Risk Management Done Right

Strunk is best known for our fee income improvement programs, including Overdraft Privilege, Rewards Checking and Value Checking. Most recently we have expanded our offering to assisting community financial institutions with their risk management and compliance processes using our software.

Strunk offers six comprehensive, easy-to-use and affordable compliance management tools:

Risk Assessor helps you prepare comprehensive risk assessments consistent with regulatory or other requirements, in days, not weeks.

Policy Manager organizes all your policies into a single database, mapped to the relevant standards and control procedures.

Controls Manager schedules tests of policy compliance and tracks test results.

Vendor Manager is a specialized tool for managing vendor risk that standardizes risk assessment methodology and organizes all vendor related documentation.

Issues Manager is a centralized database for tracking all compliance issues and incidents across your entire organization.

Skills Manager provides online testing and training to ensure employees are knowledgeable about your policies.

According to Dan Roderick, CEO, “Strunk’s Risk Manager solution brings efficiency to the process and allows our clients to focus on their highest areas of risk. The solution is comprehensive but simple to use, which is something I wish I’d had access to in my days as a banker.”

All our tools are securely and reliably hosted with Amazon AWS, making them available on a variety of devices from anywhere. Risk Manager facilitates remote work and will greatly enhance your internal control and risk management processes and save time – all for one low annual fee.

If you are paying another vendor an annual fee for any one of these tools today, invest just 30 minutes to review our solution suite. We can add valuable services – and may be able to SAVE you money as well!

Strunk at the ABA’s Virtual Risk Management Conference 2021

We’re getting the hang of these virtual events at Strunk!  Strunk attended the ABA’s annual Risk Management conference last week. During the virtual event we hosted a virtual booth, met with many familiar and new faces via Zoom meetings and attended virtual sessions. We enjoyed the opportunity to connect with bankers across the country.

We welcomed the opportunity to discuss with attendees the latest features offered by our Governance, Risk Management and Compliance (GRC) software Risk Manager, which includes six GRC tools – Risk Assessor, Policy Manager, Controls Manager, Skills Manager, Issues Manager and Vendor Manager.

A state of the industry was provided by Dr. Catherine Mann, currently the Global Chief Economist for Citibank. The session included an update on the economy, focusing on pandemic recovery in all key sectors. She also shared thoughts on key economic risks for financial markets and how this impacts risk mitigation efforts. The session also included a keynote address by Rob Nichols, President and CEO of the American Bankers Association.

Attendees had the opportunity to discuss post-pandemic risk management, among many other topics. Bankers were encouraged to reassess and modify risk management frameworks as a result of the pandemic, especially reviewing and adjusting risk appetites and associated metrics.

Congratulations to the winner of Strunk’s giveaway, a $100 gift card to Amazon – Linda Schnitzler of The Canandaigua National Bank and Trust Company!

We hope to see you all in person next year. Until then, stay well.

Strunk at the ABA’s Virtual Conference for Community Bankers 2021

For the first time, Strunk attended the ABA’s annual Conference for Community Bankers virtually. During the virtual event we hosted a virtual booth, met with many familiar and new faces via Zoom meetings and attended virtual sessions. While a bit different than being together, it remains one of the most anticipated events of the year and we made the most of the connections with bankers and enjoyed seeing everyone.

We welcomed the opportunity to discuss with attendees the latest features offered by our Governance, Risk Management and Compliance (GRC) software Risk Manager, which includes six GRC tools – Risk Assessor, Policy Manager, Controls Manager, Skills Manager, Issues Manager and Vendor Manager. Strunk’s Overdraft Program is always a hot topic of conversation and we were glad to discuss our approach with long-time clients and potential clients.

Attendees had the opportunity to hear from keynote speaker, former NBA star Earvin ‘Magic’ Johnson in his session ‘The Power of Magic’. On top of his athletic notoriety, Magic is a driven and successful entrepreneur who shared what it takes to truly make an impact.

Another interesting session was hosted by Ron Shevlin of Cornerstone Advisors on the five forces shaping the banking industry today. He detailed how challenger banks, big tech, embedded finance, artificial intelligence, and cryptocurrency are affecting our banks and provided areas of focus for community FIs.

Congratulations to the winner of Strunk’s giveaway, a $100 gift card to Amazon – Mayra Rinaldi of Columbia Bank!

We hope to see you all in person next year and to once again host the conference t-shirt station. Until then, stay well.

Are you tired of doing Risk Assessments?

We hear comments from community bankers across the country that they don’t like doing risk assessments and that they are time consuming. Risk Assessments generally come in the form of Excel Spreadsheets or Word documents. Often times they are done in silos where each functional area of the bank does their regulatory required risk assessment and periodically reports them to the bank’s board for review/approval.

