Strunk at the ABA’s Virtual Risk Management Conference 2021

/in , , , , , , /by

We’re getting the hang of these virtual events at Strunk!  Strunk attended the ABA’s annual Risk Management conference last week. During the virtual event we hosted a virtual booth, met with many familiar and new faces via Zoom meetings and attended virtual sessions. We enjoyed the opportunity to connect with bankers across the country.

We welcomed the opportunity to discuss with attendees the latest features offered by our Governance, Risk Management and Compliance (GRC) software Risk Manager, which includes six GRC tools – Risk Assessor, Policy Manager, Controls Manager, Skills Manager, Issues Manager and Vendor Manager.

A state of the industry was provided by Dr. Catherine Mann, currently the Global Chief Economist for Citibank. The session included an update on the economy, focusing on pandemic recovery in all key sectors. She also shared thoughts on key economic risks for financial markets and how this impacts risk mitigation efforts. The session also included a keynote address by Rob Nichols, President and CEO of the American Bankers Association.

Attendees had the opportunity to discuss post-pandemic risk management, among many other topics. Bankers were encouraged to reassess and modify risk management frameworks as a result of the pandemic, especially reviewing and adjusting risk appetites and associated metrics.

Congratulations to the winner of Strunk’s giveaway, a $100 gift card to Amazon – Linda Schnitzler of The Canandaigua National Bank and Trust Company!

We hope to see you all in person next year. Until then, stay well.

Do Business Accounts Have To Opt In To Reg E?

/in , , , , , , /by

Over the years Strunk has been asked a number of times, “do business accounts that have overdraft privilege have to opt into Reg. E to have their debit card point of sale and ATM transactions covered in the program?” To understand this you must first understand that most consumer protection rules do not apply to deposit accounts held by a business. It is also important to understand that a business-purpose account can be held by a legal entity, such as an LLC or a corporation, or by individuals operating a business themselves as a sole proprietorship.

We need to take a look at Regulation E and break it down regarding this topic. The coverage of Reg. E is stated in section 1005.3(a). It applies to “electronic fund transfers” that debit or credit a “consumer’s account.” Paragraph 1005.2(b) (1) defines an “account” as a consumer asset account established primarily for personal, family, or household purposes. Paragraph 1005.2(e) defines a “consumer” as a natural person. The result is if an individual is using their deposit account for the purposes of operation a sole proprietorship or an account is held by a legal entity, it would not be covered by Reg. E either.

Reg. E coverage means that the “opt-in” for overdraft coverage of debit card point of sale and ATM transactions only applies to consumer accounts. Any application of the concept to other accounts (such as business accounts) is a matter of bank policy and should be addressed in the bank’s deposit account agreement for such accounts.

Are you tired of doing Risk Assessments?

/in , , , , , /by

We hear comments from community bankers across the country that they don’t like doing risk assessments and that they are time consuming. Risk Assessments generally come in the form of Excel Spreadsheets or Word documents. Often times they are done in silos where each functional area of the bank does their regulatory required risk assessment and periodically reports them to the bank’s board for review/approval.

Many banks do risk assessments for the regulators which is typically the wrong approach, in Strunk’s opinion. Risk assessments are done annually for those required by regulations and sometimes others are done two weeks before the regulators walk in. Risk Assessments should be designed to give senior management, board and ownership a snapshot of what risks your bank faces and what has been done to mitigate those risks. High risks aren’t bad; they just need to be managed.

Regulatory scrutiny of BSA/AML, ACH, Fair Lending, Loan Concentrations, Cybersecurity, Information Technology and other areas of the bank have caused financial institutions to spend more time and money focusing on the risks the bank faces. Outsourcing some of these functions to vendors is an expensive way to manage the risk assessment process and certainly unnecessary. Strunk’s GRC (Governance, Risk Management and Compliance) solution makes the risk assessment process easy to do and it consolidates all areas of risk the bank faces into one report.

Bank examiners often tell the community bank that they are coming out for the annual exam six weeks to two months prior to actually showing up. Generally, they ask the bank to send an extensive amount of information prior to coming onsite. This gives the regulator time to form their opinion on what risks the bank faces before arriving at the bank.

Strunk’s solution lets the bank tell their story rather than have the regulator tell the bank’s story to them. Comprehensive risk assessments are made easy with Strunk’s Risk Assessor Solution https://strunkaccess.com/risk-assessor/.

