5SHARESShareShareSharePrintMailGooglePinterestDiggRedditStumbleuponDeliciousBufferTumblr NCUA Report highlights the “Top 10” areas examiners reviewTo help you better prepare, the August edition of The NCUA Report highlights the “Top 10” areas examiners look at during an IT security exam:1. Information security policies: Do you have a board approved policy that meets the requirements of NCUA Rules and Regulations Part 748?2. IT audit: Have you developed an audit plan addressing IT-related areas appropriate to the size and complexity of the credit union, including ongoing assessments of internal and external vulnerabilities?3. Virus and malware: Is your network—and all critical components—running updated virus and malware protection soft ware?4. Risk assessments: Have you recently performed and documented an information security risk assessment to identify and assess potential threats and their probability, potential effects, controls, and risk remediation plans?5. Passwords: Do you enforce a strong password policy that meets or exceeds industry standards? continue reading »
Month: December 2020 Page 1 of 4
by: Nate WentzlaffThe amount of activities occurring at a credit union every day can be intimidating when building data-driven solutions. With complex business processes and tasks requiring manual intervention, credit unions are hesitant in utilizing analytics software to improve decision-making. In order to effectively leverage analytics insights, they must implement alerts tools. Alerts are a common feature in consumer technology. Notifications on social media websites, texting, emails and online news are just a few of the examples of alerts that are controlling our everyday actions. Utilizing analytics-enabled alerts in the business setting, executive management will be able to build an alerts strategy to delegate tasks throughout the credit union.Step 1) Business StrategyIt all begins with the business strategy. In order for an alerts solution to be effective, credit unions must have an analytics (data-driven) business strategy. The executive team must develop and solidify a clear analytics strategy and communicate it to the entire organization. Establishing certain KPIs (Key Performance Indicators) and establishing specific goals for each one will be the foundation for an effective alerts strategy.Step 2) Tactical Alerts PlanningOnce the executive team has established a high-level strategy and delegated responsibilities to middle management, managers must define specific metrics for their respective teams. It is also the managers’ responsibility to assign custom alerts to each employee according to their role. continue reading » ShareShareSharePrintMailGooglePinterestDiggRedditStumbleuponDeliciousBufferTumblr
41SHARESShareShareSharePrintMailGooglePinterestDiggRedditStumbleuponDeliciousBufferTumblr Applying for a mortgage is easier when you learn how to talk to lenders.by: Geoff WilliamsIn about a month or so, it won’t just be spring. It’ll be home selling and buying season, and you’ll start seeing the “For Sale” signs posted in yards as well as online advertisements beckoning prospective homebuyers.But before you allow yourself to be beckoned, it would behoove you to familiarize yourself with the following 10 terms – especially if this is your first time making one of the biggest purchases of your life.1. Fixed-rate mortgage. This means the interest rate you pay on your home loan won’t change. Over the years, your mortgage payment will likely change some – property taxes will likely rise, your homeowners insurance might climb or fall, or you might shed your PMI (a term we’ll come back to). But generally, if you have a fixed-rate mortgage, your monthly mortgage payment won’t change much over the years.2. Adjustable-rate mortgage. Also known as an ARM, this is essentially the opposite of a fixed-rate mortgage. You’ll have a fixed rate for several years, maybe five or 10, and then the interest rate adjusts according to the fully indexed interest rate, often the prime rate, which is what banks charge their most creditworthy customers. So while your interest rate and payments will likely be lower in the beginning than those of the homeowner with the fixed-rate mortgage, hope that interest rates remain low throughout the life of your loan. As interest rates climb, so too will your own interest rate and monthly payments. continue reading »
3SHARESShareShareSharePrintMailGooglePinterestDiggRedditStumbleuponDeliciousBufferTumblr by: Shazia ManusThese days, credit unions face a number of competitors in payments and lending – from both in and outside the financial industry. There are a number of contenders to which community financial institutions (FIs) should pay particular attention in 2015:Lending Club — Lending Club uses the Internet to match investors with individual borrowers, most of whom are looking to refinance their credit card debt or other personal loans. Lending Club has facilitated more than $6 billion in loans and is the largest company performing this sort of service. Remaining competitive as a lender is more critical than ever for community FIs. Consider innovative ways to encourage consumers to seek loans in-house, and use your data to determine whether or not you can confidently assume a higher level of risk with greater credit lines. Community FIs are traditionally very conservative underwriters; are there opportunities to serve more consumers with less stringent policies? continue reading »
