![Page 1: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/1.jpg)
Insert Presentation Title Here Financial Institutions & the Future
July 30, 2013
© 2013 Rehmann
![Page 2: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/2.jpg)
Insert Presentation Title Here
Regulatory Compliance Hot Topics & Trends
Presented by: Beth Behrend
![Page 3: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/3.jpg)
Beth A. Behrend
Senior Manager • Compliance Services Leader
for Financial Institutions • More than 30 years of financial
institution experience – Extensive knowledge of financial
institution operations and serves in an advisory role to clients within the BSA and Regulatory Compliance related areas
![Page 4: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/4.jpg)
Audit & Review Programs
• Who owns your program?
• Scope – is it adequate?
• Risk Assessments
![Page 5: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/5.jpg)
Bank Secrecy Act/Anti-Money Laundering
• Validation of Monitoring Programs
• Risk Rating Customers
• Enhanced CDD Programs
![Page 6: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/6.jpg)
Fair Lending
• Increasing regulatory attention
• Increased “encouragement” to perform internal review
![Page 7: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/7.jpg)
1 2 3
Continues to be high
profile
Check, double check,
triple check
Document procedures
HMDA Data Accuracy
![Page 8: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/8.jpg)
Unfair, Deceptive or Abusive Acts or Practices • UDAAP ramifications should be assessed for every
– Risk assessment performed – New product introduced – New service originated – Office location opening/closing decision – Advertising material
![Page 9: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/9.jpg)
Training Programs
• Detailed
• Complete
• Monitored
![Page 10: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/10.jpg)
Best Exam Practices
• Lead the regulator to the story you want to tell – Formal policies – Detailed procedures – Updated tracking – Regular reporting to Audit Committee/Board of
Directors – Regular review/risk assessment updates
![Page 11: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/11.jpg)
QUESTIONS?
![Page 12: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/12.jpg)
Insert Presentation Title Here
Financial Institutions IT Update Presented by:
Jessica Dore, CISA
![Page 13: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/13.jpg)
Jessica Dore, CISA Senior Manager • Technology Risk Management • Specializes in technology
consulting & security and SOX 404 compliance – In-depth knowledge of SOX 404
compliance, GLBA compliance and COBIT standards
– Extensive knowledge of IT systems • Experience in leading teams and
performing IT security assessments with a wide variety of clients.
![Page 14: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/14.jpg)
IT Trends
By 2016, the number of mobile devices is expected to surpass the world’s population--an 18-fold increase between 2011 and 2016. – Cisco
In 2012, the Identity Theft Resource Center (ITRC) documented 447 breaches in the United States, exposing 17,317,184 records. In the first half of 2013, there have so far been 255 incidents, exposing 6,207,297 records
Before 2015, it’s projected that mobile internet usage will overtake the desktop. – Microsoft
Malicious attacks (defined as a combination of hacking and insider theft) accounted for nearly 47 percent of the recorded breaches in 2012 in the United States. Hacking attacks were responsible for more than one-third (33.8 percent) of the data breaches recorded. - Privacy Rights Clearinghouse
In the 2013 AFP Payments Fraud and Control Survey, it was noted that 61% of organizations experienced attempted or actual payments fraud
Through 2016, the financial impact of cybercrime will grow 10 percent per year due to the continuing discovery of new vulnerabilities. - Gartner
![Page 15: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/15.jpg)
Facts & Statistics
• Anti-Phishing Working Group (APWG) reported in Q4 2012 that Financial Services remains the most targeted industry
![Page 16: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/16.jpg)
Description of the Scheme
• Customer’s e-mail account is compromised
• Financial Institution receives an e-mail that appears to come from a customer’s e-mail account asking the financial institution to wire out money
![Page 17: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/17.jpg)
What You Can Do?
• Ensure that proper internal controls are in place to verify the legitimacy of wires
• Continue to educate customers about IT security
![Page 18: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/18.jpg)
Regulatory Hot Buttons
→ Vendor Management
→
→ Remote Deposit Capture
→ Mobile Computing
Social Media
![Page 19: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/19.jpg)
Vendor Management
• Outsourced Providers – do you know where your data is being stored?
• Review your contract to ensure it clearly identifies where your data is being stored
• Perform annual due diligence review process to ensure the vendor has internal controls and is a viable business
![Page 20: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/20.jpg)
Social Media
• Social Media Strategy – Policies and Procedures – Risk Assessment
• Acceptable Use Agreements • Employee Training • Incident Response • Third Party Vendor Due Diligence • Monitoring
![Page 21: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/21.jpg)
Remote Deposit Capture
• Remote Deposit Capture Policy • Risk Assessment • Audit Plan • Risk Rating of Customers/Customer Due Diligence • Customer Audits • Customer Training • Communication Channel
![Page 22: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/22.jpg)
Mobile Computing
• Mobile Device Strategy – Policies and Procedures – Risk Assessment
• Acceptable Use Agreements
• Authentication & Encryption
• Secure Transmission • Device Management • Employee Training
![Page 23: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/23.jpg)
QUESTIONS?
![Page 24: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/24.jpg)
Insert Presentation Title Here
Physical Security & Critical Incident Planning
Presented by: Steve Kerby
![Page 25: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/25.jpg)
Steve Kerby Director of Security Consulting & Insurance Defense Services • Rehmann CIS
– 1997 to Present – B.A. in Finance, MBA from
Central Michigan University • Specializes in fraud
investigation, security consulting and risk assessments, and insurance defense services
![Page 26: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/26.jpg)
Objectives
• Physical Security
• Importance of a strong physical security program
• Critical Incident Planning
• Are you prepared?
