Strunk’s Issue Manager software simplifies issue resolution & improves risk management

/in , , , , , , /by

Managing issues can be a cumbersome task for financial institutions, whether it’s tracking incidents, customer complaints, or audit and exam findings. The issue management process involves maintaining an issue log with action items, due dates, and responsible team members, often blurring the lines between issue management and project management. Standardizing your financial institution’s issue management program can improve efficiency and strengthen your Enterprise Risk Management program. Strunk’s Issue Manager software can quickly and efficiently identify and resolve issues for financial institutions.

Strunk’s Issue Manager Software:

• Define the issue, the source it came from, and who reported it.
• Details of the issue and attach any supporting document that you would like to support your issue (ex: audit findings, issue report, incident report or customer compliant report).
• Ability to prioritize issues to address the highest priorities first, moving down the line to the less urgent ones.
• Create a corrective action plan to develop the action items management will take to correct the issue, along with due dates and responsible team members.
• Track the issue’s progress as it moves toward resolution while creating a due date for it.
• Receive notification as the progress in correcting the issue within the agreed-upon timeframe.
• Create reports for internal use, auditors, and external use to help ease the remediation process.

Strunk’s Issue Manager software simplifies issue resolution, improves risk management, and enhances business operations.

Strunk Announces Completion of 2024 SOC 2

/in , , , /by

Strunk, LLC is pleased to share the news that we have recently completed our System and Organization Controls (SOC) 2 (Type II) Audit.

The SOC 2 audit is one the highest recognized standards of information security compliance in the world. It was developed by the American Institute of CPAs (AICPA) to allow a third-party auditor to validate a service company’s internal controls with respect to information security and has been something Strunk is proud to provide our clients for the past 13 years.

We obtained our audited SOC 2 Report by partnering with Johanson Group who respectively review our internal controls including policies, procedures, and infrastructure regarding data security, firewall configurations, change management, logical access, backup management, business continuity and disaster recovery, security incident response, and other critical areas of our business.

Thanks to a team effort here at Strunk, and with the help of our trusted partner Johanson Group, we successfully achieved SOC 2 compliance and received an Auditor’s Report, which we are happy to share with all clients via our secure due diligence portal. Strunk’s infrastructure was found to meet or exceed the SOC 2 criteria. In fact, by partnering with Johanson Group, we can confidently say we go above and beyond the minimum requirements for SOC 2 by integrating our critical infrastructure to monitor compliance to the SOC 2 framework 24/7/365, not just during the audit window.

We believe the relationship with our clients must be built on trust. The successful completion of our SOC 2 Report is one of many ways that we have planned to earn and retain that trust. SOC 2 is just one aspect of our growing security program. We are committed to continually improving our information security program and retaining an annual SOC 2 audit to ensure we keep supporting our clients’ needs.

Standard Reports Available in ODP Manager

/in , , , , , , /by

Strunk’s ODP Manager hosted software includes a standard suite of reports that summarize the information from the most recent extract file imported. These reports can be used by management and by daily users to analyze ODP Program performance and assist with program compliance.

The Summary Report includes totals for overdrawn and not overdrawn accounts, number of accounts by ODP Status Codes, and recommended totals for overdrawn accounts reserve by branch and product. A trend graph displays the accounts with limit, the used commitment, and aggregate privilege over time. NSF and OD Fees and Refunds are also displayed in bar charts. Additional overdrawn account information and reserve information is summarized in the Overdraft Detail Report and the Overdraft Aging Report.

The Overdraft Aging and New Accounts Reports show individual accounts that should be reviewed daily to determine the assignment and removal of overdraft limits. The Fresh Start Tracking Report allows users to monitor accounts with Fresh Start Repayment Plans. The Letters Printed YTD report allows your institution to track the total number of letters and which letter templates are generated by month and year.

The Status Tracking and Heavy OD Users Reports show accounts that do not currently have overdraft limits assigned. These accounts should be reviewed at least quarterly to determine if the accounts now meet the qualifying criteria to be assigned an OD Limit. Consistent review of these accounts will help maintain a high percentage of eligible accounts in the Overdraft Privilege Program.

The Utilization Analysis, Opt-In Impact Analysis, and LOC/Sweep Analysis reports focus on performance analysis.  These reports include a Branch Summary and Product Summary table. Monitoring the percent of accounts with overdraft limits and the percent of accounts opted in for Regulation E is very important to maintaining or improving ODP program performance. The LOC/Sweep Analysis Report allows comparison of the number of accounts with ODP to the number of accounts with other options to cover overdrafts, such as lines of credit or sweeps from other deposit accounts.