20SHARESShareShareSharePrintMailGooglePinterestDiggRedditStumbleuponDeliciousBufferTumblr,Charles Fagan Charles E. “Chuck” Fagan, III is President and CEO of PSCU, a credit union service organization that leverages the cooperative model to better serve credit unions and their members through … Web: www.pscu.com Details One of my colleagues in the northeast purchases his snow blowers from a dealership. I asked him if he could get that piece of equipment cheaper from one of the super retailer stores. He said probably, but explained that the buying process and his service experience after the sale were more important to him than cost. When he buys from a dealership, a service technician delivers the machine and shows him how to operate it safely. When it requires maintenance, the dealer picks it up, makes the repairs and returns it. He said the dealer even sends him reminders when it’s due for service and provides free pickup and delivery. The super retailer won’t do that, he said. He mentioned the dealer even delivered a replacement machine – at no charge – on a Saturday, so he could finish clearing the snow after his blower was picked up for repair. The great service and attention he gets keeps him coming back.My friend understands and embraces the dealer’s value proposition:Benefits – Costs = ValueIt’s a simple formula and one that credit unions should certainly consider when choosing – or rather, investing in – the right payments partner to help them grow their business and serve their credit union and its members.There are many elements that define a future partner’s value proposition. That’s why the number of due diligence questions in today’s RFPs for payments processing range into the thousands. Ultimately, your credit union will base its decision on whether the benefits outweigh the costs associated with a prospective partner and lead to either a “go” or “no go” decision.Here are four tips to consider when assessing the value you should expect from a future payments partner:ServiceConsider the people and systems you would be working with on a day-to-day basis. If you want your new partnership to endure, make sure the organization places its top priority on the health and welfare of your credit union and its members. Assess through independent validation their responsiveness to all requests and concerns, and their performance on efficiently managing any issues that may arise. Find out their model for interacting with your credit union staff and their escalation process for resolving the tough issues, even the ones involving their partners. And, with service and technology becoming increasingly intertwined, find out how they are configured to resolve system outages that can disrupt service to your credit union and members.Risk ManagementLook at their risk management and fraud prevention programs and their track record in minimizing fraud losses. In this industry, it is essential to offer high-quality, responsive and intelligent fraud detection and prevention platforms that combine technology, a rich transaction history database, and industry best practices to mitigate risk. For example, PSCU offers 24/7 monitoring services for fraud transactions, as well as EMV technology, tokenization and any other credible risk management tools that may rise to relevance in the future.AnalyticsHow deeply and profoundly credit unions know their members’ financial picture and transactional behaviors can greatly enhance their ability to more successfully meet their needs. The application of analytics to an abundance of member data gathered from multiple sources gives credit unions the insights required to delight members. Check your prospective partner’s position and roadmap with regard to analytics because these applications can be the drivers of your most effective marketing and growth campaigns. Ask to see case studies with proof points and metrics of how their analytics solutions helped other credit unions execute their growth and service plans.Collaborative ConsultingIf your credit union could benefit from specific expertise in areas where resources and knowledge may be thin, you should make this a priority during your due diligence. A deep and experienced team of consultants well versed in all key areas of a credit union’s business – from portfolio analysis and management, to marketing and member service operations – can work wonders in taking your credit union to a higher level of business performance. As an example, PSCU’s consultant practice, Advisors Plus, recently partnered with Langley Federal Credit Union to acquire new card accounts, activate existing ones and increase card usage. Overall, Langley exceeded its $100 million balance goal for 2014, achieving 30 percent balance growth and 20 percent growth in its number of credit card accounts.My friend up north clearly sees the value in the friction-free experience of doing business with his snow blower dealer. When price alone becomes the most important criterion on which partnering decisions are made, we are effectively assigning a “friction” cost of zero dollars. Think of the last time you switched cell phone service providers. Did you have to re-enter all your speed dials or email contacts? Did your passwords carry over? Did you have to learn a new set of controls and functions? These are friction points. And the stakes rise when your decision impacts others, such as your members. The more risk, the more weight you need to assign to the friction factor.Although narrowing down a potential partner can be time consuming, the end result of gaining a long-term mutually beneficial relationship will be extremely valuable for your credit union and your members.
