Upon further investigation, it appears that these concerns are actually looking at services such as CPNI’s P2P solution PATsend™ and others that allow financial institution customers to send money from their account to another person’s account via a social media channel or other channels such as mobile phones and email. While not widely adopted yet, these types of payments would obviously need to be incorporated into the financial institution’s normal BSA/AML monitoring processes to determine activity risk levels.

Reg E becomes relevant when the financial institution is directly involved in these service offerings. In these instances, the institution must take care of the Reg E disclosures required for all payments made electronically.

Free Webinar: Social Media ABCs from Reg B to Reg Z – July 27, 2010 1pm – 2pm EDT

Failing to figure out the regulatory issues is what’s holding over 75% of banks and credit unions back from using social media. With concerns ranging from Regs B – Z to reputational risk, it’s only a matter of time before financial regulators turn their focus to addressing social media. The time to prepare is now! – This webinar will discuss the proper steps to ensure sound social media compliance. Hear directly from bank and credit union executives as they share lessons learned during their own institution’s social media implementation. Learn more and Register for this Webinar today!

Free Banking Policies: Social Media, Internet Acceptable Use

Continuity Control has a dozens of free banking policies and checklists available to our members. Of particular interest to readers of this blog post might be several internet acceptable use policies that cover social media as well as a policy specific to social media. Control’s Community provides a collaborative forum for banks, credit unions and industry vendors to work together cooperatively to tackle the complexities of compliance.

Here are five more regulations that affect banking compliance when social media is used by the financial institution.

1. Reg B all records related to a loan application be maintained for 25 months (ie: complaints or comments regarding the loan must be retained)
2. Reg BB all CRA-related comments received must be kept in the institution’s CRA public file.
3. Reg DD (Truth–In-Savings Act) applies for any commercial message in any medium that promotes, directly or indirectly, deposit accounts. If a communication of this type is sent, a record of the message must be retained for 2 years.
4. GLBA (Gramm Leach Bliley Act) requires security of customer information, insurance disclosures  should appear if the bank mentions insurance products in its posts or on its pages.
5. Reg Z (Truth-In-Lending Act)  applies for any commercial message in any medium that promotes, directly or indirectly, a credit transaction. If a communication of this type is sent, a record of the message must be retained for 2 years.

This is obviously just the tip of the iceberg when it comes to concerns that financial institutions might have when starting any social media initiative. What’s your most pressing compliance concern regarding social media? Please leave your comments below or in Control’s Social Media Best Practices forum (exclusively for community bank and credit union folks, the vendors that serve them and financial industry regulators).

Free Banking Policies: Social Media, Internet Acceptable Use

Continuity Control has a dozens of free banking policies and checklists available to our members. Of particular interest to readers of this blog post might be several internet acceptable use policies that cover social media as well as a policy specific to social media. Control’s Community provides a collaborative forum for banks, credit unions and industry vendors to work together cooperatively to tackle the complexities of compliance.

Free Webinar: Social Media ABCs from Reg B to Reg Z – July 27, 2010 1pm – 2pm EDT

Failing to figure out the regulatory issues is what’s holding over 75% of banks and credit unions back from using social media.  With concerns ranging from Regs B – Z to reputational risk, it’s only a matter of time before financial regulators turn their focus to addressing social media. The time to prepare is now! – This webinar will discuss the proper steps to ensure sound social media compliance.  Hear directly from bank and credit union executives as they share lessons learned during their own institution’s social media implementation. Learn more and Register for this Webinar today!

520 rulemakings  –   81 studies  –   93 reports

To put this into perspective, Sarbanes-Oxley required 16 new regulations and 6 studies. That’s right, the Dodd-Frank bill is over 30 times the size of SOX.

Costs

We’ve already established that community banks and credit unions spend a significant amount of resources on managing compliance (learn more at www.compliancetax.com) and the FDIC Quarterly Banking Profile (3/10) shows us that community banks are almost exactly 20% less efficient than larger banks. A Deloitte survey shows that by 2010, financial institutions expect to spend more than double (annually) what they had spent in 2006 to manage risk and compliance.  These are depressing numbers indeed.

Burden

With the signing of this regulatory reform bill into law, the intense regulatory burden that our nation’s community banks and credit unions are shouldering continues to grow and industry experts paint a grim picture with their predictions. This January, Kristin Moyer from Gartner blogged that by 2013 the rising costs of regulatory compliance and risk management will have priced Tier 3 and Tier 4 banks, lacking robust systems, processes, knowledge and financial resources to meet those legislative demands, from the market. The ABA says, “Still many community bankers, faced with what ABA estimates will be 5,000 more pages of regulation, are telling us that they may opt instead to sell their franchise.” Main Street bankers fear that they’ll be placed on the endangered industry list because “larger organizations are better able to absorb the costs of compliance.”

