise Risk Management. Attendees will learn why ERM is important and how you can improve your institution by implementing some basics. We will also review the ERM Module in Scout and examine how you should use it and how it may evolve in the future.

To sign up for a session, click on the links below:

Wednesday, February @ 2:00-3:00pm (CST)

Thursday, January 19 @ 11:00am-12:00pm (CST)

If you want to catch up on a previous webinar session, you can watch them on our site now:

December 2011 Webinar: FFIEC Authentication Guidance

January 2012 Webinar: Mobile Banking

Catch up on our previously recorded webinars:

January 2012 Webinar: Mobile Banking Risks.

Supernal reviews the FDIC Winter 2011 Supervisory Insights article titled Mobile Banking: Rewards and Risks. Like the article, we’ll focus more on the risks and how mobile banking should be incorporated into your risk assessment. Even if you don’t supply your users with a downloadable mobile banking application, these risks still apply to your institution.

To view January 2012′s webinar “Mobile Banking Risks,” click on the video below.

Don’t worry – you can watch it now.

At Supernal, we realize people have busy schedules. Sometimes you can’t attend a live webinar session, or maybe you just want to freshen up on the latest risks and trends in risk management. That’s why we’re making our past webinars available to view in their entirety on our website.

To view December 2011′s webinar “FFIEC Authentication Guidance,” click on the video below.

The conference takes place in Salt Lake City, Utah, February 14 & 15.

In a time of tremendous change and challenge within the banking industry the 1st Annual UBA CEO/Senior Management Mid-Year conference provides an opportunity for bank leaders to come together and share insights, reinforce relationships, explore challenges, receive direction and formulate strategies. A dynamic program has been designed to meet the needs of bank executives on a wide range of topics. - UBA

For more information, visit www.uba.org.

January Topic: The Risks & Rewards of Mobile Banking

In this month’s webinar, we’ll review the FDIC Winter 2011 Supervisory Insights article titled Mobile Banking: Rewards and Risks. Like the article, we’ll focus more on the risks and how mobile banking should be incorporated into your risk assessment. Even if you don’t supply your users with a downloadable mobile banking application, these risks still apply to your institution.

To sign up for a session, click on the links below:

Wednesday, January 18 @ 2:00-2:30pm (CST)

Thursday, January 19 @ 11:00-11:30am (CST)

Anyone who works in finance is quick to catch his point.  They know that his personal information is worth far more than $100.  It’s worth more to a crook, and it’s worth more to Tom who’d have to spend at least 10 times that clearing up a case of identity theft.

But what we understand in a training session doesn’t always translate into daily action.  We get hired for enterprise risk management to walk through financial institutions doing risk assessments and social engineering tests.  We know we’re never going to see even a $20 bill lying out.  That’d be heresy in a bank.   But walk by an open cube, and we might find 20 home loan applications ripe for the plucking.

Here are a few daily reminders we’re good at protecting cash: 18-inch-thick steel reinforced concrete vaults, timed vault doors, elaborate alarm systems, cash counted and verified daily, teller drawers locked and stored in the vault overnight, robbery training.

Now ask, how are we reminded about information security?  Remember those loan files sitting out all day and night?

If your bank or credit union is held up at gunpoint and cash is stolen, you only have to tell your regulator and the FBI.  Sure, it’ll make the news, but anyone who hears about it feels bad for the staff and the bank.  The public assumes you did nothing wrong and that you were a victim. (The banks have locks, vaults and alarms after all…) 

However, if your information network is breached, you not only have to tell regulators and authorities, you may have to notify customers.  You’ll get a ton of press and your customers and the public won’t see you as a victim but rather as a business that didn’t do its job.  (Don’t they have a firewall and passwords?)

Now think about the impact on your customers.  When cash is stolen, your customers are fine.  They aren’t out anything.  But when their identity is stolen, they have to work hard to get it back and they never really know if they’re made whole.  (Am I finally through calling everyone and switching things?  Did I get everything? I’m so mad at that bank! )

Like cash security, information security is everyone’s responsibility.  And it’s a cultural shift that needs a champion in your organization.

The truth is, it’s harder to manage information than it is to manage money.  There’s no way to be 100 percent protected when it comes to enterprise risk management, but if you organize yourself, train, and use some better tools, you can limit your risks.  Make yourself better armed than you competitors and you won’t be the “low-hanging fruit.”

–
Pete Griffith is CEO of Supernal, makers of the Scout™ risk management dashboard.  Find him online at www.supernal.com and on Twitter @SeeScoutRun. 

Simplify risk management and regulatory compliance requirements with the most effective ERM dashboard.

Identify the real risks facing your bank or credit union and establish how to manage them more effectively.  With Scout software, every step of the risk management process – from accurately inventorying assets, risks and controls to building a comprehensive risk management plan – is tracked in one place, so risk, compliance and IT staff can work on assigned risk reduction tasks, be tracked for progress and prepare your institution for your examination.

