Date post: | 27-Dec-2015 |
Category: |
Documents |
Upload: | grace-west |
View: | 217 times |
Download: | 1 times |
Electronic Banking Risk Assessment -Product Training
© 2010 Fiserv, Inc. or its affiliates.2
Electronic Banking Risk Assessment
Rachel RathmanCompliance DirectorBeavercreek Marketing
Steve RasmussenPresidentBeavercreek Marketing
© 2010 Fiserv, Inc. or its affiliates.3
Disclaimer Notice
• Any interpretations or views expressed, written or verbally, are Beavercreek Marketing’s views of the impact of the regulatory/legislative rulings and do not constitute a legal opinion.
• Beavercreek Marketing and Fiserv assume no liability or responsibility for errors or omissions in the content of thispresentation or the Risk Assessment software.
© 2010 Fiserv, Inc. or its affiliates.4
About the Risk Assessment Software
• Comprehensive risk assessment tool to help identify, measure, monitor, and control risk from electronic banking operations.
• Covers a wide range of electronic banking products, tailored specifically to Fiserv products.
• Risk assessment tool can be used to complete both inherent and residual risk assessments.
• Content is consistent with the most recent FFIEC guidance, including the 2011 “Supplement to Authentication in an Internet Banking Environment” guidance.
• Survey questions will be updated on an ongoing basis to comply with regulatory changes and changes to Fiserv product offerings.
© 2010 Fiserv, Inc. or its affiliates.5
• Secure online application – no software to install
• Log on with unique user name and password
• Hosting facilities are Tier II, SAS-70 certified
• Strong encryption is applied to all user input fields and passwords
• Optional out-of-band authentication from Phone Factor is now available - additional fee of $50 per user per year
About Security
© 2010 Fiserv, Inc. or its affiliates.6
• Assigning users to the risk assessment tool – contact Beavercreek to add/delete users.
• Log on procedures.
• Optional out-of-band log on procedures.
• First time log on – read and accept the terms and conditions.
• Assigning contacts within the risk assessment tool – contacts do not have to be registered users.
Getting Started
© 2010 Fiserv, Inc. or its affiliates.7
• Risk assessment questions can be completed by Product or by risk Category.
• Clicking “Home” on the Features menu will always allow the user to return to the home screen
• Help menu is available.
• Use the “Comment” button to issue comments, ideas, and suggestions to Beavercreek.
• Find and share solutions with other Fiserv users via Community Threads.
General Navigation
© 2010 Fiserv, Inc. or its affiliates.8
• Drill down to access questions by category.
• Risk assessment tool will indicate how many questions for each category have been answered.
• Most questions have yes / no answers, some questions require a text answer.
• New! When appropriate, users can apply the answer for a surveyquestion to all electronic banking products simultaneously.
• Users can send emails to contacts directly from the risk assessment tool.
Answer Survey Questions
© 2010 Fiserv, Inc. or its affiliates.9
• Risk assessment tool allows you to create and track action items.
• Action items can be either requests for information,or assignments to complete corrective action.
• Action items are assigned to contacts.
• Action items include due dates and “marked as completed”.
• A complete listing of action items for easy tracking.
• There are 14 categories – suggest assigning one person to each category.
• New! Send individual survey questions, or complete categories to team members.
• Contacts do not have to be registered users – anyone with email can receive assignments.
Make Assignments
© 2010 Fiserv, Inc. or its affiliates.10
• Risk assessment tool includes a “notes” field for each survey question.
• Users can include any content they wish in this field – including survey questions specific to your financial institution.
Take Notes/Add New Questions
© 2010 Fiserv, Inc. or its affiliates.11
• Use the results of the survey questions and the risk assessment grid to assign a risk rating for each risk category.
• Risk assessment grid considers both the “likelihood” and “consequence” of risk.
• Complete the “Management Findings and Controls” section to brieflysummarize the findings in each risk category. This could include anoverall summary of risk, a summary of compensating controls, anda description of any necessary corrective action.
• Assign a date to each risk rating and note who prepared the risk rating.
• Residual risk rating is the default setting. Check the box for Inherent risk rating.
Assign Risk Ratings per Category
© 2010 Fiserv, Inc. or its affiliates.12
• Use the findings from each risk category and the risk assessment grid to assign an overall risk rating to each product.
• Complete the “Management Findings and Controls” section to briefly summarize the findings for each product.
• Assign a date to each risk rating and note who prepared the risk rating.
Assign Overall Risk Ratings per Product
© 2010 Fiserv, Inc. or its affiliates.13
• Risk assessment tool provides two different types of reports.
• A complete report will include all survey questions and answers for the product, as well as the management findings summary section and risk rating.
• An executive summary report will include only the managementfindings summary section and risk rating for the product.
• The system does not save your reports. Reports can be saved to your hard disk as a .pdf file.
Print & Save Reports
© 2010 Fiserv, Inc. or its affiliates.14
• To complete future risk assessments, update survey questions as needed.
• Create new risk ratings for each risk category and for the product as a whole when completing an updated risk assessment.
• Risk assessment tool saves an unlimited history of category and product risk ratings.
• New survey questions will be added for new regulations or major Fiserv product releases.
• All registered users will be notified via email when updates are available.
• Newly added questions and other changes will be clearly marked.
Update the Risk Assessment
© 2010 Fiserv, Inc. or its affiliates.15
• Survey questions are also included to complete the ACH internal operations risk assessment that is required by NACHA.
• All categories for ACH Operations Risk Assessment are labeled “ACH”.
• New ACH updates will be released in December or January.
About the ACH Operations Risk Assessment
© 2010 Fiserv, Inc. or its affiliates.16
Also Available – ID Theft Education for Consumers, Businesses, and Staff
• Quarterly statement inserts
• Quarterly email sends
• For consumers and businesses
• See pricing and order at bankall.com
© 2010 Fiserv, Inc. or its affiliates.17
ID Theft Education Materials
© 2010 Fiserv, Inc. or its affiliates.18
ID Theft Education Materials
Online Education Center
- Consumer and business ID theft videos
- Embed videos into website and Facebook
- Deliver video email blasts
- Free 20-Page ID Theft Emergency Repair Kit (pdf)
- Track and report all videos viewed
For more information contact Beavercreek [email protected]