Are you tired of doing Risk Assessments?

/in , , , , , /by

We hear comments from community bankers across the country that they don’t like doing risk assessments and that they are time consuming. Risk Assessments generally come in the form of Excel Spreadsheets or Word documents. Often times they are done in silos where each functional area of the bank does their regulatory required risk assessment and periodically reports them to the bank’s board for review/approval.

Many banks do risk assessments for the regulators which is typically the wrong approach, in Strunk’s opinion. Risk assessments are done annually for those required by regulations and sometimes others are done two weeks before the regulators walk in. Risk Assessments should be designed to give senior management, board and ownership a snapshot of what risks your bank faces and what has been done to mitigate those risks. High risks aren’t bad; they just need to be managed.

Regulatory scrutiny of BSA/AML, ACH, Fair Lending, Loan Concentrations, Cybersecurity, Information Technology and other areas of the bank have caused financial institutions to spend more time and money focusing on the risks the bank faces. Outsourcing some of these functions to vendors is an expensive way to manage the risk assessment process and certainly unnecessary. Strunk’s GRC (Governance, Risk Management and Compliance) solution makes the risk assessment process easy to do and it consolidates all areas of risk the bank faces into one report.

Bank examiners often tell the community bank that they are coming out for the annual exam six weeks to two months prior to actually showing up. Generally, they ask the bank to send an extensive amount of information prior to coming onsite. This gives the regulator time to form their opinion on what risks the bank faces before arriving at the bank.

Strunk’s solution lets the bank tell their story rather than have the regulator tell the bank’s story to them. Comprehensive risk assessments are made easy with Strunk’s Risk Assessor Solution https://strunkaccess.com/risk-assessor/.

Help Your Customers Opt In for Regulation E Online

/in , , , , , , /by

ODP Manager includes letter templates that allow your customers the opportunity to opt in for Regulation E so they can authorize Overdraft Privilege service for ATM withdrawals and everyday debit card purchases. Did you know that ODP Manager can also help you offer your customers the option to opt in on your website?

Strunk can create a Reg E opt in form and Reg E opt out form that mirrors the content in your ODP Manager letters. You would then add links to these forms to your website.

When your customer submits the Consent Form for Overdraft Services or the Consent to Opt-Out, the opt in or opt out request is tracked in ODP Manager. The customer also is emailed a confirmation of their Reg E submission. Periodically, you review the new customer responses in ODP Manager and generate a list of the accounts that need the Reg E election updated. You perform the appropriate maintenance in your core software – updating the account record to either opt in or opt out the customer’s requested account. The ODP Manager software always shows you the most recent responses that you have not yet reviewed. The list of submissions is retained so you can look up past responses.

Let ODP Manager expand your options to allow your customers to choose Overdraft Privilege coverage for ATM and everyday debit card transactions. Please contact Strunk Support at support@strunkaccess.com with any questions or to find out more about using this feature.

Ensuring Employee Compliance With Policies and Procedures

/in , , , , , /by

Does your financial institution do annual employee reviews of compliance with your policies and procedures? If not you should. Training employees on specific areas of the bank is crucial to running a successful company and testing for product knowledge is critical to customer service.

All financial institutions have policies that are board approved on an annual basis and a set of procedures that are senior management approved. The question is do your employees know what the policies and procedure say and do they follow them?

In the middle of the 1980’s, the bank I worked at had a product knowledge contest with the winner receiving a trip to Las Vegas. There were three person teams and the questions came from all areas of the bank. So it was important to have a lending person, a retail person and an operations person on each team to have the correct answers. Needless to say, our team won.

Today, we don’t have product or policy knowledge contests but that doesn’t mean you can’t test your employees for knowledge of these. Strunk’s Skills Manager solution allows financial institutions to train your employees on products, procedures or policies. Then through the solution you can test their knowledge based on the training. Test results for each employee funnel up to one person responsible for the training. Many institutions use this for their security or ethics policy requiring their employees to take a test on an annual basis. Could Skills Manager help your financial institution?

Is risk always bad?

/in , , , , /by

In our industry we are accustomed to thinking of risk as something we need to constantly assess and evaluate. At best, this exercise can be laborious and time-consuming. The number of risk factors to consider can run into the hundreds, often with different parts of the organization best qualified to assess each risk. The typical solution, emailing spreadsheets around the organization, is inherently cumbersome and error-prone.

Let’s take a step back and break down what a risk is. The definition of risk is a situation involving exposure to danger. But danger does not always look like we might expect. There is an important distinction to be made as some risks can actually pose a benefit to any company while others cause a greater reason for concern. Without risk, it can become easy to settle into consistency, security and stability.

