Ensuring Employee Compliance With Policies and Procedures

Does your financial institution do annual employee reviews of compliance with your policies and procedures? If not you should. Training employees on specific areas of the bank is crucial to running a successful company and testing for product knowledge is critical to customer service.

All financial institutions have policies that are board approved on an annual basis and a set of procedures that are senior management approved. The question is do your employees know what the policies and procedure say and do they follow them?

In the middle of the 1980’s, the bank I worked at had a product knowledge contest with the winner receiving a trip to Las Vegas. There were three person teams and the questions came from all areas of the bank. So it was important to have a lending person, a retail person and an operations person on each team to have the correct answers. Needless to say, our team won.

Today, we don’t have product or policy knowledge contests but that doesn’t mean you can’t test your employees for knowledge of these. Strunk’s Skills Manager solution allows financial institutions to train your employees on products, procedures or policies. Then through the solution you can test their knowledge based on the training. Test results for each employee funnel up to one person responsible for the training. Many institutions use this for their security or ethics policy requiring their employees to take a test on an annual basis. Could Skills Manager help your financial institution?

Strunk Solution Fall 2020 Features

With Strunk’s most recent release, clients can now utilize new features in Risk Assessor, Policy Manager, Controls Manager, Vendor Manager, Skills Manager and ODP Manager. We’ve been busy!

Risk Assessor now provides the ability to pull multiple bank UBPR Data into one single risk assessment. This will simplify assessments for multi-bank holding companies.

Criteria based auto assignment for reader and editor groups is now available in Policy Manager. Users are able to assign specific documents based on physical location or job title, where assignment of a set of policies and procedures could dynamically change based on these rules. We have also adjusted the way the policy acknowledgement is assigned. Admin users have the ability to request that users read a policy at a configurable number of days in the event that a policy is updated throughout the year, rather than just every 365 days. Users will be notified of necessary policies to review via email.

Controls Manager now supports notification of the group owner rather than simply the control owner. Alerts will be triggered any time a significant change or update is made to a control.

Clients will be excited to see the improvements to Vendor Manager reporting. Users can sort by a customized list of vendor types, vendor risk level and renewal year within all summary reports. Reports will also include whether or not the vendor survey has been completed and if not, what the current status is.

Skills Manager exams have historically been comprised of multiple choice or true false questions. We now support the option to have an open ended comment for specified questions.

Lastly, ODP Manager provides the ability to mark old status codes as inactive or deleted so they no longer show on reports, such as the Status Tracking Report.

If you would like more information on any of Strunk’s new features or products, please contact us at 800.728.3116 or support@strunklp.com.

Is it time for your company’s next SOC 2 examination?

If your company is like Strunk, then a SOC 2 exam is an annual topic of conversation and the certification from your CPA firm is something you proudly provide your clients. At Strunk we have built a full-featured solution to help not only manage the policies your organization follows but to tie those policies back to the AICPA’s criteria and to your company’s own internal control procedures.

A SOC 2 audit can be time consuming, frustrating and burdensome. Strunk’s Policy Manager and Controls Manager modules can put much needed structure around this process. We keep on top of changes to the AICPA criteria so that you don’t have to. If changes need to be made to your existing policies as a result of any of these updates, you can easily address those within our software, and all modifications and approvals will be captured in our logs. The application will remind specific users within your organization when control activities need to be tested and the solution even supports breaking up this activity throughout the year so that your team is not focused on such a large task all at once.

The implementation with Strunk is extremely straightforward. Your company will submit your current policies for upload and creation within our system. If you are missing policies in any area we will provide you with a template document for you to customize but you will not need to start from scratch! We will work with your team to map these documents to the AICPA criteria in our solution.

Most companies are using Excel to track control activities. We ask that you simply provide this list of test procedures and we will set them up within the solution as well. Our Policy Map will provide a linked relationship from criteria to policies to controls. Once all of your company specific information has been uploaded and created we will host a training webinar for your team. It’s that simple.

Let Strunk help simplify and organize this process for you so that you can focus on what you do best – serving your clients.

Take advantage of new enhancements to Strunk’s Policy Manager

This summer Strunk has been hard at work making value added changes to enhance all of our applications. Customers will be able to leverage the convenience and organization of Policy Manager now more than ever. Through our next release the solution will now include a suggestions feature, criteria based auto assignment and the ability to automatically make changes to users. Dan Roderick, Strunk CEO, said ‘we continue to improve our solutions monthly based on client input and are pleased to announce these latest updates’.

For users with view only access, we have added functionality to allow them to suggest changes to policy documents via a comment feature within the user interface. This will then allow editors or approvers the option to decide whether or not to implement the suggested changes.