With real-time reporting, and process tracking software, you can make better decisions and reduce time and costs.  Scout customers get automation and reporting for the following areas:

Request a software demo to see how Scout’s time saving dashboard format, artificial intelligence, reporting, task assignment capabilities and project management will reduce your risk, improve your decision making and save you money.

Register now for a webinar training session and learn how to use the new ACH Module from Scout.

Two webinars will be held Thursday at 2:00pm CST (11/17) and Friday at 10:00am CST (11/18).

To register for the Thursday webinar, visit this link: https://www2.gotomeeting.com/register/497987178

To register for the Friday webinar, visit this link: https://www2.gotomeeting.com/register/305093354

Join us on either of these dates above for an informative, 30 minute training session. Tom Ezdon of Supernal will show you how the new ACH module works, including tips and tricks based on experience in front of examiners dealing with regulations on:  ACH Network; ATM Network; Bankcard Network and Check Based assessments. Do not miss this opportunity to get a jump start on limiting risk and meeting this compliance standard.

The module works just like the other risk assessment modules so there is no need to learn a new risk assessment process. The product, risk and controls lists are already populated and associated.  All you need to do is customize the lists, scores and verify the associations fit your organization.

]]> http://www.supernal.com/blog/ach-training-webinar-1117-and-1118/feed/ 0 http://www.supernal.com/news/why-commercial-account-theft-is-your-problem/ http://www.supernal.com/news/why-commercial-account-theft-is-your-problem/#comments Thu, 20 Oct 2011 20:18:57 +0000 supernal http://www.supernal.com/?p=545
-- Read more]]> Two out of five businesses switch banks due to fraud.  That’s a sobering takeaway from Guardian Analytics 2011 Business Banking Trust study.

For the most part, financial institutions provide online protections to businesses that are similar to what they provide for consumers.  However, it may only be a layered security approach when it should be an enhanced layered security approach, according the FFIEC’s latest authentication guidance.

With their large account balances and frequent transactions, commercial accounts are an attractive target for criminals. If fact, of roughly 500 small and medium-size businesses recently surveyed by Guardian Analytics, 32 percent said they had experienced online fraud in the last 12 months.

Financial institutions pay a real price for lax security, and commercial customer retention is no longer a given.   Fraud victims aren’t automatically giving their institution a second chance.  Yes, it’s an onerous process to move a business banking relationship.  But customers can and will switch to a competitor if they lose trust in their institution’s ability to protect their accounts.  Additionally, with the premium now on top-notch business accounts, your competition is assuredly doing everything to make this switch easier.

I’m not going too far out on a limb when I say financial institutions don’t just handle money anymore.  They handle information.   And that paradigm switch has made it infinitely easier to commit financial crimes.  Your customers’ financial information has been entered into a network countless times.  Do you have any idea where it resides and who is using and protecting it?

It’s time to step up and pay attention.  While 41 percent of the Guardian survey respondents said they didn’t believe their financial institution would cover losses if their company’s assets were stolen, a full 70 percent thought it should.

That’s the notion driving one lobbying organization, the Cyber Looting Awareness and Security Project.  (You’ll find them online at the ominous YourMoneyIsNotSafeInTheBank.org.) The group is urging lawmakers to require institutions to provide commercial customers the same sort of fraud reimbursement it provides to consumers accounts.

Meanwhile, businesses are failing to educate their employees on the dangers of cyber theft.   In one study, 81 Fortune 5000 companies were sent simulated phishing attempts.  Of the 79 businesses that successfully received the email, 43 percent had a least one employee who clicked the link, theoretically opening the network to keyloggers and paving the way for cyber thieves.

In fact, according to the Guardian Analytics study, only 12 percent of businesses are educating employees about not downloading dubious programs and just 10 percent are educating employees about not opening email attachments of unknown origin.  And only 25 percent say they have plans to enforce the use of strong passwords.

What does this mean for the financial community?  It means you have to watch your back.  It’s time to get serious about commercial account protection—that means everything from increasing your own risk assessment activity to offering training for customer employees.

The alternative is loss of reputation, loss of goodwill, and loss of revenue…whether the breach initiated inside your systems or not.

(Get the printer-friendly .pdf version of this article here: Why Commercial Account Theft is Your Problem.)

–
Pete Griffith is CEO of Supernal, makers of the Scout™ risk management dashboard.  Find him online at www.supernal.com and on Twitter @SeeScoutRun. 

(Read the full .pdf article: Continuous Risk Management)

Let’s look at the one of the key regulatory requirements of a risk assessment: Manage and Control Risks.  The concept is that as institutions manage risk, they should be able to reduce information breaches and fraud losses while generally increasing information security.

Information security is every employee’s responsibility, not just the person or persons preparing the risk assessment.  The more that staff is involved in the information security process, the better they will be at protection valuable information.  Better information security leads to less fraud losses, and costs associated with information breaches; all of which makes for a better bottom line.

Scout takes your annual process, performed by a few and turns it into a corporate wide risk management tool.  It follows the old saying, “what gets measured, gets done.” Staff gets a convenient, easy to use and time saving tool to track their information security efforts, you get a dashboard that monitors and reports your risk status, enterprise wide.