Help Your Customers Opt In for Regulation E Online

/in , , , , , , /by

ODP Manager includes letter templates that allow your customers the opportunity to opt in for Regulation E so they can authorize Overdraft Privilege service for ATM withdrawals and everyday debit card purchases. Did you know that ODP Manager can also help you offer your customers the option to opt in on your website?

Strunk can create a Reg E opt in form and Reg E opt out form that mirrors the content in your ODP Manager letters. You would then add links to these forms to your website.

When your customer submits the Consent Form for Overdraft Services or the Consent to Opt-Out, the opt in or opt out request is tracked in ODP Manager. The customer also is emailed a confirmation of their Reg E submission. Periodically, you review the new customer responses in ODP Manager and generate a list of the accounts that need the Reg E election updated. You perform the appropriate maintenance in your core software – updating the account record to either opt in or opt out the customer’s requested account. The ODP Manager software always shows you the most recent responses that you have not yet reviewed. The list of submissions is retained so you can look up past responses.

Let ODP Manager expand your options to allow your customers to choose Overdraft Privilege coverage for ATM and everyday debit card transactions. Please contact Strunk Support at support@strunkaccess.com with any questions or to find out more about using this feature.

Ensuring Employee Compliance With Policies and Procedures

/in , , , , , /by

Does your financial institution do annual employee reviews of compliance with your policies and procedures? If not you should. Training employees on specific areas of the bank is crucial to running a successful company and testing for product knowledge is critical to customer service.

All financial institutions have policies that are board approved on an annual basis and a set of procedures that are senior management approved. The question is do your employees know what the policies and procedure say and do they follow them?

In the middle of the 1980’s, the bank I worked at had a product knowledge contest with the winner receiving a trip to Las Vegas. There were three person teams and the questions came from all areas of the bank. So it was important to have a lending person, a retail person and an operations person on each team to have the correct answers. Needless to say, our team won.

Today, we don’t have product or policy knowledge contests but that doesn’t mean you can’t test your employees for knowledge of these. Strunk’s Skills Manager solution allows financial institutions to train your employees on products, procedures or policies. Then through the solution you can test their knowledge based on the training. Test results for each employee funnel up to one person responsible for the training. Many institutions use this for their security or ethics policy requiring their employees to take a test on an annual basis. Could Skills Manager help your financial institution?

Is risk always bad?

/in , , , , /by

In our industry we are accustomed to thinking of risk as something we need to constantly assess and evaluate. At best, this exercise can be laborious and time-consuming. The number of risk factors to consider can run into the hundreds, often with different parts of the organization best qualified to assess each risk. The typical solution, emailing spreadsheets around the organization, is inherently cumbersome and error-prone.

Let’s take a step back and break down what a risk is. The definition of risk is a situation involving exposure to danger. But danger does not always look like we might expect. There is an important distinction to be made as some risks can actually pose a benefit to any company while others cause a greater reason for concern. Without risk, it can become easy to settle into consistency, security and stability.

Wouldn’t you like to know the importance of the risks you face and be able to easily identify them? Strunk’s Risk Manager can help identify risks you may be considering to help grow your business, as well as those risks that may present a greater threat to your organization. It helps to answer the questions:

  • What factors must financial institutions manage against?
  • At this point in time how much risk is each factor creating for us?
  • Do we have adequate management measures in place to manage the inherent risk?
  • And what is the trend – is our situation improving or getting worse?

Risk Manager tracks your risks in a database with fine-grained control over access. It documents your assessment of the inherent risk, the strength of your management of the risk and trend for both. If you must respond to a standards-based set of risks like banking industry requirements or SOC2, explicitly score yourself against these frameworks. The solution will map your policies against control activities to be sure you have appropriate policies in place that address each risk and will allow you to track your risk profile over time.

If you would like to bring together all areas of the risk assessment process into one easy to use format and eliminate your dependency on Excel spreadsheets, invest just 30 minutes to review our solution. Contact us at info@strunkaccess.com to learn more.

Excessive Use Notification Options

/in , , , , , , /by

FDIC regulated institutions are expected to give customers who overdraw their accounts on more than six occasions where a fee is charged in a rolling twelve-month period a reasonable opportunity to choose a less costly alternative and decide whether to continue with fee-based overdraft coverage. Non-FDIC regulated institutions also can choose to communicate alternatives to ODP to their customers.

ODP Manager is able to assist you with sending these letters advising your customers of the alternatives to Overdraft Privilege.

