 |
 |  |  |  |  | | | If you have any feedback on how we can make our new website better please do contact us and we would like to hear from you. | |
|
|
 |
 |
|
| 
 |
|
Our
company has performed audits for community banks for over 15 years specializing
in the areas listed below. Our goal is
to provide very detailed and customized audit reports that address the
regulatory or risk-based threats related to each area. One of the major differences in our reports
from others is that we try to insure it is written in a way that is easily
understood by management. We also
provide sample policies, procedures or recommendations on how to correct any deficiency
as part of the program. Our goal is to
work as your partner and insure there are no surprises or “gotcha’s” in the
final reports.
Information Technology
(IT) Audits This audit is designed to satisfy the IT audit
requirements and comply with the FFIEC guidelines for community banks. As part of the service, we provide
recommendations, policies or other assistance to address any concerns that may
help improve the institution’s oversight and operations. Our company gives you access to our extensive
operational background for over 30 years in this industry specializing in the
IT and operations field and experience that comes from serving as COO for a
large community bank. By serving as an
external IT auditor and also working as a COO, we have that unique
advantage to know what examiners are looking for and understand the
banker's challenges to meet all expectations. Annual ACH Audit We have been performing this required annual audit for
many institutions for over 10 years. Our in-bank experience and AAP
(Accredited ACH Professional) credentials give us hands-on knowledge of the ACH
service on the regulatory, technical and managerial levels that cannot be
matched in the marketplace. We do
provide sample policies, procedures, risk assessments as needed to address any
deficiency that may be identified. The
audit also includes a certification statement that can be provided to NACHA or
regulatory body to state that the annual audit was completed following the
Appendix Eight requirements of the ACH RULES book.
o
Review of BSA/AML policies and management oversight
o
Review of CIP policy, risk assessment and compliance
o
Review of procedure to monitor and detect CTR
transactions, including aggregation of transactions
o
Review of CTRs, SARs and Exemptions
o
Review of Monetary Logs and WTF procedures
o
Review of OFAC compliance procedures
o
Review of FinCEN compliance procedures
o
Review of customer notices
o
Review of ongoing training for compliance
o
Review of BSA Officer and management reports
o
Review of 3rd party agreements related to
BSA and Patriot Act
o
Review of recordkeeping of BSA documents
CATO (Corporate
Account Take-Overs) Security threats have
increased dramatically over the past several years where cyber thieves gain
control of a business’ bank account by stealing employee password and other
valid credentials. Fraudulent wire and
ACH transactions are then sent to account controlled by the thieves. This creates financial, security, reputation
and customer relationship risks for SECURITY Bank whenever one of its customer’s
is targeted by these attempts. These
types of fraudulent attempts are generally referred to as a Corporate Account
Takeover, or CATO.
Regulatory
advisories have been issued to establish minimum efforts as well as recommended
“best practices” that should be incorporated into a fraud prevention program
related to the electronic banking services.
These efforts should focus on the high risk customers, types of accounts
and services (such as wire transfers and ACH originations) using available and
reasonable tools or procedures by the bank.
Our review includes the specific items that were to be addressed by
member institutions according to the FFIEC and the Texas Department of Banking
guidelines.
Wire Transfer Audit This banking service represents a high-risk activity that
includes specific security and documentation procedures to address fraud and
regulatory requirements. This audit
examines the policies, procedures and documentation related to this
function. It includes a review of
FedAdvantage (or any other application) security settings, the transmission,
review and approval of requests as well as compliance with OFAC and
documentation need.
Internet Banking or
Mobile Banking Audit This service can be customized to address the specific
need of the institution. It can include
compliance of the marketing site, security and processing policies and
procedures for the Internet Banking site, or any specific features such as Cash
Management, Bill-Pay, Mobile Deposit or Remote Deposit Capture.
OTHER SERVICES
These
services have also been offered to address a specific need. All of these engagements are customized to
meet the specific challenge or need that is facing the bank’s management.
Core Provider RFP and
Evaluations We are very familiar with many of the core or auxiliary
service providers and can help draft a Request For Proposal and analyze
competitive bids based on costs, features and deliverables for the bank’s management. Our services are totally customizable as to
the specific needs or desired by the bank.
Training We have conducted numerous training sessions on a wide
variety of operational topics. We can
conduct training for task-specific roles, operational regulatory or technology
and fraud prevention issues. We have
been an instructor or presenter for IBAT, TBA, SWGBS, Texas Tech School of
Banking and many other national banking organizations. We can also develop customized and branded
programs if needed. Policies & Risk
Assessment We have developed policies and risk assessments covering
most operational or IT related functions which can be customized as
needed. We also have a vendor management
program for the annual due diligence for this important task. IT/Communications Inventory
& Cost Analysis We offer a service where we can review all your IT and
communications equipment (including phone, fax, data and internet connections)
to evaluate obsolete, unnecessary or poorly designed system issues. This often will result in a recommendation to
eliminate expensive monthly line or maintenance plans which more than pay for
the analysis.
 |
|
 |
