Maximize ODP Manager File Import Efficiency

Strunk’s hosted ODP Manager solution can help you streamline your file import process. ODP Manager requires you to update the software daily with the updated information from your core processor. Many institutions manage this process by having their users submit the file manually as part of their daily tasks during the workday.

If you would like to make your file import process more efficient, ODP Manager has an option to allow Automatic Uploads.

If your core is able to generate your updated extract file automatically to a specific file location at your institution, Strunk can help you set up the Automatic Upload process to run overnight while your users are not on premise.

The one-time setup process involves three steps:

  1. You will install the client that performs the upload.
  2. As part of the setup process, the user and file variables specific to your institution will be created and configured.
  3. You will create a scheduled task that will run at your institution to initiate the import process at a scheduled time after the close of business.

Your users will still receive an email when the automatic import has completed – ODP Manager can either notify a group email address that includes your users, or it can send an alert to specific individuals.

Let your users benefit from access to the updated ODP Manager information when they start their workday – with no waiting! Please contact Strunk Support at support@strunkaccess.com with any questions or to find out more about using this feature.

Can Strunk’s ODP Manager Software Lighten Your Load?

Do you have employees now working from home? If you are using Strunk’s hosted ODP Manager software, this may allow you to adapt to changing work schedules or locations and easily give new users access. If you are a current ODP Manager client but do not have the hosted version, the upgrade is free!

Enjoy the benefits of a hosted solution. No more application software to support on your own network. No more worries about server and other support software becoming outdated. ODP Manager is upgraded monthly – requiring no support on your end – the upgrades are seamless and automatically available to your users. It doesn’t get any easier.

If you need a more efficient file import process, another huge benefit of the hosted solution is that you can import your extract file directly from your core processor while your users are not on premise. We encourage you to take advantage of ODP Manager’s Automatic Upload option – if your core can generate your extract file automatically then Strunk can help you set up the file import for a scheduled time each day. Then the data will already be imported and available when your users start their workday.

You may be unable to print letters every day or you may be trying to prioritize which letters can be printed at home versus ones that can wait to be printed from your normal branch location. Strunk can help you determine which letters are required and which letters may be omitted. We can also help you make any necessary letter content changes.

ODP Manager can save your reports within the software. Ask us to set up archived reports – then you can refer back to the daily reports as you have time available. Implementation of these strategies should help with the remote management of your ODP program.

 

Strunk at ABA’s Conference for Community Bankers

Strunk was proud to exhibit once again at the American Bankers Association’s Conference for Community Bankers February 9-11th. This event always proves to be one of our favorites, this year hosted at the Omni Orlando Resort at ChampionsGate. The event is a great way to reconnect with many customers and to build relationships with new bankers each year.

We welcomed the opportunity to show attendees the latest features offered by our Governance, Risk Management and Compliance (GRC) software. The solution now includes six GRC tools – Risk Assessor, Policy Manager, Controls Manager, Skills Manager, Issues Manager and Vendor Manager. We also had some great conversations regarding our state-of-the-art ODP Manager program and were able to visit with many long-time clients.

Strunk was excited to debut our new Vendor Manager application to the ABA membership. Vendor Manager provides an easy to follow standardized process to assess risk, gather due diligence materials, evaluate contracts and stores all vendor documentation in one convenient place. Vendor Manager keeps everything organized, is simple to use and of course, follows the latest FFIEC guidelines.

The most enjoyable part of the event just may have been our conference t-shirt station. Attendees were able to choose from one of 4 designs and watched while their customized shirt was made right before their eyes!

Congratulations to Paul McLaughlin of Litchfield Bancorp who was the winner of our TaylorMade Spider X Putter!

Thanks to all who stopped by, and to the ABA for once again putting on a great event. We are already looking forward to next year!

Does Your Overdraft Payment Program Have Exclusion Creep?

For the past 27 years Strunk has been the leading provider of formal overdraft payment programs to financial institutions across the country. Many of these programs were put in place in the early to mid 2000’s, well before Regulation E changed the overdraft landscape in 2010.