In my last blog post, Exponential Technology to Reshape Financial Industry, I took a closer look at artificial intelligence and quantum computing, a couple of the exponential technologies I discussed during my 2015 TMG Executive Summit opening remarks.Like artificial intelligence and quantum computing, virtual and augmented reality have great potential to drive innovation within the financial sector. With virtual reality, specifically, we are seeing the technology move from the gaming universe into other industries. Designed to give people deep, visceral, real-life experiences, virtual reality will soon be used to trigger certain behaviors.It’s a fascinating concept, and one my family and I got to experience at the Iowa State Fair just a few weeks ago. My alma mater, Iowa State University, had an Oculus Rift headset at the fair and allowed visitors to try it on. What an experience for both the wearer and the watcher! When you saw from the outside what people were experiencing inside the headset, you got a very clear picture of the immersive qualities of virtual reality. Many people had to be physically held in place as they experienced the thrill of riding a roller coaster in virtual reality – while in true reality, they were simply standing in a tradeshow display booth. continue reading » 20SHARESShareShareSharePrintMailGooglePinterestDiggRedditStumbleuponDeliciousBufferTumblr
We work with some of the world’s biggest financial institutions, and we also work with some of the smallest. Regardless of size, these organizations have a big impact on the lives of their customers and members. They’re there for some of the biggest moments—starting a business, buying their first house or just putting aside money for a rainy day. In light of International Credit Union Day, we want to celebrate credit unions around the globe as well as our new relationship with the World Council of Credit Unions.World Council serves as an advocate and enabler for credit unions throughout the world. Credit unions play a critical role in growing access to financial services such as savings accounts, checking accounts and loans in both emerging and established markets. Moving forward, we will be working closely with World Council to bring our thought leadership and expertise to members through events in Latin America, Africa and Asia-Pacific, and to help cultivate innovative payment solutions throughout the global credit union community.Through payments trainings and other resources for credit unions worldwide, World Council aims to foster new ways to bring financial access to the world’s 2 billion unbanked population, especially women, young adults and the rural poor. This aligns with our goal to reach 500 million people, including millions of merchants, previously excluded from financial services by 2020. With MasterCard’s sponsorship, these organizations together will help credit unions in developing countries connect and network around key technologies to expand financial inclusion. continue reading » 25SHARESShareShareSharePrintMailGooglePinterestDiggRedditStumbleuponDeliciousBufferTumblr
The availability of critical systems and the confidentiality and integrity of member data are paramount to the survival of credit unions today. According to a Forrester Research, Inc. report “Maximize Business Performance with a World-Class GRC Program” published May 16, 2014, “Unexpected events are at best distracting and at worst catastrophic for organizations. A critical element of any good GRC program is the ability to identify and understand risks that may damage the organization, then take proper precautions to prevent them from happening and to reduce the impact of the consequences should precautions fail.” To avoid damaging events, build member trust, and meet compliance requirements, it is important for credit unions to ensure they have the right processes and controls in place.The following provides an overview of the most common unimplemented controls identified during a review of the 2014 IT risk-based audits performed by TraceSecurity information security analysts. These results are not only considered industry best practices but are also seen in guidance outlined by the FFIEC, specifically the FFIEC Information Security IT Examination Handbook and Business Continuity Planning IT Examination Handbook.Establish and maintain a system hardening standard and system hardening proceduresSystem hardening is the systematic process of securing devices before placing them in production. With a well-defined hardening process, your credit union can lower the risk of attack due to default accounts, unpatched systems and flawed malware protection, among other things.Install a generator sized to support the facilityIdeally, a generator will provide power to the entire office. Alternatively, power should be available to the data center, including all critical servers, switches, routers, firewalls, security systems, video surveillance and proximity readers.Test the system continuity plan regularlyContinuity plan testing is performed to ensure the process will work and your credit union can continue to operate after a business interruption. Your credit union should consider the availability of critical staff, the equipment needed to resume operations, the methods needed to restore data, and the time it takes