Cyber-security is more than a cool "buzzword." It is a critical component of safeguarding and protecting your information and that of your customers. Almost every day, we hear of a new high proﬁle security breach that compromises conﬁdential company and customer information. Not only are there ﬁnancial implications to these breaches, but a hard-earned reputation can be destroyed in literally the time it takes for a few intrusive "keystrokes."
Our Network Vulnerability Assessments are comprehensive in nature and include full evaluations of both internal and external network components. We also provide a complete spectrum of Social Engineering test protocols which test the human interface to systems. This human interface is widely accepted as the most insecure form of security between sensitive information and unauthorized persons. We provide clear concise reports that tell Your Executive Team what they need to know—how many vulnerabilities you have, and how severe they are—and they won’t need a translator to read the report. We also provide the details so your administrative team can get straight to work addressing the issues.
INTEREST RATE RISK (IRR) MANAGEMENT
Exposure to Interest Rate Risk has garnered a signiﬁcant amount of attention over the past several years, and rightfully so. Excess liquidity and demand for high quality loans compressed investment and loan yields. While banks have experienced an unprecedented run of historically low deposit (liability) rates, the ability to manage your net interest margin is paramount. Given a twist on the old saying, “what goes up, must come down,” it is likely that within the next year or so, “what has come down will certainly go up.” So unless you have a crystal ball and can forecast when, how much, and how sharply rates will move, what steps can you take to ensure that your institution’s income statement and balance sheet is relatively risk “neutral” (i.e., not subject to unplanned rate change)?
We provide a comprehensive audit of your IRR policies, procedures, risk management processes and model. Our review drills down into the key assumptions of your IRR model that will either make it a sound, strategic planning tool or just a practice to satisfy regulators. We also provide industry "best practices" that will enhance your monitoring capabilities and ensure Management and the Board has the right information to steer a prudent Asset/ Liability Management course. Finally, our reports will provide an independent "back-test" of the predictive accuracy of model output - so you know whether to trust the predictions and output of your model.
There have been many changes to the regulations in 2015 and 2016 that aﬀect both Lending and Operations Compliance. It is often diﬃcult for community banks to stay focused on these changes, track proposed changes and adapt procedures and processes to incorporate the updated rules. The areas aﬀected include: Truth in Lending Act (TILA) and the Real Estate Settlement Procedures Act (RESPA) Integrated Disclosure (TRID) (eﬀective October 3, 2015), Flood Insurance (requirement to escrow Flood Insurance premiums eﬀective January 1, 2016).
We have been focused on these changes, and continue to track proposed changes to adapt our audit testing to incorporate the updated rules. We have experienced associates ready to assist you with these matters and provide practical feedback for achieving compliance in an eﬃcient manner.
As the reliance on software to assist banks in identifying suspicious or high-risk activity has increased, the OCC issued a guidance in 2011 (with the FDIC and FRB following with their own guidance) that has received a lot of attention from the BSA examiners of late. The guidance provides a framework for eﬀective model risk management, stating that this includes “appropriate governance and control issues such as board and senior management oversight, policies and procedures, controls and compliance, and structure. Sound development, implementation, and use of models are also vital elements.” The guidance can be found at: http://www.occ.treas.gov/news-issuances/bulletins/2011/bulletin-2011-12a.pdf
Our team can perform a system validation that meets regulatory expectations including:
Review of all applicable AML/ BSA policies and procedures associated with the use, set-up, maintenance and output review of the software.
Evaluate the adequacy of set-up, maintenance and review of the software in relation to Bank’s enhanced “due diligence” for high-risk accounts and whether the software system adequately monitors said accounts based on the output provided.
Review the parameters and control records input into the software to ensure that they are reasonable and reﬂect prudent banking practices and industry standards.
Ensure that an internal certiﬁcation process is in place to verify that the software is working correctly and balances with other information systems.
Assist in the comprehensive review of the system’s rule base to determine that rules are appropriately set, and consequently capture all suspicious activity in accordance with FFIEC AML Rules and Regulations (FFIEC AML Examination handbook).
Conﬁrm that the Bank has an appropriate “change control” processes in place to ensure that any modiﬁcations or updates to the parameters or “rules” in the system are properly approved, documented and reported.