Some financial institutions have let their programs die and others have put them on the back shelf as fee income derived from the service has gone down. Others continue to wonder what they can do to revitalize their 10-20 year old program.

So, what has happened? In virtually all financial institutions, the number of consumers participating in the formal overdraft program has dropped significantly. For one reason or another, the account holder has been taken out of the formal overdraft payment program. Strunk calls this “Exclusion Creep”. Virtually all of our 1,800 clients had 90%+ participation when the program was implemented but many institutions have 65-75% of their accounts in the program today.

Managing this is paramount to providing a good service to all of your customers and to maximizing fee income. Take a look at your consumer checking accounts and see if they have an overdraft limit assigned to the account. If not, re-qualify them and put them back in the program. Consumers want the service and managing the overdraft program like a line of business benefits everyone.

Does your financial institution have Exclusion Creep?

You Can Outsource, But You Cannot Hide

Companies may outsource an activity, but cannot outsource accountability.

In today’s economic environment, almost every aspect of a company’s operations can be outsourced efficiently. As a result companies interact with vendors on a daily basis, opening themself up to additional risk. Vendor Risk is a type of Operational Risk associated with the potential risk that may occur from relying upon outside parties to perform services or activities on an organization’s behalf. When a company outsources a need to a vendor, it is still the responsibility of the company to ensure that the vendor operates in compliance with established policies, procedures and regulator expectations.

For financial institutions in particular, this has been a clear message from all banking regulatory agencies to their members. Regulatory agencies have identified instances in which financial service institutions have:

  • Failed to properly assess and understand the risks and the direct and indirect costs involved in vendor relationships.
  • Failed to perform adequate due diligence and ongoing monitoring of vendor relationships.
  • Entered into contracts without assessing the adequacy of a vendor’s risk management practices.
  • Entered into contracts that incentivize a vendor to take risks that are detrimental to the financial institution or its customers, in order to maximize the vendor’s revenues.
  • Engaged in informal vendor relationship without contracts in place.

All companies, and especially financial services institutions, must establish an effective vendor management program to protect their business, clients and employees. Having an effective vendor management program enables institutions to control costs, drive service excellence, mitigate risks, and gain increased value over the life cycle of the vendor relationships. Selection, contract structuring and ongoing monitoring of third party service providers are the consistent theme from the regulatory agencies and other risk experts.

Technology Service Provider Contracts

Understanding the increasing dependence that financial institutions have on technology service providers, bank regulators have ramped up their efforts to require banks to appropriately handle third-party risk management. The Federal Deposit Insurance Corporation (FDIC) has identified gaps noted by some examiners regarding several technology service provider contracts that were inadequate under existing guidance. These contracts were missing or inadequately addressed key provisions, such as:

  • Requiring the service provider to maintain a business continuity plan,
  • Lacking standards for data recovery along with appropriate remedies when a recovery standard is missed.
  • Defining key terms in the contracts relevant to business continuity and/or incident response.

Contracts lacking these provisions violate the Interagency Guidelines Establishing Information Security Standards, as promulgated under the Gramm-Leach-Bliley Act.

Vendors that provide technology-related services can create special risks for depository institutions that must be properly addressed in their service contracts. The FDIC indicated that it plans to hold boards and senior management of financial institutions accountable for controlling those risks, in accordance with the requirements of the law and its existing regulatory guidance.

Financial Institutions should be willing to hold their service providers accountable and negotiate an appropriate contract. All financial institutions should have provisions that they review for all of their contracts, along with a robust vendor management program that will help uncover any weakness in business continuity and data recovery early in the process.

Strunk at WBA’s Education Summit & Regulatory Compliance Conference

Strunk is excited to be exhibiting once again at the Western Bankers Association’s Education Summit & Regulatory Compliance Conference next week, August 25th-28th. This year hosted at the Hyatt Regency Huntington Beach, the event always proves to have many learning opportunities for bankers to gain insight into the most current information facing our industry.