If you have any questions about reports available in hosted ODP Manager, please contact Strunk Support at support@strunkaccess.com to find out more.

Strunk Response to January 2024 CFPB Proposed Changes to Overdraft Fees

/in , , , , , , /by

In mid-January of this year, the Consumer Financial Protection Bureau (CFPB) proposed a new rule to restrict overdraft fees charged by very large financial institutions (Those with assets over $10B). View the PDF of the Proposed Rule with Request for Comment here:

https://files.consumerfinance.gov/f/documents/cfpb_overdraft-credit-very-large-financial-institutions_proposed-rule_2024-01.pdf

When the Board of Governors of the Federal Reserve System first adopted Regulation Z in 1969, it excepted from Regulation Z’s definition of finance charge any charges for honoring checks that overdraw a checking account unless the payment of the check and imposition of the fee were previously agreed upon in writing. The Board subsequently made “minor editorial changes” to this exception, (e.g., to reflect “items that are similar to checks), such as negotiable orders of withdrawal. Under the new proposed rule, Regulation Z would generally apply to overdraft credit provided by very large institutions unless it is provided at or below costs and losses as a courtesy to consumers.

The proposed rule would accomplish this by updating two regulatory exceptions from the statutory definition of finance charge. First, the proposal would update an exception that currently provides that a charge for overdraft is not a finance charge if the financial institution has not previously agreed in writing to pay items that overdraw an account so that the exception would not apply to “above breakeven overdraft credit”. Second, the proposal would update a related exception that provides that a charge imposed in connection with an overdraft credit feature (e.g., a charge for each item that results in an overdraft) is not a finance charge if the charge does not exceed the charge for a similar transaction account without a credit feature (e.g., the charge for returning each item). The CFPB has provided two options to very large financial institutions to determine whether an overdraft charge is considered above breakeven overdraft credit. A financial institution may calculate its own “breakeven standard,” charging a fee required to cover losses and direct costs related to the provision of courtesy overdrafts; or a financial institution may use a “benchmark fee” of either $3, $6, $7, or $14, determined by the CFPB by analyzing charge-off losses and cost data.

The proposed rule represents a pivotal development in consumer finance regulation and would have a negative impact on the financial industry and consumers. Overdraft protection has been beneficial to millions of consumers since its inception. Research supports the fact that consumers who use overdraft protection, especially those who use it frequently, value the service. Even the Consumer Financial Protection Bureau’s (CFPB) research supports this fact. Furthermore, the CFPB has access to consumer complaint data in its own database, showing that complaints regarding overdraft protection and fees are extremely low. Strunk believes that a regulatory agency essentially setting limits on fees that can be charged by a financial institution sets a very dangerous precedent.

At present, the proposal pertains to financial institutions under the CFPB’s jurisdiction – those with assets over $10 billion. It is unclear what the impact will be on institutions with assets of $10B and below. However, if this proposal is enacted, the possibility exists that it will be adopted by other regulatory bodies. Also, regardless of additional regulatory action, all institutions may feel “competitive pressure” to follow the standard set by the very large financial institutions.

For now, no changes to existing overdraft programs should be made prior to knowing exactly how this process will play out. When discussing Overdraft Privilege and the current regulatory landscape, Strunk always emphasizes two things:

  1. If you charge a sustained or continuous overdraft fee today, discontinue this practice immediately. Strunk has never endorsed that practice, and it is a flash point for regulators.
  2.  If you charge re-presentment OD fees, discontinue this practice as well and investigate the 24-month look-back restitution to consumers. This is an area where regulators have come out with clear guidance in the last 18 months and Strunk has previously issued recommendations to clients.

If your organization has questions regarding this matter or would like to schedule time to discuss, please contact us at support@strunkaccess.com or 800-728-3116.

Options to Customize Letter Templates

/in , , , , , , /by

Strunk’s hosted ODP Manager software includes a suite of standard, recommended, and compliant letter templates. These templates are set up so users can easily generate the letters due each day. Even though Strunk provides the recommended letter content, the ODP Manager software allows the letter appearance to be customized to match other letters sent by an institution.

The letter headers and footers can include logos or text so that letters can be printed on letterhead instead of plain paper.