to restore services. The test should be performed annually. Both the business continuity and disaster recovery plan should be updated to reflect lessons learned from the testing event.Establish and maintain a documented list of protocols, ports, applications and services for essential operationsFirewalls are composed of many access lists that allow traffic to flow in and out of the network. The required list should simply document the ports and services allowed to communicate through the firewall, which devices are allowed to communicate, and the business reason for the ports in use. If vendors have Virtual Private Network (VPN) access, the list should indicate the systems they are approved to communicate with and the allowed IP addresses of the vendor.Use strong data encryption to transmit restricted data or restricted information over public networksMost credit unions assume that transmitting data over a public telephone line is safe. Encryption of all data leaving the physical safety of your office is the best defense against exposure due to misconfiguration or unscrupulous individuals.Scan for rogue and other network devices and deny access until approval has been receivedA rogue device is any piece of equipment connected to your network that has not been authorized by your credit union. A rogue device can be a wireless access point, an employee’s personal laptop or a data switch. There are many risks associated with rogue devices. Rogue protection should block access to your network until the device has been checked by IT staff and specifically allowed to connect.Communicate security awareness and the internal control framework to all constituentsA common organizational process is to communicate security awareness issues to new employees as part of their orientation, but often times credit unions fail to repeat this process after the initial hiring period. The protection of information assets is the responsibility of everyone in your credit union and requires continuing education. On-going training efforts should address new threats, as well as include reminders of common threats. A formal security awareness program should, at a minimum, include annual training.Establish and maintain a configuration management policyA policy dictating the configurations of systems offers protection by indicating the types of systems to be purchased, what can and cannot be installed on systems, and how the security of the system should be configured. In addition, the policy protects your IT department by providing standardization and defining recourse if unauthorized software is installed or services are disabled.Establish and maintain a process to control patch managementPatch management is simply the installation of software updates to mitigate known vulnerabilities in operating systems and software. To ensure all computers remain up-to-date and are not left vulnerable, your credit union’s patch management process should be monitored on an on-going basis, especially if individual workstations are allowed to download updates. Networking equipment should also be updated periodically as new operating system versions are released by the manufacturer.Perform penetration testing and vulnerability scanning on a regular basisPenetration testing and vulnerability scanning involve a three part security testing process: internal penetration testing, external penetration testing and automated vulnerability scans. In the audit context, all three portions should be implemented.Establish access rights based on least privilegeAccess to data should be limited based on job function. However, many credit unions establish users as local administrators on their workstations. As a result, users have access to all data. This is a critical issue. Access is to be granted in a granular fashion and is most easily managed by group memberships.There is nothing more potentially damaging to a credit union than an ineffective business continuity plan or security breach. Failing to implement controls that help safeguard assets can disable operations, result in regulatory violations and destroy a credit union’s brand. However, many credit unions continue to fall short when it comes to effectively managing their risk exposure.Reviewing controls currently in place and identifying potential areas of vulnerability will enable your credit union to manage risk proactively and reduce exposure. While there is no such thing as absolute protection, proper review and implementation of security controls, including those highlighted above in addition to others, will ensure your credit union’s ability to protect itself against significant risks.For more information and an in-depth review of the most common unimplemented risk controls, see TraceSecurity’s white paper “2014 IT Risk-based Audit Findings.” 89SHARESShareShareSharePrintMailGooglePinterestDiggRedditStumbleuponDeliciousBufferTumblr,Herbert McMorris Herbert plays an essential role in providing security services for the TraceSecurity customers, such as FFIEC Information Security Audits. His experience and knowledge is also leveraged for performing both remote … Web: https://www.tracesecurity.com Details