In addition to visiting with many current clients, we look forward to showing attendees the latest features offered by our Governance, Risk Management and Compliance (GRC) software. The solution now includes six GRC tools – Risk Assessor, Policy Manager, Controls Manager, Skills Manager, Issues Manager and the all new Vendor Manager.

Vendor Manager provides an easy to follow standardized process to assess risk, gather due diligence materials, evaluate contracts and stores all vendor documentation in one convenient place. Vendor Manager keeps everything organized, is simple to use and of course follows the latest FFIEC guidelines.

Please stop by booth 28 to learn how to improve compliance, streamline responses, and enhance collaboration… all with less effort. All bankers will also have the opportunity to enter to win a $250 Amazon gift card from Strunk. We can’t wait to see you!

The Four Compliance Commandments

We’ve spent a lot of time working on and thinking about Governance, Risk Management and Compliance. Whole books have been written on this subject and there are graduate-level university courses on it as well. But in the practical world, for most businesses we think the whole GRC universe can be boiled down to four basic principles that we call the Four Compliance Commandments:

1) Know Your Risks
2) Ensure Your Policies Mitigate Key Risks
3) Trust, But Verify
4) Prove It

Every CEO and Board worries about this stuff … or should, so let’s break the commandments down:

Compliance Commandment I : Know Your Risks

Every organization must understand the risks it faces if it wants to survive. Organizations tend to get in trouble when they mis-perceive the risks they are up against. Many organizations falter because they under-estimate a risk, but over-estimating a risk can be just as bad, causing an organization to miss a key opportunity.

Over the years, society has created rules designed to limit organizations from taking risks unnecessarily or unknowingly. Often these rules come from the government, but there are other rules, like the SOC2 framework, that come from other sources, like accountants or professional associations. Good examples of these include:

  • Banks or credit unions must comply with regulatory requirements
  • Service providers must comply with external frameworks like SOC2
  • Health care providers need to show compliance with HIPAA requirements

Essentially these frameworks are checklists of risks to consider. These lists can run to a hundred or more items. Reviewing each item and assessing trends can be quite time consuming.

At Strunk we have extensively automated these checklists, making them easier to assess, easier to delegate and easier to summarize.

Compliance Commandment II : Ensure Your Policies Mitigate Key Risks

To keep your organization healthy everyone needs to understand what risks to avoid, what risks to take and under what circumstances. This is where policies come in. Policies communicate what is appropriate risk-taking behavior to your organization.

Strunk recommends organizations evaluate their policies versus the risks. Do you have policies in place that adequately address your key risks? If not, you might want to update your policies. Conversely, do you have policies that don’t really map to any of your key risks? If the answer is yes, then consider simplifying or eliminating that policy.

Strunk provides an automated tool for mapping your policies against your risks. At a glance you can then see which risks are not covered by any policies and which policies are not covering any risk. Strunk Policy Manager organizes all your policies into a relational database, with extensive version tracking, granular ownership assignment, and PDF reports for board or external use.

Compliance Commandment III : Trust, But Verify

Policies are pointless unless the organization follows them. Human nature being what it is, there is a natural tendency for people to cut corners. Too many times organizations let months or even years go by assuming that a policy is still being followed when, due to turnover or distractions or work pressure, that is no longer the case. To maintain policy effectiveness you must test periodically. You can only expect what you inspect.

Our Controls Manager automates the verification process. You create a set of control procedures for testing compliance with your policies, establish a testing schedule for these controls and assign responsibility. The system automatically schedules the testing, creates a calendar showing the month’s tests at a glance, generates alerts on upcoming or overdue tests and provides a dashboard summarizing testing status, including highlighting tests that are overdue or have failed.

You can map your controls to your policies. One control can cover more than one policy and one policy may be covered by more than one control. You can then use the maps to identify policies which need controls or controls which are no longer covering a policy and perhaps should be discontinued.

Compliance Commandment IV : Prove It

Unfortunately it is just not enough to adhere to commandments I through III. You must also be able to prove your adherence, which means abiding by what we call “the law of physical evidence”: a thing isn’t done until you can provide physical evidence that it occurred. You can’t just say you did it; your board, regulators, auditors and customers are going to want proof that you did it.