Letters can be signed by the user that generated the letter or if requested, they can be signed by a specific person, department, or the institution name. If signature images are provided, they can be added so that they show when the letter is generated.

If an institution would prefer to have a letter display a branch contact’s name or the phone number of the branch, the contact information can be updated based on the branch assigned to the individual account. This allows the letters the flexibility to direct users to contact a central location or their local branch to discuss the Overdraft Privilege program.

These options allow financial institutions to feel confident in generating ODP program letters that not only are compliant, but also represent an institution’s desired letter appearance.

If you have any questions about customizing letter templates in hosted ODP Manager, please contact Strunk Support at support@strunkaccess.com to find out more.

Vendor Due Diligence Material Tracked in Strunk’s Vendor Manager Software

/in , , , , , /by

Financial institutions regulated by the OCC, FDIC, and Federal Reserve must conduct due diligence on third-party relationships per the Interagency Guidance on Third-Party Relationships: Risk Management. Regulators expect financial institutions to review vendor documents thoroughly rather than just glance over them. Organizing all your vendor management in a secure, web-hosted database is the first place to start in this process. Strunk’s Vendor Manager software simplifies the overwhelming task of monitoring existing vendors and onboarding new ones.

A centralized repository for your due diligence documents ensures that your financial institution has a vendor management program that allows you to engage your vendors at each phase of the vendor lifecycle. This will ensure that all departments and business lines can easily access a unified document from your financial institution while dating it to make sure that it’s the most recent document. This process assists your financial institution in evaluating vendors to ensure they align with operational, financial, and regulatory standards.

Strunk’s Vendor Manager software automates due diligence process by sending alerts to financial institution stakeholders and vendors, saving time and effort. Vendor Manager automates vendor due diligence, providing a practical framework for deciding which vendors to assess in-depth, assessing the risk they present, and monitoring their performance. The Vendor Manager provides proactive risk management and reduces administrative burden. Strunk’s Vendor Manager software can help with your financial institution vendor due diligence to ensure that your organization has a process when entering into a third-party relationship. Click here to learn more.

 

Importance of an Effective Contract Review

/in , , , , , /by

The Interagency Guidance of Third Party Risk Management states that an effective third-party risk management life cycle consists of planning, due diligence and third-party selection, contract negotiation, ongoing monitoring, and termination phase.

One of the most critical aspects of the third-party life cycle is the contract negotiation phase. It is essential to evaluate a vendor’s contract with other parties, including sub-contractors, which might transfer or bring additional risk to the financial institution. A vendor contract, sometimes referred to as a vendor agreement, is a legal document that outlines the terms of an exchange of goods or services for payment between the two parties.  Through this agreement both parties understand their responsibilities and obligations during the transaction.

The primary object of a vendor contract is to ensure that all parties involved are aware of what is expected in terms of deliverables, payment, and other relevant details. In the event of non-compliance, the vendor contract also specifies the consequences. Negotiating vendor contracts at the outset of any vendor partnership assists financial institutions in better managing their risks. Vendor contracts usually contain legal provisions, often in a specific order.

Strunk’s Vendor Manager Software allows you to score individual contracts based on the presence and quality of key provisions. Strunk’s vendor contract review enables financial institutions to identify gaps in their contracts and manage the vendor’s risk appropriately.

How can Strunk’s software help with your vendor management program?

/in , , , , , , , , /by

Regulators take compliance with vendor management regulations seriously due to the critical role third-party vendors play in delivering products and services. Using third-party services can increase the risk of a banking organization, but this does not mean that the organization can neglect its responsibility to perform all activities in a safe and sound manner. It is the responsibility of the organization to ensure compliance with all applicable laws and regulations, including those related to consumer protection and security of customer information. What exactly are the Regulators looking for in a Vendor Management program? Regulators will look for your program to have structure, be consistent, and have accountability. Strunk’s software can be your perfect solution to achieve your objectives. Let’s take a closer look at how it can help you.

The first thing that needs to be accomplished is to have the right structure for your program. The financial institution needs to have a well-documented policy describing how your board and senior management intend to execute vendor management. Strunk’s Policy Manager Software can provide your financial institution with a structured, centralized single source of truth for your organization’s policies. You can also use Policy Manager to document all of your procedures, including links to policies, ownership responsibilities, automated change logging, and multiple file attachments. If your financial institution does not currently have a vendor management documented policy, Strunk can start you off with our recommended standard policy.