Many banks do risk assessments for the regulators which is typically the wrong approach, in Strunk’s opinion. Risk assessments are done annually for those required by regulations and sometimes others are done two weeks before the regulators walk in. Risk Assessments should be designed to give senior management, board and ownership a snapshot of what risks your bank faces and what has been done to mitigate those risks. High risks aren’t bad; they just need to be managed.

Regulatory scrutiny of BSA/AML, ACH, Fair Lending, Loan Concentrations, Cybersecurity, Information Technology and other areas of the bank have caused financial institutions to spend more time and money focusing on the risks the bank faces. Outsourcing some of these functions to vendors is an expensive way to manage the risk assessment process and certainly unnecessary. Strunk’s GRC (Governance, Risk Management and Compliance) solution makes the risk assessment process easy to do and it consolidates all areas of risk the bank faces into one report.

Bank examiners often tell the community bank that they are coming out for the annual exam six weeks to two months prior to actually showing up. Generally, they ask the bank to send an extensive amount of information prior to coming onsite. This gives the regulator time to form their opinion on what risks the bank faces before arriving at the bank.

Strunk’s solution lets the bank tell their story rather than have the regulator tell the bank’s story to them. Comprehensive risk assessments are made easy with Strunk’s Risk Assessor Solution https://strunkaccess.com/risk-assessor/.

Who Handles your Vendor Management?

Managing the vendors your financial institution does business with is important but it can be time consuming and a stressful project. Some institutions have decided to let third parties manage the risk assessment and vendor due diligence process rather than do it on their own. Strunk’s Vendor Manager solution makes it easy to do risk assessments, manage contracts and other vendor documents and to obtain necessary annual information to ensure risks associated with vendors you do business with is managed appropriately.

Our program provides: 1) A repository of information on each vendor you do business with and 2) The ability to do consistent risk assessments for each vendor. Maintaining a list of key vendor relationships, contracts, insurance certificates, security policies, and other documentation is critical to vendor management. The tickler system notifies the individual assigned to the vendor when contracts come up for renewal or when other documents are due.

Vendor risk assessments can be a hassle and our solution takes a standard approach to ensure the process is consistent and thorough based on the risk (critical, high, moderate or low) per regulatory guidelines. For critical and high risk vendors additional information is obtained from those vendors to complete the risk assessment.

Vendor Management is imperative at all financial institutions and Strunk’s Vendor Manager Solution may be just what you are looking for. Take back the process from outside vendors or make internal vendor due diligence easy and consistent to manage.

Is risk always bad?

In our industry we are accustomed to thinking of risk as something we need to constantly assess and evaluate. At best, this exercise can be laborious and time-consuming. The number of risk factors to consider can run into the hundreds, often with different parts of the organization best qualified to assess each risk. The typical solution, emailing spreadsheets around the organization, is inherently cumbersome and error-prone.

Let’s take a step back and break down what a risk is. The definition of risk is a situation involving exposure to danger. But danger does not always look like we might expect. There is an important distinction to be made as some risks can actually pose a benefit to any company while others cause a greater reason for concern. Without risk, it can become easy to settle into consistency, security and stability.

Wouldn’t you like to know the importance of the risks you face and be able to easily identify them? Strunk’s Risk Manager can help identify risks you may be considering to help grow your business, as well as those risks that may present a greater threat to your organization. It helps to answer the questions:

  • What factors must financial institutions manage against?
  • At this point in time how much risk is each factor creating for us?
  • Do we have adequate management measures in place to manage the inherent risk?
  • And what is the trend – is our situation improving or getting worse?

Risk Manager tracks your risks in a database with fine-grained control over access. It documents your assessment of the inherent risk, the strength of your management of the risk and trend for both. If you must respond to a standards-based set of risks like banking industry requirements or SOC2, explicitly score yourself against these frameworks. The solution will map your policies against control activities to be sure you have appropriate policies in place that address each risk and will allow you to track your risk profile over time.

If you would like to bring together all areas of the risk assessment process into one easy to use format and eliminate your dependency on Excel spreadsheets, invest just 30 minutes to review our solution. Contact us at info@strunkaccess.com to learn more.

Strunk Solution Fall 2020 Features

With Strunk’s most recent release, clients can now utilize new features in Risk Assessor, Policy Manager, Controls Manager, Vendor Manager, Skills Manager and ODP Manager. We’ve been busy!

Risk Assessor now provides the ability to pull multiple bank UBPR Data into one single risk assessment. This will simplify assessments for multi-bank holding companies.

