Manage Your Risk Utilizing Collaborative Partnerships to analyze, simplify, compare & strategize.
Post on 20-Jan-2016
213 Views
Preview:
Transcript
Manage Your RiskUtilizing Collaborative Partnerships to analyze, simplify, compare & strategize
Agenda/Topics To Be Covered
• Who’s Who
• Information Security Program
• Using the Risk Management Report Generator Web Site
• Using Related Services for Overall Structure
• What else is new for Auditing, Reporting & Compliance
Information Security ProgramAppendix A of Part 748, NCUA Rules, GLBA
MUST:
• Involve Board
• Risk Assessment
• Risk Management
• Training
• Testing
• Service Provider Oversight
• Adjustments
Board Involvement
• Ultimate responsibility
• Approved policies
• Annual reports
• Security committee
• Breaches
Risk Assessment
• Identify threats i.e. member data…disclosure and destruction
• Assess potential damage
• Policies sufficient to monitor and manage the risk
Risk Management
• Protecting against the threats and mitigating risk
– Monitoring systems
– Dual control
– Employee controls
– Physical controls
Training
• Recognizing the risk
• Making it part of everyday process
• Reporting unauthorized attempts
• Federal and State Requirements, GLBA
Adjustments“you’re never done”• Reflect changes to technology
• New threats
• Business arrangements
• Services and products
Response Programs
• Assessment of access
• Notification of regulatory authorities
• Containment
• Notification of members “All, specific, none”
Oversight of Third Party Providers
• NCUA Letter 08-CU-09
• NCUA Letter 07-CU-13
• FFIEC
• During the selection process
• During the contract process
• For on-going monitoring
WHEN DOES IT APPLY• Involves a new financial service activity
• Materially affects revenues and expenses
• Involves member data
• Involves marketing of CU products by a third party
• Involves subprime lending or card payment transactions
• Poses risk that could significantly affect earnings or capital
What is the Risk Management Report Generator Site?
• Your tool for evaluating third party relationships
• Creating a community of responses
• Serves as vault to store your reports and vital contract data
• Allows you to complete your annual reviews
• Follows NCUA guidelines as originally adopted in the letter to CU’s
http://rmrg.cuanswers.com/
Activity for 2010
• 100 Users
• 160 Reports created
• 40 Vendors
Where are we at today
• 122 Users
• 296 Reports created
• 288 Vendors
Vendors
• Most Common Vendor types:
– Insurance
– Mortgage
– Financial
– Collection
– Shredding services
– Janitorial
– Statement Providers
Credit Unions are saying…
• Feedback
– Easy to use.
– Good educational start with
canned responses
– Excited to show examiners
– It’s Free!!
– Great single repository for all
reports
• Improvements
– Email notification to renew
report?
– Scanning contracts
What is coming
• Review dates
• Proliferating vendors outside of the cuasterisk network
• Promoting additional responses
• Audit Link Offerings
– ACH
– BSA
– Audit Link Lite
Another Tool: Concentration Risk Analysis
• Model for predicting concentration risk in investment portfolios
• Includes Historical Loss Ratio and Credit Risk calculations
• Portfolios will be shock tested based on potential economic impacts to the portfolio, and will also include tests based on portfolio growth
• Clear and concise recommendations will be made based on test results
• Sample policies are also available upon request
Sample Concentration Risk Analysis
Item Finding Result Actions Required
Capital Ratio 10.00% SafeNone
Credit Risk Segmentation
710 SafeNone
Managed Concentrations
125% Aggregated Business Real Estate
MonitorCredit Union must justify and monitor
120% Residential Real Estate (1st)
MonitorCredit Union must justify and monitor
Static Test Results 9.26% Capital Ratio Safe None
Dynamic Test Results 9.07% Capital Ratio Safe None
Risk Limits 8.90% Capital Ratio Safe None
Named Borrower 17.50% Business 3 Monitor Credit Union must justify and monitor
Conclusion – You Should now know
• Why is it important for me to use RMG Site?
• Who do I contact if I have questions regarding the Risk Management Report Generator Site?
• Who do I contact if I would like to participate in any of the other services highlighted today?
• How much does it cost?
Linking the powers together is your key to success!
• Jim Vilker- jvilker@cuanswers.com
• Joe Spenski – jspenski@cuanswers.com
• Patrick Sickels – psickels@cuanswers.com
• 800-324-3478
top related