Next, the financial institution must establish a consistent framework for implementing the policy that was established. Strunk’s Vendor Manager software can streamline and standardize the entire process. The Vendor Manager software is designed to transform a complicated process into a more organized and self-documenting workflow. It helps to streamline and automate the process, making it more efficient and easier to manage.

The financial institution must be accountable for its vendor management program. Strunk’s Risk Assessor software can assist in identifying what risk your organization must consider with your Vendor Management program, while also mapping what controls and procedures are in place for that risk.

Preparing for your next Vendor Management exam is crucial for your financial institution. Strunk offers several tools that can help you in this regard. While regulators do not expect perfection, they do expect progress and performance. By utilizing Strunk’s software and expertise, you can ensure that you are up-to-date and organized for your upcoming exam. This will make exam time much easier.

Save with Strunk’s Effective Risk Management Tools

/in , , , , , , , /by

Strunk is best known for our fee income improvement programs, including Overdraft Privilege, Rewards Checking and Value Checking. Strunk is also well known for assisting community financial institutions with their risk management and compliance processes using our software.

Strunk offers five comprehensive, easy-to-use, and affordable compliance management tools:

Risk Assessor helps prepare comprehensive risk assessments consistent with regulatory or other requirements, in days, not weeks.

Policy Manager organizes all policy documents into a single database, mapped to the relevant standards and control procedures.

Controls Manager schedules tests of policy compliance and tracks test results.

Vendor Manager is a specialized tool for managing vendor risk that standardizes risk assessment methodology and organizes all vendor related documentation.

Issues Manager is a centralized database for tracking all compliance issues and incidents across your entire organization.

According to Dan Roderick, CEO, “Strunk’s Risk Manager solution brings efficiency to the process and allows our clients to focus on their highest areas of risk. The solution is comprehensive but simple to use, which is something I wish I’d had access to in my days as a banker.”

All our tools are securely and reliably hosted with Amazon AWS, making them available on a variety of devices from anywhere. Risk Manager facilitates remote work and will greatly enhance your internal control and risk management processes and save time – all for one low annual fee.

If you are paying another vendor an annual fee for any one of these tools today, invest just 30 minutes to review our solution suite. We can add valuable services – and may be able to SAVE you money as well! Check out our tools today: https://strunkaccess.com/compliance-software/

Use ODP Manager to Inform Customers about Reg E Opt-In

/in , , , , , , , /by

On consumer accounts, ATM and everyday debit card transactions cannot be included in Overdraft Privilege unless the customer has opted in. Customers can opt in for Reg E at account opening but they may also opt in later. The four options to opt in for the ATM and everyday debit card coverage are: in person at a branch, over the phone, by mail, or electronically.

The Consent Form for Overdraft Services (A-9 form) informs customers about what they need to know about overdrafts and overdraft fees. It also reiterates a customer’s options for opting in and provides them the form to submit by mail. ODP Manager allows institutions to provide an account’s Regulation E Opt-in Status in the file that is imported daily. This allows the hosted software to send different letter templates to customers who have opted in or not opted in for the ATM and everyday debit card coverage.

Strunk’s standard letter templates for the Welcome and Reinstatement letters include the A-9 form for customers who have not already opted in. The Reg E Opt-in Followup Letter template is also provided so that customers with OD limits that have not opted in receive information about ATM and everyday debit card coverage opt-in at least once a year. If a customer has already opted in, their letters highlight that they already have the ATM and everyday debit card coverage. By allowing customers the Reg E opt-in information when overdraft limits are assigned, when overdraft limits are reinstated, or annually, ODP Manager may allow customers to have more opportunities to opt in for Reg E.

ODP Manager can also allow customers to submit their Reg E Opt-in election electronically. Strunk would create an online form that mirrors an institution’s A-9 form. This form would then be linked directly from an institution’s website. Email confirmations are generated when forms are submitted. The submissions are tracked in ODP Manager so that users can generate a list of accounts that need an updated Reg E election.

If you have any questions about the Reg E Opt-in form options in hosted ODP Manager, please contact Strunk Support at support@strunkaccess.com to find out more.

An independent certified public accountant has examined Strunk’s operations and found them to be in compliance with the AICPA’s Trust Service Principles. It was determined that Strunk meets the Security, Availability, Processing Integrity, Confidentiality, and Privacy criteria for SOC 2 established by the AICPA.