46SHARESShareShareSharePrintMailGooglePinterestDiggRedditStumbleuponDeliciousBufferTumblr,Carletta Clyatt Carletta Clyatt, a popular seminar speaker, is the SVP at The Omnia Group. She offers clients advice on how to manage more effectively and gain insight into employee strengths, weaknesses … Web: www.omniagroup.com Details One of the biggest complaints from credit union members is poor service or a bad branch experience. And often the go-to strategy for this is to develop member centric initiatives to show the member how much they mean to us. From more mobile banking options to a bigger assortment of lollipops in the waiting area, all these tools focus directly on the member. But, a more subtle yet powerful tool is to engage and retain top employees within your branch. Member loyalty and retention can be linked to employee loyalty and retention. Yet, one of the toughest challenges for branch managers lies in knowing how to successfully direct a staff of disengaged, weary employees.Here are 5 ways to drive change and steer your branch toward both employee engagement and member service success:Lead by exampleA great way to renew spirit and boost morale is to manage your staff the same way you ask them to manage their members: offer insight, uncover problems, and connect emotionally. Assume the role of a wise and caring consultant. Understand each worker’s unique decision-making process and grow your relationships.Who on your team responds best to brief, succinct input? Does anyone need extra guidance and support? Given everyone’s current level of stress, should you dare to set ambitious goals or keep them within easy reach? Some of your employees appreciate clear direction and specific instructions, while others feel motivated by autonomy and the opportunity to make decisions within their job parameters.Read your employees as individuals and manage to their preferences. A one-size-fits-all approach doesn’t work with members or employees.2. Get to know your people This can and should be accomplished without being too close. It’s nice when you can ask how someone’s child is doing or how those vacation plans are coming along; it demonstrates that you acknowledge and care about their life outside of work. However, avoid becoming too close with individuals on your staff. Being best buddies with one or more people on your team can create problems, such as feelings of resentment among the other associates on your team.Make individual assessments of everyday strengths, weaknesses, habits, preferences and responses. Enhance your own people skills by learning to identify the correct triggers for a maximum performance from each employee. Speak a common language. Some workers understand enthusiasm and personal anecdotes while others relate best to technical jargon and to-the-point facts. Know who’s who.Employees who say they relate to their managers exhibit a more intense sense of company loyalty and dedication, which shines through as they interact with members or perform tasks for members behind the scenes.3. Develop your teamNo one likes being in a rut; create a stimulating environment that stretches people’s minds and creativity. Try organizing some brainstorming sessions for improving branch procedures and operations. Pair seasoned employees with new ones for mentoring. Teach new skills. Groom promising employees for positions of authority – even if you know you can’t promote them right away. This intangible benefit may cost little or nothing. It helps junior employees feeling invested in the company and prepares you well for the future, when you’ll need competent leadership for a new wave of employees.4. Adopt new communication strategies Empathizing with both members and employees is essential, as everyone tries mastering the fine art of struggling through economic uncertainty and doing more with less. When change comes down the line, be as reassuring as you can. People who feel they’re being lied to or kept in the dark may look for another job, or another credit union.Plan frequent all-employee meetings to voice opinions, air concerns, resolve dilemmas and offer camaraderie. Managers adept at conveying a “we’re all in this together” mindset will more readily build and maintain a solid, resilient, growth-oriented team.5. Express your appreciationGenuine appreciation is a benefit that money can’t buy: A sincere thank you; public recognition (for your social employees); a personal handwritten note (for those who are more reserved); being available to listen and allowing employees to vent a little; pitching in yourself when the branch is very busy or short-staffed; remembering special days (birthdays, company anniversary, etc.); and the occasional free lunch.
Despite the rise of electronic payments, people still seem to need cash—even at the ends of the earth. And we mean that quite literally.In anticipation of next year’s 50th anniversary of the fist automated teller machine, the ATM Industry Association has published its “Extreme ATMs Dossier”, featuring 15 extreme ATM deployments around the world, from Antarctica to the middle of an Australian desert, as well as 10 “fun” ATMs.“At the end of last year, ATMIA ran a global competition to find the world’s most extreme and most interesting ATMs,” explains Mike Lee, ATMIA CEO. “We’re getting into a mode of celebrating the role and global expanse of the world’s 3 million ATMs.” continue reading » 3SHARESShareShareSharePrintMailGooglePinterestDiggRedditStumbleuponDeliciousBufferTumblr