Manage Your Risk Utilizing Collaborative Partnerships to analyze, simplify, compare & strategize.

Manage Your RiskUtilizing Collaborative Partnerships to analyze, simplify, compare & strategize

Agenda/Topics To Be Covered

• Who’s Who

• Information Security Program

• Using the Risk Management Report Generator Web Site

• Using Related Services for Overall Structure

• What else is new for Auditing, Reporting & Compliance

Information Security ProgramAppendix A of Part 748, NCUA Rules, GLBA

MUST:

• Involve Board

• Risk Assessment

• Risk Management

• Training

• Testing

• Service Provider Oversight

• Adjustments

Board Involvement

• Ultimate responsibility

• Approved policies

• Annual reports

• Security committee

• Breaches

Risk Assessment

• Identify threats i.e. member data…disclosure and destruction

• Assess potential damage

• Policies sufficient to monitor and manage the risk

Risk Management

• Protecting against the threats and mitigating risk

– Monitoring systems

– Dual control

– Employee controls

– Physical controls

Training

• Recognizing the risk

• Making it part of everyday process

• Reporting unauthorized attempts

• Federal and State Requirements, GLBA

Adjustments“you’re never done”• Reflect changes to technology

• New threats

• Business arrangements

• Services and products

Response Programs

• Assessment of access

• Notification of regulatory authorities

• Containment

• Notification of members “All, specific, none”

Oversight of Third Party Providers

• NCUA Letter 08-CU-09

• NCUA Letter 07-CU-13

• FFIEC

• During the selection process

• During the contract process

• For on-going monitoring

WHEN DOES IT APPLY• Involves a new financial service activity

• Materially affects revenues and expenses

• Involves member data

• Involves marketing of CU products by a third party

• Involves subprime lending or card payment transactions

• Poses risk that could significantly affect earnings or capital

What is the Risk Management Report Generator Site?

• Your tool for evaluating third party relationships

• Creating a community of responses

• Serves as vault to store your reports and vital contract data

• Allows you to complete your annual reviews

• Follows NCUA guidelines as originally adopted in the letter to CU’s

http://rmrg.cuanswers.com/

Activity for 2010

• 100 Users

• 160 Reports created

• 40 Vendors

Where are we at today

• 122 Users

• 296 Reports created

• 288 Vendors

Vendors

• Most Common Vendor types:

– Insurance

– Mortgage

– Financial

– Collection

– Shredding services

– Janitorial

– Statement Providers

Credit Unions are saying…

• Feedback

– Easy to use.

– Good educational start with

canned responses

– Excited to show examiners

– It’s Free!!

– Great single repository for all

reports

• Improvements

– Email notification to renew

report?

– Scanning contracts

What is coming

• Review dates

• Proliferating vendors outside of the cuasterisk network

• Promoting additional responses

• Audit Link Offerings

– ACH

– BSA

– Audit Link Lite

Another Tool: Concentration Risk Analysis

• Model for predicting concentration risk in investment portfolios

• Includes Historical Loss Ratio and Credit Risk calculations

• Portfolios will be shock tested based on potential economic impacts to the portfolio, and will also include tests based on portfolio growth

• Clear and concise recommendations will be made based on test results

• Sample policies are also available upon request

Sample Concentration Risk Analysis

Item Finding Result Actions Required

Capital Ratio 10.00% SafeNone

Credit Risk Segmentation

710 SafeNone

Managed Concentrations

125% Aggregated Business Real Estate

MonitorCredit Union must justify and monitor

120% Residential Real Estate (1st)

MonitorCredit Union must justify and monitor

Static Test Results 9.26% Capital Ratio Safe None

Dynamic Test Results 9.07% Capital Ratio Safe None

Risk Limits 8.90% Capital Ratio Safe None

Named Borrower 17.50% Business 3 Monitor Credit Union must justify and monitor

Conclusion – You Should now know

• Why is it important for me to use RMG Site?

• Who do I contact if I have questions regarding the Risk Management Report Generator Site?

• Who do I contact if I would like to participate in any of the other services highlighted today?

• How much does it cost?

Linking the powers together is your key to success!

• Jim Vilker- jvilker@cuanswers.com

• Joe Spenski – jspenski@cuanswers.com

• Patrick Sickels – psickels@cuanswers.com

• 800-324-3478