Policy Manager will now support criteria based auto assignment for Reader and Editor Groups rather than administrators having to makes all policy assignments manually. The auto assignment will take place based on defined criteria including any combination of physical location, department, and job role. Assignment of a set of policies and procedures could dynamically change based on these rules.

Updates to user accounts has been streamlined with automation of user changes. To simplify adding new users and deactivating former employees, an automatic user file import can be set up. Once configured, a file containing all current users will be uploaded and processed via a scheduled task.

Policy Manager organizes your hundreds of policy documents spread across different computers and file systems into a single database. It provides a structured, single source of truth for your organization.

Are your User Accounts up-to-date?

Part of effectively using Strunk’s cloud-based Governance, Risk Management and Compliance software is regularly reviewing, maintaining, and updating your user records and access. Our software provides your administrators with tools to make this process easier, rather than updating user records one by one. However, admins always have the option to view and change an individual user’s record and access rights.

A list of all users can be exported as a PDF for reporting purposes. In addition to the basic user information, it also includes each user’s roles and last login. To simplify adding new users and deactivating former employees, an automatic User file import can be set up. Once configured, a file containing all current users will be uploaded and processed on a scheduled basis. This allows you to add and deactivate users in a timely manner.

For other maintenance of existing users, admins can export the current user list to an Excel file. Any necessary updates can be made directly in the file and an admin will import the updated file to make the appropriate changes in the software.

Please contact Strunk Support at support@strunkaccess.com with any questions or for training on these helpful features. It is easier than ever before to keep your information up to date.

Broker Dealers and Broken Controls

Managing a financial advisory or brokerage firm is no small task; from finding clients, to advising the ones you already have, and everything in-between, compliance and governance can be a necessary burden.  While going through the vast regulations that shape the industry, the specific tasks of testing, preserving and repeating, are often asked.  Most firms utilize Excel, Word documents, and PDFs to build out their internal policies and controls in response to these regulations.  Almost all of these controls have a quarterly, bi-annual, or annual requirement to report activities, statements, or other documents to a host of stakeholders.  While utilizing an established Excel or SharePoint solution may seem like a “good enough” practice, the risk of missing one of these control events can be detrimental to your firm.

With a strong policy management software your firm can update processes to help save time, money, and reduce overall risk.  Strunk’s Controls Manager solution is one of the most intuitive products on the market, unwinding the complexity of your policy and compliance book, so you can automate your policy controls process and operation.  Through the use of a strong organizational system to address your regulatory obligation, your firm will have a more logical and considered approach to compliance, such as a Controls Calendar, enabling your company to effortlessly respond to your requirements.

While a patchwork of common Office tools seems like the easy and cheap solution, the downside risk far outweighs the upside risk.  Strunk can help you manage these risks, and put your firm on a better strategic footing.

No better time to implement a Cloud-Based GRC Solution

Over recent weeks, the ongoing spread of the COVID-19 coronavirus has forced companies around the country to make difficult decisions about how to protect their employees — as well as their communities as a whole.  In an effort to halt the spread of the virus, many organizations are instituting mandatory work-from-home (WFH) policies, engaging with new cloud service providers, and shifting resources toward supporting an expanding remote workforce.  The fast-moving, global reach of the coronavirus has illustrated that a forward-looking approach to risk management is more important than ever. Having a cloud-based tool that streamlines your compliance process should be in all companies’ future strategic discussions.

Strunk offers many great automated cloud-based solutions tools that streamlines compliance and risk management for our clients.  There are many benefits to these cloud-based solutions, especially in today’s environment where some many employees are working from home.  Our software is simple to implement, easy to access, very flexible and is reliable in terms of backing up data for your employees who are at different locations.  Implementing Strunk’s Risk Assessor, Policy Manager, Issue Manager and Vendor Manager software does not require extra hardware or software.  Implementing these tools can be done while business continues as usual which requires no downtime at all.  Strunk has created a new Version 2 of our Risk Assessor which is available to everyone.  Risk Assessor helps our clients complete risk assessments consistent with appropriate regulatory or standards body frameworks in days, instead of weeks.  Clients are able to upgrade for free from Version 1 to Version 2 and Strunk will help transfer results from your current Version 1 assessments.

Given the current coronavirus pandemic, the need for companies to centralize their policies and vendor management is more critical than ever.  Strunk’s Policy Manager software will organize hundreds of policy documents spread across different computer and file systems into a single editable database. With employees working remote, Policy Manager gives employee access to the companies polices for easy access and with the established review dates the system will remind employees to review the policy and make changes.  Centralizing your vendor manager process with Strunk’s Vendor Manager software will automate the process which reduces administrative burden and save time while giving employees who are working remote access to vendor due diligence, providing a practical framework for deciding which vendors to assess in depth, assessing the risks each vendor present, and the monitoring of each vendor performance.

