JHA_HeaderImage_Blog_v2.png

Higher Rates = Happy Days?

Posted by Bill Kirsten

Feb 8, 2017 11:30:00 AM

"Happy days are here again
The skies above are clear again
So let’s sing a song of cheer again
Happy days are here again"

(From FDR’s theme song for the 1932 presidential campaign)

The Federal Reserve increased interest rates … finally! Market rates are rising too. And more are to come, so they say. Let the good times roll!

Read More

Topics: Payments, Risk Mitigation

The New Reality of Incident Response Plans

Posted by Jennifer Roland-Vlach

Jan 4, 2017 11:15:00 AM

You may have noticed 2016 was quite the busy year for IT regulatory compliance. OK, that’s probably a bit of an understatement.

Last year saw the release of Appendix E on Mobile Financial Services, the new InTrex exam format, the updated Information Security Handbook, and the promise of more to come in 2017. With this plethora of information being directed at financial institutions (FIs), I wanted to take this opportunity to highlight one particular factor that is already coming under examiner scrutiny-incident response. I have written about incident response a couple of times in the past. In fact, in my previous blog I provided some best practice items for FIs to consider in their Incident Response Plans. But with increasing attention on this subject, I think it is necessary we re-visit a couple of established incident response standards and acknowledge a new best practice.

Read More

Topics: Risk Mitigation, Data Management

Storing Data in a Mountain… So What?

Posted by Tammy Bangs

Nov 30, 2016 11:15:00 AM

It’s no secret that pirate folklore included countless tales of buried treasure. One famous pirate, Captain William Kidd, was even noted as having buried his loot off the coast of Long Island because to him, the safest place to store what was most important to him was under the ground.

Today, the same principle is being applied to many financial institutions around the world (in a more positive light this time around). Many banks and credit unions rely on their data so much that a crucial malfunction resulting in the loss of that data would be devastating to both the financial institution and their customers. In an effort to preserve their data, these FIs have opted to bury their information underground … literally!

Read More

Topics: Risk Mitigation, Data Management

How Can I Improve My Incident Response Plan?

Posted by Jennifer Roland-Vlach

Jul 6, 2016 10:05:00 AM

Incident Response Plans have been a critical component for financial institutions (FIs) for quite some time now.

The foundation was outlined as part of GLBA and guidance was later issued on the requirements for these response programs where customer information had been accessed. So this raises the question, if Incident Response Plans have been a necessity for so long, why do so many FIs continue to have ineffective plans in place? I can only speculate as to the reasons why; however, I do know that the expectations for Incident Response Plans are beginning to change. I have spoken with a number of institutions who have shared that their examiners are honing in on Incident Response Plans. With this increasing focus on plans, I want to share with you a few of the most critical pieces that I often see missing from Incident Response Plans.

Read More

Topics: Information Security, Risk Mitigation

"What Do We Do With IT?" - Why Execs and IT Must Be on the Same Page

Posted by Eric Flick

Feb 17, 2016 10:00:00 AM

I've been working with IT since high school. When I was a high school senior over 30 years ago, a small startup company named Apple was giving away computers to school corporations in an effort to interest people in learning more about their creation. I was hooked! I attended a small high school, but it still seemed odd to me even then that I was the only person really interested in this amazing piece of technology. The question kept coming up from teachers, school administrators and other students, "what do we do with it?".  

Read More

Topics: Financial Services Industry, Risk Mitigation

How to Perform an Acquisition without Losing Your Legacy

Posted by Darlene Stoltz

Sep 1, 2015 9:42:12 AM

As scholar once said: If you fail to take care of your legacy you’re left with nothing! So true, in so many ways. In the last 6 months mergers and acquisitions are once again on the rise in the financial arena. Thus, there is a direct correlation to this phrase and protecting what you have acquired is key. Legacy core banking systems and acquisition data involves multiple data warehouses and various transactional systems, which add up to a high total cost of ownership and require constant integration and interoperability updates.  Increased retention regulations and compliance involving the tracking of financial transactions on acquisition and customer data have augmented banks’ responsibility, forcing them to maintain the data and its accessibility and provide greater transparency to regulators.  Therefore, the ownership of this data and protecting this “legacy” archive becomes very important and should be considered early in your acquisition strategy. Here are several factors to consider:

Read More

Topics: Information Technology, Risk Mitigation

Compliance, the Missing Piece to a Managed IT Service Puzzle

Posted by Jennifer Roland-Vlach

Sep 1, 2015 9:26:00 AM

As IT environments are becoming increasingly complex, more community financial institutions are looking to outsource monitoring and management of some of their entire IT infrastructure. As anyone who has ever been part of a new product or service implementation knows, there are times when certain items seem to fall off the radar. Of course, this does not always happen intentionally. Given the complexity of implementing new products and services, especially a managed IT service, it is likely that steps to address risk/compliance will either be overlooked or postponed to be dealt with at a more convenient time.

Read More

Topics: Information Technology, Risk Mitigation

Get a Head Start with Education on Pending Social Media Guidance

Posted by Karen Crumbley

Aug 28, 2015 4:26:54 PM


 “Hey, look here…” as Uncle Si from the Duck Dynasty TV show would say, “I live by my own rules (reviewed, revised and approved by my wife)…but still my own.” 

Si’s quote reminds me of Social Media: Consumer Compliance Risk Management Guidance: Proposed Interagency Guidance, an OCC bulletin released in January of 2013 that outlines proposed guidelines for Financial Institutions (FIs) communicating via social media channels.  Similar to Si’s comment, FI personnel will soon be required to follow social media communication standards that are reviewed, revised and approved by FI management. The OCC bulletin [Docket No. FFIEC-2013-0001] provides straightforward insight for managing risks related to social media.  However, even with the detail provided there is still much to learn about this guidance.  For example:

Read More

Topics: Risk Mitigation, Cybersecurity

So you've launched a Mobile Banking App, are you ready for a Behavior Change?

Posted by Jackie Marshall

Aug 28, 2015 4:24:39 PM


In last February’s blog – Best Practices for Building an Enterprise Wide Electronic Channel Strategy, I wrote that financial institutions should consider a paradigm shift in strategy that includes a focus on e-banking services, service components, and delivery channels.

This strategy is also important as the process will help determine how all banking delivery channels may change after deploying mobile banking. What’s key in this risk based approach is development of an effective delivery channel mix for future online and face-to-face banking interactions. Prolific use of mobile devices doesn’t necessarily spell the demise of traditional banking channels, but instead, powers customer’s demand for more information and interaction through multiple touch-points, some of which must be available anytime, and anywhere.

Read More

Topics: Risk Mitigation, Mobile Banking

Business is About People (and Their Data)

Posted by Eric Flick

Aug 19, 2015 4:08:47 PM

While it may sound cliché, our customers and employees are people.  Without them, our business doesn’t exist.  And, in this always on world, we live in, its mind boggling the amount of data that any one individual can generate.  Do an internet search of your name, your phone number, and your home address.  You may be astounded at what comes up.  There is data about you everywhere.  If you work for a financial institution (FI), your customers and members expect the data that you have related to them to be safe, secure, and available.  Surprisingly, of those three, secure may be the most straightforward, but that’s a different conversation.  We work with dozens of prospects and customers each and every week as they look at the gigabytes and terabytes of data they have across a myriad of platforms.  Beyond secure, how do they keep that data safe and available should they experience a business disruption to their data center? 

Read More

Topics: Information Security, Risk Mitigation

Subscribe to Email Updates

Untitled Document Untitled Document