Disaster Recovery Solution
Is your business continuity solution ready to help in a disaster?

Learn More

 

Business Continuity Solution
Is your business continuity solution ready when you need it most?

Learn More

 

ERM Solution Boston
It’s nice to meet you- stop by our booths to speak with us and see live demos.

View Events

 

Vendor Management Solution
Let WolfPAC show you a better vendor management system.

Learn More

 

Banking Technology Connections Newsletter

December 04, 2012

The Value of Insights from Financial Institution CEOs

Wolf & Company’s 2011 CEO & Board University events in Connecticut and Massachusetts were successes with more than 200 directors and CEOs of community-based banks and credit unions learning about best practices and current issues from industry experts who served as “professors” for the day.

December 03, 2012

Banking Technology Connections: December 4, 2012

Welcome to Banking Technology Connections. The goal of the newsletter is to communicate recent trends and issues facing Banking Technology Professionals.

November 26, 2012

Banking Technology Connections: November 27, 2012

 Welcome to Banking Technology Connections. The goal of the newsletter is to communicate recent trends and issues facing Banking Technology Professionals.  If you would like to subscribe to this newsletter and receive it via email please contact Sam Sexer at ssexer@wolfandco.com.

Do you foresee a day when your customers will no longer have any personal contact with your employees?  In this week's articles, it seems that this scenario is right around the corner (What Will the Branch of the Future Look Like?) As banks continue to find ways to use technology to reduce their costs, it's easy to see that the amount of employee and customer interaction will significantly decrease as well.  Is this something your Board is ready for?  Is your Board open to the idea of chat sessions or video screens being your customers' primary point of contact? While there are many cost saving advantages, community banks should make sure these technologies remain in line with their strategic Plans.  Just getting the technology because it's "the latest" or cool is not a good option!

November 19, 2012

Banking Technology Connections: November 20, 2012

 Welcome to Banking Technology Connections. The goal of the newsletter is to communicate recent trends and issues facing Banking Technology Professionals.  If you would like to subscribe to this newsletter and receive it via email please contact Sam Sexer at ssexer@wolfandco.com.

In this week's list of articles, we see that "the checkers" are not necessarily following what they preach (SEC left computers vulnerable to cyber-attacks). Although it may not come as a surprise to some that a government agency is not following rudimentary security rules, what we did find surprising was the blame the agency put on its employees for failing to encrypt their laptops.  Organizations need to take ownership of their IT governance programs and do whatever possible to make sure their employees have the ability to protect data.  While mistakes are sometimes made due to employees not following policy, it is often the case that the policies are either weak or not communicated very well.  Your employees are your assets and the reason for your success.  Help them focus on their primary objectives while providing them with the appropriate technology and training to keep your data safe! {C}

November 12, 2012

Banking Technology Connections: November 13, 2012

 Welcome to Banking Technology Connections. The goal of the newsletter is to communicate recent trends and issues facing Banking Technology Professionals. If you would like to subscribe to this newsletter and receive it via email please contact Sam Sexer at ssexer@wolfandco.com.

Interested in creating a Distributed Denial of Service (DDoS) on a website?  We assume your answer is no, but what about a disgruntled employee or customer?  The risk of a DDoS attack used to be low because most people lacked the ability to run such a complicated attack.  Unfortunately, in one of the articles this week, we see that the ability to perform an attack is as easy as entering a credit card number and website address (Where to Rent a Botnet for $2 an Hour or Buy one for $700).  While you obviously can't prevent an attack, you can mitigate any issues it may cause by taking a few preemptive measures.  For instance, check with vendors to make sure they have a response plan.  Make sure employees understand the threat and its implications, and that they're armed with the necessary information to discuss with customers need be.  Most importantly though, be careful that the DDoS is not trying to distract you from other types of attacks that may occur at the same time!

November 05, 2012

Banking Technology Connections: November 6, 2012

 Welcome to Banking Technology Connections. The goal of the newsletter is to communicate recent trends and issues facing Banking Technology Professionals.  If you would like to subscribe to this newsletter and receive it via email please contact Sam Sexer at ssexer@wolfandco.com.

One Tuesday each month we will feature comments from our professionals on topical issues.  This month's contributor is Tony Luciani, a Senior Auditor in the IT Assurance Services group.  Please feel free to contact Tony with any questions at tluciani@wolfandco.com.

In one of this week's articles (Regulators Outline Procedures for Monitoring Technology Vendors), we see that the Federal Financial Institutions Examination Council (FFIEC) has produced new guidance in the form of a revised Supervision of Technology Service Providers (TSP) booklet.  The guidance further addresses the legal authority of federal financial regulatory agencies, FRB, OCC, and FDIC, to supervise third-party servicers that enter into contractual arrangements with regulated financial institutions.  It also outlines the agencies' risk-based examination priority ranking program, which describes their Uniform Rating System for Information Technology (URSIT).  The Agencies use this rating system for Financial Institutions as well as for the TSPs.

In the TSP booklet, the FFIEC strongly emphasizes that directors and managers of financial institutions are ultimately responsible for ensuring outsourced activities are conducted in a safe and sound manner that's in compliance with applicable laws and regulations.  While examinations of TSPs generally focus on underlying IT risk, the risk assessment process also considers business-line risk rankings to ensure that all covered services are effectively included.  The agencies expect financial institutions to have a comprehensive, enterprise-wide risk management process in place that addresses vendor management relationships with TSPs.  The risk management process should include risk assessments and due diligence for the selection of TSPs, contract development and ongoing monitoring of all TSPs' performance. 

 

Please Note: Outsourced activities are subject to the same risk management, security, privacy, and other internal controls and policies that a financial institution would follow if it were to perform the activities in-house.{C}

Pages