Wouldn’t you like to know the importance of the risks you face and be able to easily identify them? Strunk’s Risk Manager can help identify risks you may be considering to help grow your business, as well as those risks that may present a greater threat to your organization. It helps to answer the questions:

  • What factors must financial institutions manage against?
  • At this point in time how much risk is each factor creating for us?
  • Do we have adequate management measures in place to manage the inherent risk?
  • And what is the trend – is our situation improving or getting worse?

Risk Manager tracks your risks in a database with fine-grained control over access. It documents your assessment of the inherent risk, the strength of your management of the risk and trend for both. If you must respond to a standards-based set of risks like banking industry requirements or SOC2, explicitly score yourself against these frameworks. The solution will map your policies against control activities to be sure you have appropriate policies in place that address each risk and will allow you to track your risk profile over time.

If you would like to bring together all areas of the risk assessment process into one easy to use format and eliminate your dependency on Excel spreadsheets, invest just 30 minutes to review our solution. Contact us at info@strunkaccess.com to learn more.

Excessive Use Notification Options

/in , , , , , , /by

FDIC regulated institutions are expected to give customers who overdraw their accounts on more than six occasions where a fee is charged in a rolling twelve-month period a reasonable opportunity to choose a less costly alternative and decide whether to continue with fee-based overdraft coverage. Non-FDIC regulated institutions also can choose to communicate alternatives to ODP to their customers.

ODP Manager is able to assist you with sending these letters advising your customers of the alternatives to Overdraft Privilege.

There are two options to use these letters. One option is to update your ODP Manager import file to add a field from your core that indicates when the account has qualified by exceeding the threshold. Alternatively, if you are able to identify the appropriate accounts using an existing core report or other method, you can generate the letter as needed as an Ad Hoc letter.

By using ODP Manager as part of your Excessive Use notification process, you can benefit from the software’s letter tracking and retention.

Please contact Strunk Support at support@strunkaccess.com to find out more about implementing or using this feature.

The Importance of Understanding your Reg. E Opt-In Form

/in , , , , , , /by

In 2010 there were changes to the laws and regulations for financial institutions regarding overdraft privilege programs.  Certain Regulation E rules took effect July 1, 2010.  Under these rules, financial institutions must provide notice and reasonable opportunity for customers to opt-in to the payment of automated teller machine (ATM) and one-time point-of-sale (POS) overdrafts provided in exchange for a fee.

Even though this regulation is over 10 years old, there are still misunderstandings from financial institutions regarding the way to present the Reg. E options to consumers, and also the way financial institutions should disclose to their consumers.  Not disclosing Reg. E opt-in correctly to your customers/members could be costly to your institution and also hurt the institutions reputation.  Recently a Bank was hit with $122 million in restitution and penalties to resolve claims that it charged U.S. consumers fees without consent.  The CFPB stated that in some cases the bank required new customers to sign its overdraft notice with the ‘enrolled’ option pre-checked without mentioning the Reg. E service to the consumer.  In other cases the CFPB found that new customers were enrolled in Reg. E without requesting the customer’s oral enrollment decision.

Reg. E opt-in disclosures are highly sensitive matters with regulators and strict compliance is required.  Strunk is the leader in overdraft privilege services and we have a great understanding on how to establish and implement policies and procedures that align with the laws and regulations around Reg. E opt-in. If you have any questions regarding your disclosures or your procedures, reach out to Strunk so we can assist you.

Testing Employee Policy Knowledge

/in , /by

How often do you check to see if your employees know what polices or procedures your financial institution has in place? Security and ethics policies should be read from time to time and compliance to those policies should be tracked.

Strunk’s Skills Manager program is one module of our overall Risk Management solution. It gives you the ability to set up templates for course study, take tests to ensure knowledge of a policy or procedure and track the results of the tests to provide a pass/fail result.

Skills Manager is a unique tool that can be used by the human resources department for company-wide deployment or by individual departments of your organization. Power Point slides can be imported and set up to discuss product knowledge and then each employee can be assigned a test to see if they were knowledgeable of certain policies and procedures.

The tracking of the results within Skills Manager is important for audits and certifications. Through Strunk’s Policy Manager solution, reader logs can be tracked to ensure that your employees are reading pertinent policies. Then through Skills Manager you can test to see if your employees understand those policies.

Strunk’s solution to risk management includes Risk Assessor, Policy Manager, Controls Manager, Vendor Manager, Issues Manager and Skills Manager along with our Overdraft Privilege Manager program. Contact us to learn more.