Many organizations approach this process somewhat haphazardly. They do some kind of paper-based risk assessment, write some policies, set up some checklists, fill out some forms, put some basic tracking in place … easy. The result is a patchwork of Word documents and PDFs and spreadsheets. Then they start emailing them around, and storing different versions on different computers and pretty soon you have a mess: multiple versions, unclear responsibilities, status hard to track. Managing risks, policies and controls is not rocket science by any means, but it really helps to stay organized.

We believe the best way to stay organized is to get out of spreadsheet land and move everything into a modern relational database. A relational database helps connect all the dots so you can keep track of the status of different policies and policy versions, know who is responsible for each compliance activity, log changes, produce consistent reports, provide a single source of truth, with fine-grained control over access and edit rights.

With a system like Strunk Access, when your auditors show up for their exam, you have at your fingertips your latest risk assessment, your compliance map showing how your policies map to your risks and your controls map to your policies, your log of all the changes to your policies over the past year, and a complete record of all your control testing. The result: fewer surprises, your auditors can get their work done more quickly, and your staff spends less time responding to auditor requests.

Strunk at COCC Foxwoods

We were happy to see so many friends and clients at the COCC Annual Client Conference earlier this month. We were definitely on friendly ground, as we have now implemented our solutions for well over half the COCC base. This event set a new attendance record for COCC. Thank you to everyone who dropped in to see us and congrats to Maria Sgambati at Everett Co-operative Bank who was the winner of our $250 Amazon gift card.

At the conference we were able to show off some of the latest improvements in our Governance, Risk Management and Compliance (GRC) software. We have upgraded Risk Assessor to version 2. It now includes automated feeds of peer data from the FDIC, consolidated risk and trend scoring, and an inline scoring history so you can see at the indicator level your scores on prior assessments. Policy Manager now includes more fine-grained reader logging and alerts.

We also were able to demo our new Vendor Manager tool for managing vendor risk. Vendor Manager provides an easy to follow standardized process to assess risk, gather due diligence materials, evaluate contracts and store all vendor documentation in one convenient place. Vendor Manager keeps everything organized, is simple to use and of course follows the latest FFIEC guidelines.

Law Firms Seeking Plaintiffs to Sue Credit Unions

Law firms have started using social media and web advertising to recruit class action plaintiffs to sue credit unions regarding their overdraft practices and disclosures. Demand letters or complaints filed may make several allegations, including:

  • Violations of EFTA and Reg. E, even where the credit union uses the Model A-9 form.
  • Breach of contract due to unclear or ambiguous terminology in account agreements, such as lack of clarity as to how the credit union will determine that there are insufficient funds in the account.
  • Violations of state consumer laws, such as California’s Unfair Competition Law, New York’s statute addressing deceptive acts and practices, or New Jersey’s Consumer Fraud Act.

Strunk agrees with the risk mitigation recommendations from the CUNA: Credit unions should review their processes for handling reinitiated/resubmitted incoming electronic debits to member accounts that the credit union previously returned unpaid due to insufficient or uncollected funds resulting in an NSF fee. If your credit union charges another NSF fee for reinitiated/resubmitted items that are returned unpaid again, review your account agreement to ensure it discloses that NSF fees may be imposed on the same transaction.

If your credit union assesses overdraft fees based on available balance rather than actual balance/ledger balance, review your account agreement to ensure it contains a description of how certain transactions, such as debit card pre-authorization holds and check holds, impact the available balance, including examples of each. For debit card pre-authorization holds, ensure the account agreement discloses how subsequent debits to the account impact the available balance and that an overdraft fee could be assessed when the debit card transaction posts to the account taking it negative.

It has always been Strunk’s recommendation to precisely disclose the method used to calculate available balance in your account agreement. Because Strunk ODP documents refer to the use of Available Balance, which should be properly disclosed in the member account agreement, there are currently no recommended changes to Strunk’s ODP documentation. We will provide additional information if there are any upcoming changes to our disclosure documentation.