The ominous sentiment throughout the banking industry is “merge or die”. When simply hiring a full time IT professional and a compliance officer can entirely wipe out the financial institution’s profitability, it’s obvious that something’s got to change or the choices to merge or die are truly all that’s available. While we can lobby and protest all we want, the likely situation is that very little will be changing to reduce the amount of regulations that community financial institutions must observe.

A Third Option

As a nation, we need community banks and credit unions! Their death is simply not an option in our eyes. There’s an entire movement afoot to encourage citizens to move their money away from big banks and into these smaller financial institutions. But simply raising deposits isn’t going to make the difference that is necessary to keep them in business.  As Steve Williams from Gonzo Banker says in Mandate #1 for Climbing Out of Banking’s Dark Ages,

Don’t whine about risk management and compliance, reinvent it.

Imagine:

• Community bankers coming together to create economies of scale greater than their big bank counterparts.
• Collaborating on thorny compliance issues, sharing and remixing banking policies via Creative Commons licensing, asking and answering questions about compliance issues so that we need not re-invent the wheel 16,000+ times for each community financial institution – all of this on a free online platform exclusively for community bank and credit union folks, the vendors that serve them and financial industry regulators.
• Top that with with powerful, inexpensive applications(Apps) for handling everything from ACH to Reg-Z that each automate the entire life-cycle of an area. Tasks like board approval, risk assessment and auditing are not separate, but integrated into every App.
• Finally, add in a Regulatory Compliance Guarantee: as regulations change, Apps are updated at no additional cost, guaranteeing your financial institution’s compliance in each area.

Banking compliance. Reinvented.

At Continuity Control our mission, and passion, is to help community financial institutions survive and thrive by reducing their compliance costs through the use of innovative technology.  We invite you to join us on our mission to cut the Compliance Tax™ and enable Main Street bankers to get back to the business of banking and serving their communities in a manner that the big banks will never be able to match.

The list was compiled based on a recent Webinar in which the Federal Reserve Board staff highlighted the following features for success:

1. The tone from the top of the institution creates a “culture of compliance.”
2. Compliance within the institution is given status, authority and resources.
3. The compliance function within the organization is independent of the business line.
4. Clear accountability exists throughout the organization and is broader than just that of a compliance officer or compliance department.
5. Business processes integrate compliance, involving it in the new product infrastructure, not as an after thought in the decision making process.
6. Comprehensive risk assessment drives structure, resource, and control decisions.
7. Robust audit and review processes exist.
8. Controls, policies, procedures, job aids, training – are consistent with the risk profiles.
9. Compliance staff are technically proficient – establishing networks, seeking guidance and using available resources.
10. There’s a method for early detection of new or emerging risks.

This is certainly a great resource list to start the process of evaluating or re-evaluating your own Financial Institutions’ compliance program. We can all agree that with regulatory reform it’s costing more and more to be compliant. At Continuity Control, we refer to this overall burden (money, manpower, resources) as the Compliance Tax and believe that the key to reducing this tax is through the use of technology to help manage as well as organize the process.

How compliance was managed yesterday will simply not work going forward. The process just has become far too cumbersome and time consuming.  This is why so many within the industry are saying that the cost of compliance is putting institutions at risk of being priced out or regulated of the market. Dealing with the issue requires innovation and automation to reduce the costs. That is where technology can be used as a way to reinvent how the process is handled and further your compliance management efforts to efficiently ensure a successful compliance program within your organization.

Bringing down the costs associated with the work of compliance allows you to focus on the business of banking, better competing and serving your market. ]]> http://www.blog.continuity.net/thoughts-on-a-successful-compliance-program/feed/ 0 http://www.blog.continuity.net/email-policy-free-banking-policies/ http://www.blog.continuity.net/email-policy-free-banking-policies/#comments Thu, 24 Jun 2010 20:58:30 +0000 Sonya http://www.continuity.net/?p=2371

This week’s free banking policy is an Email Policy. This is a separate policy than the Email Retention Policy (“guides the implementation and operation of the institution’s email retention systems so that risks and regulations adequately addressed”) that we featured four weeks ago. Control™ members can find that one in the IT section of the Free Policies page on Community.