There are two options to use these letters. One option is to update your ODP Manager import file to add a field from your core that indicates when the account has qualified by exceeding the threshold. Alternatively, if you are able to identify the appropriate accounts using an existing core report or other method, you can generate the letter as needed as an Ad Hoc letter.

By using ODP Manager as part of your Excessive Use notification process, you can benefit from the software’s letter tracking and retention.

Please contact Strunk Support at support@strunkaccess.com to find out more about implementing or using this feature.

The Importance of Understanding your Reg. E Opt-In Form

/in , , , , , , /by

In 2010 there were changes to the laws and regulations for financial institutions regarding overdraft privilege programs.  Certain Regulation E rules took effect July 1, 2010.  Under these rules, financial institutions must provide notice and reasonable opportunity for customers to opt-in to the payment of automated teller machine (ATM) and one-time point-of-sale (POS) overdrafts provided in exchange for a fee.

Even though this regulation is over 10 years old, there are still misunderstandings from financial institutions regarding the way to present the Reg. E options to consumers, and also the way financial institutions should disclose to their consumers.  Not disclosing Reg. E opt-in correctly to your customers/members could be costly to your institution and also hurt the institutions reputation.  Recently a Bank was hit with $122 million in restitution and penalties to resolve claims that it charged U.S. consumers fees without consent.  The CFPB stated that in some cases the bank required new customers to sign its overdraft notice with the ‘enrolled’ option pre-checked without mentioning the Reg. E service to the consumer.  In other cases the CFPB found that new customers were enrolled in Reg. E without requesting the customer’s oral enrollment decision.

Reg. E opt-in disclosures are highly sensitive matters with regulators and strict compliance is required.  Strunk is the leader in overdraft privilege services and we have a great understanding on how to establish and implement policies and procedures that align with the laws and regulations around Reg. E opt-in. If you have any questions regarding your disclosures or your procedures, reach out to Strunk so we can assist you.

Testing Employee Policy Knowledge

/in , /by

How often do you check to see if your employees know what polices or procedures your financial institution has in place? Security and ethics policies should be read from time to time and compliance to those policies should be tracked.

Strunk’s Skills Manager program is one module of our overall Risk Management solution. It gives you the ability to set up templates for course study, take tests to ensure knowledge of a policy or procedure and track the results of the tests to provide a pass/fail result.

Skills Manager is a unique tool that can be used by the human resources department for company-wide deployment or by individual departments of your organization. Power Point slides can be imported and set up to discuss product knowledge and then each employee can be assigned a test to see if they were knowledgeable of certain policies and procedures.

The tracking of the results within Skills Manager is important for audits and certifications. Through Strunk’s Policy Manager solution, reader logs can be tracked to ensure that your employees are reading pertinent policies. Then through Skills Manager you can test to see if your employees understand those policies.

Strunk’s solution to risk management includes Risk Assessor, Policy Manager, Controls Manager, Vendor Manager, Issues Manager and Skills Manager along with our Overdraft Privilege Manager program. Contact us to learn more.

Reviewing your overdraft privilege program during a pandemic

/in , , , , , , /by

With the Covid-19 pandemic having an enormous effect on a financial institution’s overdraft privilege program, this is a great time to review your existing program to make sure it is running as efficiently as possible.  Financial institutions pointed to government relief efforts, increase in unemployment benefits and the decrease in discretionary purchases that had a negative impact on overdraft privilege programs.  Even with these obstacles in our way there are still ways to make sure financial institutions maximize their fee income from their ODP program.

  1. Clean up accounts to prevent creep-age.  We find that most financial institutions, over time, experience a downward trend in percent utilization, which has a significant negative impact on fee income. By using reports that are produced in Strunk’s ODP Manager software, financial institutions will be able to gain a great understanding on how each account is performing.
  2. Evaluate your institution’s Reg. E opt in rate. The Federal Reserve Payments Study shows that roughly two-third of all transactions are done by debit card. Making sure customers understand what opt-in means for them and what happens if they don’t opt in is essential.
  3. Review how overdraft waives/refunds are being handled inside your financial institution. Waives/refunds are an area with two issues: Reduction in income fee and possible compliance issues.

There is no better time to do a complete review of your overdraft privilege program than during the Covid-19 pandemic.  Strunk can perform a checkup on your program to help with compliance and profitability while also training your employees to ensure consistency within the program.

An independent certified public accountant has examined Strunk’s operations and found them to be in compliance with the AICPA’s Trust Service Principles. It was determined that Strunk meets the Security, Availability, Processing Integrity, Confidentiality, and Privacy criteria for SOC 2 established by the AICPA.