Also, Strunk is offering additional free web training for our client’s employees.  There is no better time than now to get employees who are new or have changed job responsibilities trained on any of Strunk’s GRC software.

Strunk Policy Manager Software Now Includes GRC Policy Templates

In 2015 Strunk launched Risk Manager which has now evolved into a full featured Governance, Risk Management, and Compliance (GRC) solution including Risk Assessor, Policy Manager, Controls Manager, Vendor Manager, Issues Manager, and Skills Manager tools.  Today, as an added service for Risk Manager clients, we are announcing the availability of standard template policies for banks, credit unions, investment advisory firms and broker-dealers.

Policy requirements evolve, and often times organizations find that their existing policy has become outdated, or they don’t have a policy at all to address a particular issue.  No one wants to write a new policy from scratch – particularly regarding a complex issue. So, starting with a vetted template and customizing it to your particular organization is a big benefit both in terms of making sure the policy is complete and saving time. There are a variety of companies that provide policy templates for a fee.  But with Strunk, they are free for Risk Manager clients.

Dan Roderick, Strunk CEO said, ‘Clients have been asking us for quite some time if we can provide them with a specific policy that they don’t currently have in their existing policy manual and each time we would track down a template example for them.  Now we have assembled a database of standard documents to respond to those requests.  In fact, if a client were to ask for an entire manual of standard policies, we can now easily provide those documents.  Policy Manager has been one of the most popular components of the Risk Manager solution – it was the first module we developed five years ago.  This should be a valuable enhancement to our GRC solution.’  The current COVID-19 crisis is one example of an event that can create a need for a new or more thorough policy.  The Pandemic Policy and Plan documents have been frequently requested during the past month.

Is your firm ready for the change in Regulation BI (Best Interest)?

In June 2019 the United States SEC put forth changes in the way broker dealers and investment advisors deal with their customers, creating a fiduciary responsibility, and clear reporting of how your firm might be earning money from services and products provided to your clients.  These changes, while good for consumers, have created a regulatory burden on the industry to update policies and procedures, as well as formulating new ways to disclose your firm’s relationships with vendors and investment products.

The new regulation requires registered broker dealers and investment advisors to provide retail investors with easy to understand information about the confines of their relationship with your firm, ensuring potential clients can clearly see the differences between firm conflicts, fees, and other determining factors.  This has led to the creation of the CRS relationship summary form, as well as several other less formal processes all firms in the space must comply with.

While the rule changes happened in June 2019, the SEC gave the industry until June 30, 2020 to conform to the new requirements. It is generally recognized that all broker dealers and investment advisors will need to make changes to their operations, mandatory disclosures, marketing materials, and any system used for compliance.

If your firm is currently utilizing Excel, Word, and PDF documents to create your Policy Manual, it’s time to upgrade to a system that can help with the Reg BI changes and all your policy and risk management needs.  StrunkAccess provides an easy to use Policy Automation tool, allowing your firm the flexibility to find, and organize your policies in a logical way; helping to ensure compliance within your company.  Contact us today to find out more about how we can help your company achieve compliance for your regulatory needs.

Policy Management Made Easy

Banks are required to have each and every policy approved by the board of directors on an annual basis. Many financial institutions keep their policies in Word or PDF documents on the back credenza of the officer in charge of each area of the bank. Operational and compliance policies are in the operations area of the bank; lending policies are in the chief lending officer’s file cabinet and accounting policies on the cashier’s desk.

On average, banks have between 40-60 policies that are reviewed throughout the year by the bank’s board and any changes to the policies are updated after board approval. This process can be cumbersome and hectic for most community banks. It doesn’t have to be that way!

Strunk has put together a terrific solution for managing the annual review and policy approval process. Rather than maintaining separate folders of policies, why not have them in one place with access to those who need to read, make changes, or review them periodically? That is what Strunk’s Policy Manager Program does.

Keeping a log of changes for senior management, outside auditors, or the regulators is important. Making updates or changes to policies should be easy to do. Redlined copies of the policies go to the board for approval. Your board only wants to review changes made to policies, not the entire policy. Strunk’s solution does all of this and policies are put into chapters based on each functional area of the bank. You send us your policies; we do all of the work. Access to each policy is given based on user access code. Contact us for a quick demo of the cost effective, yet comprehensive Policy Manager solution.