Excerpt from the Email Policy: “Electronic mail, most commonly abbreviated email, is a method of exchanging digital messages. The purpose of email is to enhance communication between institution employees and colleagues, customers or members. Email is a form of written communication conducted by way of computer devices, typically an email server, with a network-enabled device for the duration of message submission or retrieval. Employees must uphold high standards of professionalism when emailing.

Emailing requires care, unlike telephone conversations that are transmitted instantaneously and then disappear from the communications network, an email message is stored on the network and can be accessed long after it has been sent and read by the recipients. Email messages sent to others can be forwarded to third parties, printed, stored, or inadvertently routed to individuals other than the intended recipients. Email is also subject to subpoena in the event of litigation or other legal proceedings.”

Every week, Continuity Control releases a free banking policy for use by community banks and credit unions throughout the United States of America. These policies are made available through Creative Commons licensing so that banks and credit unions may freely remix and reuse the content to suit their individual financial institution’s needs. When we release a new policy, the previous week’s policy is archived on Control where it is always available for free to Control members. Learn more about additional benefits free Control membership offers exclusively for community bank and credit union folks, the vendors that serve them and financial industry regulators.

Please remember that this policy is only available for free to unregistered visitors to our website through July 1, 2010. If you are looking for a particular policy that you would like us to feature, please let us know in the comments!

“On Tuesday May 11 in San Francisco, FinovateSpring 2010 showcased the most cutting-edge financial and banking technology innovations to Silicon Valley and the world.”

The videos from FinovateSpring2010 are now up on the Finovate site. Please check out some of the other 36 companies that demoed substantial new products and/or features. But first, here’s the Continuity Control demo:

Since we posted the initial Finovate feedback, Control has been recognized as being among the:

Most Helpful,

one of the most helpful of the products demoed at Finovate “What if somebody had told you three years ago about “an app store for financial compliance tools”? You’d have encouraged them to check both their diction and their predictions. But with “app” in common usage, Continuity Control actually lets you take an a la carte approach to compliance software.”

Most Interesting,

one of the Five Most Interesting Companies at Finovate “Financial institution compliance services.  Seems like a no-brainer in light of pending financial reform and everything other crisis-reform cycle that has taken place in the financial services sector over the past decade or so.  A solid presentation and what appears to be a solid management team.”

and Most Promising Financial Technology Companies

and, Celent selected Continuity Control as one of  Finovate’s most promising companies to watch in 2010.

Let’s face it, today, credit unions are faced with significant challenges such as driving growth, raising core deposits, member retention, expanding membership and ever increasing competition. Adding to these ongoing challenges is the ever-present and ever-increasing burden that regulatory compliance places on credit unions. At Continuity Control, we refer to this burden in the aggregate as the “Compliance Tax™”, and it is a cost that continues to grow with no end in sight.

This burden is leaving credit unions with the pressing question of “how to manage it all?” as the act of adhering to compliance continues to be more complicated and costly. Managing compliance not only costs in terms of dollars spent but manpower and other resources that have to be dedicated to the process. All of which takes away from serving the credit union’s membership.

This is where technology can be of help and in the end free up the resources that can then be dedicated to serving your members. Technology sits in the background and in the case of Control™, promotes more efficient management of the compliance process. It allows credit unions to have more visibility into the process and make better decisions, leading to better outcomes. In an age of doing “more with less”, technology can play a vital role in enhancing the process by automating tasks that in the past have been inefficient, tedious and manual.

The automation and streamlining that technology can provide is key to not only reducing costs but to better managing risk and compliance. With the proper technology in place the extra work that comes with the manual methods is now eliminated, reducing the work associated with compliance, and therefore reducing the burden and cost of compliance (i.e., the Compliance Tax).

As technology solutions have evolved, the role of making technology work has also evolved. Solutions exist today that enable the user to chose what specific area of compliance to address. These “user friendly” solutions are easy to get, easy to use and with available reporting features — easy to monitor. The main benefit here is that users can be up and running quickly with minimal data to enter and little or no training, and as a result can be productive from the start.

Using technology to manage the process moves risk mapping and auditing from people to software. It eliminates having an individual pushing the process along by automatically distributing the policies, sending reminders, ensuring consistency throughout the credit union and tracking everyone’s progress. The end result is that leveraging technology eases the burden and allows the credit union to focus on what they do best – serving the member.

To learn more about how the cost of compliance is affecting your credit union, I invite you to check out our free Compliance Tax calculator and white paper at www.compliancetax.com.