Reviewing your overdraft privilege program during a pandemic

/in , , , , , , /by

With the Covid-19 pandemic having an enormous effect on a financial institution’s overdraft privilege program, this is a great time to review your existing program to make sure it is running as efficiently as possible.  Financial institutions pointed to government relief efforts, increase in unemployment benefits and the decrease in discretionary purchases that had a negative impact on overdraft privilege programs.  Even with these obstacles in our way there are still ways to make sure financial institutions maximize their fee income from their ODP program.

  1. Clean up accounts to prevent creep-age.  We find that most financial institutions, over time, experience a downward trend in percent utilization, which has a significant negative impact on fee income. By using reports that are produced in Strunk’s ODP Manager software, financial institutions will be able to gain a great understanding on how each account is performing.
  2. Evaluate your institution’s Reg. E opt in rate. The Federal Reserve Payments Study shows that roughly two-third of all transactions are done by debit card. Making sure customers understand what opt-in means for them and what happens if they don’t opt in is essential.
  3. Review how overdraft waives/refunds are being handled inside your financial institution. Waives/refunds are an area with two issues: Reduction in income fee and possible compliance issues.

There is no better time to do a complete review of your overdraft privilege program than during the Covid-19 pandemic.  Strunk can perform a checkup on your program to help with compliance and profitability while also training your employees to ensure consistency within the program.

Clarification on how to handle “Force Pay” items in an ODP program

/in , , , , /by

Financial Institutions encode items with a special transaction code to ensure payments are received before other items clear an account. The codes are used for a variety of reasons. As long as you make a deposit or have enough money in your account to cover the transaction, you don’t have to take further action.  A “force pay” debit is a special transaction code used by the financial institution to insure that a debit purchase clears an account first. An example of a “force pay” debit card transaction is if a consumer is at the gas pump and that consumer has $5 in their checking account.  Once the consumer swipes their debit card at the gas pump the merchant receives an authorization for $1.  The consumer then puts $50 worth of gas in their vehicle.  In this scenario the debit card transaction is paid and the financial institution is not allowed to return items to the merchant that are presented for payment.

How should financial institutions handle these transactions to make sure that they are in compliant with all regulatory requirements.  “Force Pay” debit card or ATM items that overdraw an account cannot be charged an overdraft fee if the account does not have an overdraft limit and the consumer has not “opted in” for Regulation E purposes.  Strunk met with David Stein, co-author of Regulation E, at the CFPB and he clarified for us that institutions should not be charging fees on consumer accounts if the bank would not normally authorize the electronic transaction. These are referred to as “no pay” accounts in CFPB terms. If a new customer checking account is in the waiting period before a limit is assigned, or if an accountholder’s limit has been taken away for some reason, you cannot charge an overdraft fee for these force-pay caused overdrafts, even if that customer has “opted in”. The basis for this position is to address any potential Unfair, Deceptive and Abusive Acts and Practices (UDAAP) application if a customer has no potential to receive benefit from your overdraft program.

Broker Dealers and Broken Controls

/in , , /by

Managing a financial advisory or brokerage firm is no small task; from finding clients, to advising the ones you already have, and everything in-between, compliance and governance can be a necessary burden.  While going through the vast regulations that shape the industry, the specific tasks of testing, preserving and repeating, are often asked.  Most firms utilize Excel, Word documents, and PDFs to build out their internal policies and controls in response to these regulations.  Almost all of these controls have a quarterly, bi-annual, or annual requirement to report activities, statements, or other documents to a host of stakeholders.  While utilizing an established Excel or SharePoint solution may seem like a “good enough” practice, the risk of missing one of these control events can be detrimental to your firm.

With a strong policy management software your firm can update processes to help save time, money, and reduce overall risk.  Strunk’s Controls Manager solution is one of the most intuitive products on the market, unwinding the complexity of your policy and compliance book, so you can automate your policy controls process and operation.  Through the use of a strong organizational system to address your regulatory obligation, your firm will have a more logical and considered approach to compliance, such as a Controls Calendar, enabling your company to effortlessly respond to your requirements.

While a patchwork of common Office tools seems like the easy and cheap solution, the downside risk far outweighs the upside risk.  Strunk can help you manage these risks, and put your firm on a better strategic footing.

An independent certified public accountant has examined Strunk’s operations and found them to be in compliance with the AICPA’s Trust Service Principles. It was determined that Strunk meets the Security, Availability, Processing Integrity, Confidentiality, and Privacy criteria for SOC 2 established by the AICPA.