![Page 27: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/27.jpg)
Physical Security
![Page 28: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/28.jpg)
Centralized Program • A model security program consists of cohesive policies and
procedures managed by a qualified individual with the responsibility and authority to fully implement and manage the program – The policies should address the four main areas of security:
• physical security • information security • personnel security • critical incident management and response
• Consistent between locations • Introduce security and safety component to all team meetings • Conduct period training and testing on following procedures • Well published policies signed off on by all employees annually • Team approach with one leader involving tellers, location managers,
business/member development, and I/T
![Page 29: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/29.jpg)
Balanced Approach to Physical Security
CRITICAL INCIDENT PLAN STAFF TRAINING/TESTING
SECURITY/RISK ASSESSMENT THREAT ASSESSMENT
![Page 30: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/30.jpg)
Risk Analysis
• Place Facility in Context of its Environment – Institution incident reports – Police/Fire/EMS Reponses – Financial Procedures and Controls
• Cash • Inventory • Purchasing
![Page 31: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/31.jpg)
Methodology
• Staff Interviews
• Building Tours
• Physical Security Inspection
• Comparison
• Periodic testing
![Page 32: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/32.jpg)
The case of the missing backup tapes
![Page 33: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/33.jpg)
The Weak Link?
![Page 34: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/34.jpg)
EVERYONE
![Page 35: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/35.jpg)
Critical Incident Planning
![Page 36: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/36.jpg)
What Are We Protecting Against • A critical incident is any event that poses a risk to the
assets, people, or reputation of your institution. – Data intrusions – Ponzi schemes – Weather events – Health pandemics – Robberies – Workplace violence
![Page 37: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/37.jpg)
The First 5 Minutes Activate the critical incident plan
Contact 911
Secure or evacuate facility
Render first aid
Verify information with law enforcement
Notify appropriate institution locations and personnel
1
2
3
4
5
6
![Page 38: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/38.jpg)
Post-Incident • Media attention
• Fact finding
• Blame assigning
• Emergency plan critique
• Emergency response critique
• Political rhetoric
• Grief counseling
![Page 39: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/39.jpg)
The Planning Process
![Page 40: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/40.jpg)
Major Considerations in Planning • Incident Scene Coordinator • Command Center • Incident Response Team • Assessing Threat Level
– Monitor: potential for risk – Stand-by: real risk exists – Emergency: event has occurred
• Site Control Options – Normal movement – Suspended movement – Lockdown – Stay-In – Evacuation
• Evacuation & Business Continuation
![Page 41: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/41.jpg)
Your Role • Know your office
• Be aware of your surroundings
• Escort members and vendors
• Document security
• Company conversations
• See something, report it
![Page 42: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/42.jpg)
Impact to You • Individuals harmed, injured or killed
• Disruption of business / customer service
• Financial Loses
• Employee and Customer Retention
• Reputation Damage
• Compliance Problems
![Page 43: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/43.jpg)
Scenario One • A teller at you’re a location is working diligently at
her station. She handles a transaction with an individual going through a divorce. This individual happens to be married to a teller that works at a different location. Upon learning that the account has been closed, this individual launches into a tirade and discloses that he/she is going immediately to the other branch and is going to kill their spouse.
• What do you do?
![Page 44: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/44.jpg)
Scenario Two
• It is a busy day at your location with several individuals in your branch meeting with tellers and other members of the staff. Without much warning the fire alarms sound and within seconds the branch is filled with smoke.
• What do you do?
![Page 45: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/45.jpg)
QUESTIONS?
![Page 46: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/46.jpg)
Insert Presentation Title Here Due Diligence
Presented by: Liz Ziesmer, CPA, CBA
![Page 47: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/47.jpg)
Liz Ziesmer, CPA, CBA Principal • Director of Rehmann Financial
Institutions Services • Serves as a firm-wide resource for
internal and external financial institution engagements as well as consulting to a variety of financial institutions, including community banks and SEC engagements
• Involvement in numerous financial statement, internal audit, consulting services and employee benefit plan engagements for Rehmann’s largest and most complex financial institutions
![Page 48: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/48.jpg)
Key to Success
• Develop a Plan! – Define your overall strategy
– Develop areas of focus, including
• Geography • Culture • Products • Financial stability
![Page 49: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/49.jpg)
Key to Success • Establish roles, responsibility and method of
reporting – Understand the abilities of internal team
• Consider limiting number of people involved – but more than one!
• Sound project management skills • Interpersonal skills • Self assessment
– Areas where a third party will be necessary or most beneficial
– Establish a timeline and tracking of projects – Expectations of those reporting to
![Page 50: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/50.jpg)
Due Diligence Establish pricing, assumptions, financial modeling and risk tolerances
Use of various outside parties to provide experience, unbiased opinions, and reduce use of internal resources time
Establish letters of intent and confidentiality/non-disclosure agreements
Establish timeline -Time is often limited -Prioritize -Frequent communication & updates -Open and up front discussions
Documentation of assessment
![Page 51: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/51.jpg)
Focus Areas
• Often, deals hit a “roadblock” based on some common areas – Pricing – Board and management composition – Loan quality and allowance adequacy – Proper full disclosure – integrity concerns – Regulatory issues – Contracts
![Page 52: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/52.jpg)
QUESTIONS?
![Page 53: Financial Institutions & Insert Presentation Title Here](https://reader031.vdocuments.net/reader031/viewer/2022012021/61689809d394e9041f70f091/html5/thumbnails/53.jpg)
Thank you for attending!