Criteria based auto assignment for reader and editor groups is now available in Policy Manager. Users are able to assign specific documents based on physical location or job title, where assignment of a set of policies and procedures could dynamically change based on these rules. We have also adjusted the way the policy acknowledgement is assigned. Admin users have the ability to request that users read a policy at a configurable number of days in the event that a policy is updated throughout the year, rather than just every 365 days. Users will be notified of necessary policies to review via email.

Controls Manager now supports notification of the group owner rather than simply the control owner. Alerts will be triggered any time a significant change or update is made to a control.

Clients will be excited to see the improvements to Vendor Manager reporting. Users can sort by a customized list of vendor types, vendor risk level and renewal year within all summary reports. Reports will also include whether or not the vendor survey has been completed and if not, what the current status is.

Skills Manager exams have historically been comprised of multiple choice or true false questions. We now support the option to have an open ended comment for specified questions.

Lastly, ODP Manager provides the ability to mark old status codes as inactive or deleted so they no longer show on reports, such as the Status Tracking Report.

If you would like more information on any of Strunk’s new features or products, please contact us at 800.728.3116 or support@strunklp.com.

Is it time for your company’s next SOC 2 examination?

If your company is like Strunk, then a SOC 2 exam is an annual topic of conversation and the certification from your CPA firm is something you proudly provide your clients. At Strunk we have built a full-featured solution to help not only manage the policies your organization follows but to tie those policies back to the AICPA’s criteria and to your company’s own internal control procedures.

A SOC 2 audit can be time consuming, frustrating and burdensome. Strunk’s Policy Manager and Controls Manager modules can put much needed structure around this process. We keep on top of changes to the AICPA criteria so that you don’t have to. If changes need to be made to your existing policies as a result of any of these updates, you can easily address those within our software, and all modifications and approvals will be captured in our logs. The application will remind specific users within your organization when control activities need to be tested and the solution even supports breaking up this activity throughout the year so that your team is not focused on such a large task all at once.

The implementation with Strunk is extremely straightforward. Your company will submit your current policies for upload and creation within our system. If you are missing policies in any area we will provide you with a template document for you to customize but you will not need to start from scratch! We will work with your team to map these documents to the AICPA criteria in our solution.

Most companies are using Excel to track control activities. We ask that you simply provide this list of test procedures and we will set them up within the solution as well. Our Policy Map will provide a linked relationship from criteria to policies to controls. Once all of your company specific information has been uploaded and created we will host a training webinar for your team. It’s that simple.

Let Strunk help simplify and organize this process for you so that you can focus on what you do best – serving your clients.

Testing Employee Policy Knowledge

How often do you check to see if your employees know what polices or procedures your financial institution has in place? Security and ethics policies should be read from time to time and compliance to those policies should be tracked.

Strunk’s Skills Manager program is one module of our overall Risk Management solution. It gives you the ability to set up templates for course study, take tests to ensure knowledge of a policy or procedure and track the results of the tests to provide a pass/fail result.

Skills Manager is a unique tool that can be used by the human resources department for company-wide deployment or by individual departments of your organization. Power Point slides can be imported and set up to discuss product knowledge and then each employee can be assigned a test to see if they were knowledgeable of certain policies and procedures.

The tracking of the results within Skills Manager is important for audits and certifications. Through Strunk’s Policy Manager solution, reader logs can be tracked to ensure that your employees are reading pertinent policies. Then through Skills Manager you can test to see if your employees understand those policies.

Strunk’s solution to risk management includes Risk Assessor, Policy Manager, Controls Manager, Vendor Manager, Issues Manager and Skills Manager along with our Overdraft Privilege Manager program. Contact us to learn more.

Ensure Contract Completeness with Strunk’s Contract Review

Having a well written contract with your vendor is a critical aspect in your vendor manager life cycle.  The contract is important as it sets forth the terms and conditions of the relationship with the vendor.  Vendor contracts are legal agreements that clearly set forth the provisions and conditions of the work or services that the vendor provides.  Because the contract is the foundation for the relationship with the vendor, a complete contract review should be done before the agreement is signed.

Strunk has created a Contract Review feature in our Vendor Manager solution to help ensure your contract does not have any gaps and that each provision is understood with clear expectations.  Contract Review will assist in clearly identifying what each party’s role is and who is responsible for each area.  This will prevent any issue between the financial institution and the vendor.  Regulations require that contracts contain key provisions such as confidentiality, service level agreements, and mutual rights and responsibilities.  A thorough review of your vendor contract should be done both prior to signing a new contract and while reviewing existing contracts for renewals.  Strunk’s Vendor Contract Review will help clients address significant risk controls and regulatory compliance within each of their vendors activities.