Electronic Banking Risk Assessment -Product Training

© 2010 Fiserv, Inc. or its affiliates.2

Electronic Banking Risk Assessment

Rachel RathmanCompliance DirectorBeavercreek Marketing

Steve RasmussenPresidentBeavercreek Marketing

© 2010 Fiserv, Inc. or its affiliates.3

Disclaimer Notice

• Any interpretations or views expressed, written or verbally, are Beavercreek Marketing’s views of the impact of the regulatory/legislative rulings and do not constitute a legal opinion.

• Beavercreek Marketing and Fiserv assume no liability or responsibility for errors or omissions in the content of thispresentation or the Risk Assessment software.

© 2010 Fiserv, Inc. or its affiliates.4

About the Risk Assessment Software 

• Comprehensive risk assessment tool to help identify, measure, monitor, and control risk from electronic banking operations.

• Covers a wide range of electronic banking products, tailored specifically to Fiserv products.

• Risk assessment tool can be used to complete both inherent and residual risk assessments.

• Content is consistent with the most recent FFIEC guidance, including the 2011 “Supplement to Authentication in an Internet Banking Environment” guidance.

• Survey questions will be updated on an ongoing basis to comply with regulatory changes and changes to Fiserv product offerings.

© 2010 Fiserv, Inc. or its affiliates.5

• Secure online application – no software to install

• Log on with unique user name and password

• Hosting facilities are Tier II, SAS-70 certified

• Strong encryption is applied to all user input fields and passwords

• Optional out-of-band authentication from Phone Factor is now available - additional fee of $50 per user per year

About Security

© 2010 Fiserv, Inc. or its affiliates.6

• Assigning users to the risk assessment tool – contact Beavercreek to add/delete users.

• Log on procedures.

• Optional out-of-band log on procedures.

• First time log on – read and accept the terms and conditions.

• Assigning contacts within the risk assessment tool – contacts do not have to be registered users.

Getting Started

© 2010 Fiserv, Inc. or its affiliates.7

• Risk assessment questions can be completed by Product or by risk Category.

• Clicking “Home” on the Features menu will always allow the user to return to the home screen

• Help menu is available.

• Use the “Comment” button to issue comments, ideas, and suggestions to Beavercreek.

• Find and share solutions with other Fiserv users via Community Threads.

General Navigation

© 2010 Fiserv, Inc. or its affiliates.8

• Drill down to access questions by category.

• Risk assessment tool will indicate how many questions for each category have been answered.

• Most questions have yes / no answers, some questions require a text answer.

• New! When appropriate, users can apply the answer for a surveyquestion to all electronic banking products simultaneously.

• Users can send emails to contacts directly from the risk assessment tool.

Answer Survey Questions

© 2010 Fiserv, Inc. or its affiliates.9

• Risk assessment tool allows you to create and track action items.

• Action items can be either requests for information,or assignments to complete corrective action.

• Action items are assigned to contacts.

• Action items include due dates and “marked as completed”.

• A complete listing of action items for easy tracking.

• There are 14 categories – suggest assigning one person to each category.

• New! Send individual survey questions, or complete categories to team members.

• Contacts do not have to be registered users – anyone with email can receive assignments.

Make Assignments

© 2010 Fiserv, Inc. or its affiliates.10

• Risk assessment tool includes a “notes” field for each survey question.

• Users can include any content they wish in this field – including survey questions specific to your financial institution.

Take Notes/Add New Questions

© 2010 Fiserv, Inc. or its affiliates.11

• Use the results of the survey questions and the risk assessment grid to assign a risk rating for each risk category.

• Risk assessment grid considers both the “likelihood” and “consequence” of risk.

• Complete the “Management Findings and Controls” section to brieflysummarize the findings in each risk category. This could include anoverall summary of risk, a summary of compensating controls, anda description of any necessary corrective action.

• Assign a date to each risk rating and note who prepared the risk rating.

• Residual risk rating is the default setting. Check the box for Inherent risk rating.

Assign Risk Ratings per Category

© 2010 Fiserv, Inc. or its affiliates.12

• Use the findings from each risk category and the risk assessment grid to assign an overall risk rating to each product.

• Complete the “Management Findings and Controls” section to briefly summarize the findings for each product.

• Assign a date to each risk rating and note who prepared the risk rating.

Assign Overall Risk Ratings per Product

© 2010 Fiserv, Inc. or its affiliates.13

• Risk assessment tool provides two different types of reports.

• A complete report will include all survey questions and answers for the product, as well as the management findings summary section and risk rating.

• An executive summary report will include only the managementfindings summary section and risk rating for the product.

• The system does not save your reports. Reports can be saved to your hard disk as a .pdf file.

Print & Save Reports

© 2010 Fiserv, Inc. or its affiliates.14

• To complete future risk assessments, update survey questions as needed.

• Create new risk ratings for each risk category and for the product as a whole when completing an updated risk assessment.

• Risk assessment tool saves an unlimited history of category and product risk ratings.

• New survey questions will be added for new regulations or major Fiserv product releases.

• All registered users will be notified via email when updates are available.

• Newly added questions and other changes will be clearly marked.

Update the Risk Assessment

© 2010 Fiserv, Inc. or its affiliates.15

• Survey questions are also included to complete the ACH internal operations risk assessment that is required by NACHA.

• All categories for ACH Operations Risk Assessment are labeled “ACH”.

• New ACH updates will be released in December or January.

About the ACH Operations Risk Assessment

© 2010 Fiserv, Inc. or its affiliates.16

Also Available – ID Theft Education for Consumers, Businesses, and Staff

• Quarterly statement inserts

• Quarterly email sends

• For consumers and businesses

• See pricing and order at bankall.com

© 2010 Fiserv, Inc. or its affiliates.17

ID Theft Education Materials

© 2010 Fiserv, Inc. or its affiliates.18

ID Theft Education Materials

Online Education Center

- Consumer and business ID theft videos

- Embed videos into website and Facebook

- Deliver video email blasts

- Free 20-Page ID Theft Emergency Repair Kit (pdf)

- Track and report all videos viewed

For more information contact Beavercreek Marketinginfo@bankall.com308-381-0311