Apr 18, 2018 11:00:00 AM
Jan 24, 2018 11:00:00 AM
January is strategically important for the European countries that faced this month’s PSD2 directive deadline. This requires banks to facilitate access via APIs to customer accounts, provide account information to third-party apps, and support payment initiation services upon a customer’s explicit consent. Here in the U.S., some believe open banking is coming, even without a similar mandate. (McKinsey defines open banking as a collaborative model in which banking data is shared between two or more unaffiliated parties to deliver enhanced capabilities to the marketplace.)
Jul 12, 2017 11:45:00 AM
Much like buying a house, your choice of an Enterprise Content Management System and conversion of legacy data is a huge decision that could lead to your dream home or a money pit. Let’s use a house hunting analogy to help illustrate the things you must consider when performing a data conversion into a new ECM solution.
Topics: Data Management
Jun 7, 2017 11:30:00 AM
Disaster Recovery (DR) is one of those topics that businesses, including financial institutions, don’t like to talk about with much of a recurring frequency, although recent events show that this topic should be discussed with much greater regularity. Here in my part of the country, there’s a series of TV commercials airing for a regional insurance company that provides auto, home, and life insurance. The 60-second commercials run through a flurry of activities in the character’s life, showing you just how much things can change over a couple of decades, and that hopefully, you have (or the character has) kept all insurance policies up-to-date to stay in sync with all of life’s happenings. And, it just so happens that this insurance company offers an annual review to make sure that their coverage is keeping up with your life.
For a lot of you, your DR program is viewed as insurance. In case something happens, there’s a program in place to bail you out when that bad thing happens. In today’s world, it’s really more of a question of when, not if, that bad thing will happen. (Ransomware, anyone?) But, is your insurance (DR program) potentially as outdated as an insurance policy that hasn’t been examined over the past decade?
May 31, 2017 11:55:00 AM
I’ve been getting a lot of questions recently about the meaning of Cyber Resiliency.
What is Cyber Resiliency?
Wikipedia’s definition: “Cyber Resilience refers to an entity's ability to continuously deliver the intended outcome despite adverse cyber events.” In other words, it’s a migration from the strategy of protection by prevention only – into a posture of proactive readiness to address a cyber security breach or hack on every level, when it occurs, in a manner that is much less reactive than previously deemed acceptable. It’s not if you experience a breach … it’s when.
Identifying the steps that are necessary to recover and resume your business operations once a breach occurs is absolutely critical for your FI. Having rehearsed those steps, answered the myriad of questions, and identified multitudes of “what ifs” is a huge part of what could equate to your successful recovery from such an incident. If you fail to plan, you plan to fail. This is never as true as in the incident of recovery from some kind of catastrophe – cyber or otherwise. As the rate of malware infections rise exponentially, and the rate of ransomware reaches an all-time high, we understand the duty you have to protect your customers’ information and to resume your operations as swiftly and efficiently as possible after the event.
May 3, 2017 11:30:00 AM
Over the next year, European Union Member States will be scrambling to implement the revised Payment Services Directive (PSD2) which goes into effect in January 2018. In a nutshell, PSD2 is an EU directive that will require all banks operating in Europe to expose customer account data for retrieval and provide payment services for use by authorized external entities. These Third Party Providers will be empowered to retrieve customer account information as well as initiate payments directly to bank systems if their customer provides them the authorization to do so. European banks are now on the hook to develop and provide programmatic interfaces (API’s) for outside organizations to tap into, whether the banks like it or not.
Mar 15, 2017 11:15:00 AM
With mergers and acquisitions, changing systems, or decommissioning systems, data conversions are inevitable. Without proper planning, you may expose your financial institution to missing data, data breaches, conversions dragging on for months and months, legacy hardware failure, recurring maintenance cost, increased staffing, and efficiency delays, among other risks.
With proper planning data conversions can go smoothly. The following tips can help you speed up the arrival of your data and insure the quality and accuracy of your conversion.
Topics: Data Management
Mar 8, 2017 11:30:00 AM
“It’s time for bed little mouse, little mouse. Darkness has fallen all over the house.”
As a credit union executive, does this children’s nursery rhyme apply to you? Answers may vary, but for most, the answer is likely to be no.
In today’s highly competitive financial services environment, delivering innovative, self-service solutions to your members is critical to long-term success. Turning out the lights and “sleeping” is difficult because delivering these solutions 24 x 7 x 365 is mandated as the norm. With increased regulatory scrutiny, the burden of increased compliance requirements, and more than a decade of low interest rates, your ability to successfully meet all the demands of the marketplace is as challenging as ever.
One prevalent industry trend that is offering relief to credit union executives is outsourcing. So why would you consider outsourcing your core?
Topics: Data Management
Feb 15, 2017 11:15:00 AM
Picture this: As you make preparations for your test, you decide what you want to test, you gather sample transaction and maintenance activities, and you grab a large capacity, secure USB device, and you start backing up all of data from your various platforms and applications that you’ll need for your test. You do this all at the same time, so that you know everything you need is nice and neat, well-coordinated, and all in one place.
While this all may sound great, and be eerily similar to what you’re doing – there’s a big problem here. Unfortunately each year, I see customers taking action that leads them to that first fatal step during their test that brings into question the likelihood of a successful recovery whenever they have an actual disaster.
Jan 4, 2017 11:15:00 AM
You may have noticed 2016 was quite the busy year for IT regulatory compliance. OK, that’s probably a bit of an understatement.
Last year saw the release of Appendix E on Mobile Financial Services, the new InTrex exam format, the updated Information Security Handbook, and the promise of more to come in 2017. With this plethora of information being directed at financial institutions (FIs), I wanted to take this opportunity to highlight one particular factor that is already coming under examiner scrutiny-incident response. I have written about incident response a couple of times in the past. In fact, in my previous blog I provided some best practice items for FIs to consider in their Incident Response Plans. But with increasing attention on this subject, I think it is necessary we re-visit a couple of established incident response standards and acknowledge a new best practice.