One of the most important aspects of any vendor management system is to assess the risk that each vendor presents. Again, since services outsourced can be from any department, the levels of risk associated with each vendor will vary. At Continuity Control, we advise credit unions and community banks to use a simple three tiered approach to assessing risk with each vendor.

After placing the financial institution’s vendor into a particular risk category, a consistent set of procedures followed within that category will control the associated risks. This simple, yet thorough system ensures that vendors are actually managed and that the staff at your institution understands what they are required to do and when it needs to be completed.

Continuity Control has a vendor management policy available for free, along with many other free financial institution policies and checklists available to our members. Control’s Community provides a collaborative forum for banks, credit unions and industry vendors to work together cooperatively to tackle the complexities of compliance. Members of Community can ask, answer or share in the forums and blogging platform on the site, thus building a shared environment that reduces the burden of compliance.

Free Webinar: Vendor Management – Compliance Checklist Manifesto Series

Regulatory examiners are expecting to see and review your financial institution’s vendor management program, which is to include a process for assessing specific vendor risk, vendor selection, contracting, and ongoing oversight. - Join this webinar to learn how implementing a repeatable process will provide consistency and reduce your financial institution’s Compliance Tax by saving you time and resources, including ensuring your valuable dollars are spent wisely.

• Janitorial – does your janitorial service follow proper background checking, hiring, bonding and subcontracting practices to comply with Sarbanes-Oxley and other FFIEC requirements?
• Security – is your security service doing complete background checks on their employees? Here’s a case where negligence in this area proved to be quite costly.
• Landlords – typically this is not covered under vendor due diligence, but with stories like this one out of Webster Bank in Connecticut, it’s a good idea to look closely at all of these relationships.
• Shredding service – are the representatives security screened and insured? Is there a secure chain of custody to ensure that your valuable information never falls into the wrong hands?

Obviously these are only a few examples of outsourced services outside of the IT department. Please comment on this post so we can collaborate on other services that your financial institution’s vendor management policy and procedures might want to cover.

Free Webinar: Vendor Management – Compliance Checklist Manifesto Series

Regulatory examiners are expecting to see and review your financial institution’s vendor management program, which is to include a process for assessing specific vendor risk, vendor selection, contracting, and ongoing oversight. - Join this webinar to learn how implementing a repeatable process will provide consistency and reduce your financial institution’s Compliance Tax by saving you time and resources, including ensuring your valuable dollars are spent wisely.

The passionate folks at Continuity truly believe that Control will revolutionize how community financial institutions manage compliance. By freeing up excess time and money currently associated with compliance (see ComplianceTax.com), credit unions and community banks will have more resources to get back to the actual business of banking. So, Tuesday afternoon, when the Control demo was scheduled to happen, most of the Control team was glued to the Twitter stream for #Finovate to see how our product was received.

Trust but Verify - photo by: Rob Kunkle/goodLux imagery

As soon as we saw this tweet from NetBanker, we knew Andy and Mickey were on stage:

Continuity Control debuting compliance platform based on monthly subscription fees, the App Store of bank compliance #finovate

For the seven minutes that followed, we watched anxiously as the feedback began. What follows is a sampling of the tweets referencing Control’s demo.

Nice job on design layout via Continuity Control at #finovate http://bit.ly/cS2Erk ~highly readable

Continuity Control uses “to-dos” and a dashboard to show progress towards completing compliance tasks #finovate

Great work, Andy! Animal House * and * a Reagan joke? Solid! #ContinuityControl #Finovate

#finovate simple compliance for banks and credit unions with Continuity Control http://goo.gl/IYRC

OK- @continuitycontrols proved me wrong-innovation is feasible for compliance through app-store/SaaS model with “guarantees” imho #finovate

Additionally, here’s a blog post by Phil Ayres of Consected that gives an overview of the Control demo content. Mike Linskey live blogged the event and his comments about Control’s demo start on page 7. A few quotes from Mike’s blog follow.

ContinuityControl are compliance guys, and they’ve got a Compliance AppStore!

AppStore replaces RFP process & expensive consultants. Apps are easy to buy, are affordable (example is $199 a month for Bank Secrecy Act app), and based around to-do lists & supporting documents.

In addition to the photos in Mike’s blog, there are some great shots (including the one above) taken by Rob Kunkle of goodLux imagery and shared on Flickr. The video of Control’s demo (and the other 35 demo videos) should be available on the Finovate site in a few weeks. We’ll be sure to share with you as soon as it becomes available.