Adding Exceptional Value to Risk Management Programs

• Internal Auditing and Planning
Internal auditing is an independent, objective assurance and consulting activity, intended to add value and improve a bank’s operations by implementing a systematic, disciplined, analytic approach. The objectives of the audit are to evaluate and improve the effectiveness of existing risk management, control and governance processes. Internal auditing provides value to both governing bodies and senior management and can be a catalyst for improving a bank’s effectiveness and efficiency by providing informed insights, as well as near and longer-term planning recommendations.

• Consumer Compliance
Lending and operations compliance today goes well beyond the consumer and the Consumer Credit Protection Act. Compliance is now a bank-wide issue and applies to commercial, as well as consumer, accounts and business. In our role as compliance examiners, we make sure that commercial loan files are included within our overall examination, that regulators’ and legal requirements are addressed and that compliance responsibilities, risks and deficiencies are thoroughly examined.
• FedLine Audits
We can provide guidance on security and control expectations regarding the Federal Reserve Banks’ FedLine applications. The ability to transfer funds makes FedLine one of the highest risk applications in most community banks. Without putting adequate oversight and controls in place, the safety and soundness of a bank could be in great jeopardy. We make recommendations to senior management about implementing controls and system settings, as well as how to justify to their board instances where they decide not to implement these recommendations.
• FDICIA (Section 112)
In our role as auditors, we are fully prepared to revisit corporate reporting standards and governance reforms with our client partners. We review in detail: 1) acknowledgement of and responsibility for preparing the bank’s financial statements; 2) evaluation of the effectiveness, as of year end, of the bank’s internal controls over financial reporting; 3) examine and attest to management’s assertions concerning the internal control structures of the institution.
• Sarbanes-Oxley Act Compliance
We ensure that top management individually certifies the accuracy of all financial information. We also review the accuracy of corporate financial statements and facilitate the increased oversight role of the Board of Directors.

Our risk management services include, but are not limited to:

• Organizational Risk Assessment
An organization’s overall risk assessment considers the risks associated with all identified business activities of a banking organization. Management input is included within the parameters of the analysis. The process involves the identification and assignment of a risk score and rating (high, moderately-high, moderate, low) for each business activity. After all activities have been identified and rated, they are individually ranked according to their overall risk score.
• Interest Rate Risk and A/L Management
Analytics can be applied to the risk factors for changing investment values that are a result of a change in the absolute level of interest rates, in the spread, in the shape of the yield curve or in any other interest rate relationship. Such changes usually affect securities inversely and recommendations to take a variety of actions, such as diversification, can be made.
• Note Operations and Loan Services
We work with the fundamental aspects of a banking organization’s operating systems , their operating managers and their types of operations. We then utilize tools we have developed in order to help diagnose and solve common note operations and loan services problems and challenges.
• Money Laundering and Terrorism
We assist with issues surrounding government compliance requirements regarding BSA (Bank Secrecy Act), OFAC (Office of Foreign Assets Control) and the USA Patriot Act. We are able to provide guidelines and recommendations for reporting on large cash transactions and suspicious activities, as well as identity and sanctions verification.
• Corporate Disaster Contingency Planning
A serious incident can occur at any time, one that can prevent sustaining normal business operations. We can develop plans that can be implemented during and after a disaster that will mitigate the consequences of a severe business disruption. Incidents can range from natural disasters such as floods and fires to serious computer systems malfunctions or information security breaches. We understand how to help clients recover in the minimum amount of time with minimum disruption and cost, but this requires careful preparation and planning for both the disaster and the recovery.

Our strategic consulting services include, but are not limited to:

• Centralized/Corporate, Regional, Branch Operations
An overall review of corporate operations, that is all basic actions undertaken to enhance an organization’s basic business interests, profits, assets, etc., can be performed. These reviews typically include examining all day-to-day operations and specific services or facilities offered by individual branches, regional groups and/or at the corporate level.
• Fiduciary Services
We provide consulting in the areas of trust administration and operations, investment management and trust systems to support our client organizations’ priorities, whether they are involved in personal or institutional asset management, or both.
• Merchant Card Services
Our analysis of this portfolio of services includes examining and then recommending best-practice solutions in the area of.transactional payments by use of: credit or debit cards, electronic benefits transfer programs, electronic checks, gift and loyalty cards and merchant cash advances.
• ACH Operations
We can ensure that an institution’s Automated Clearing House Network’s processing and delivery system is providing for the most efficient distribution and settlement of electronic credits and debits and that all is in compliance according to NACHA Operating Rules.
• ATM STAR System Network Certifications
BankVision is ATM STAR certified. We can provide all support and strategic services that are required to ensure that an institution obtains and retains certification and is in compliance. We can also assist with the same for NYCE and Pulse.
• Compliance Training
We can provide compliance training, including educating any level of staff on the laws, regulations and company policies that apply to the proper execution of day-to-day job responsibilities. The objectives of this training are: 1) to avoid and/or detect violations by employees that could lead to legal liability; 2) to create a more hospitable and respectful workplace overall; and 3) to lay the groundwork for a partial or complete legal defense in the event that employee wrongdoing occurs, despite the organization’s best efforts at compliance training.

And our information technology security overview services include, but are not limited to:

• Information Technology and Systems Analysis
We can provide security and compliance analysis for various forms of information distribution technologies, including but not limited to the storage, retrieval, transmission and manipulation of electronic data via computers, computer networks and servers, computer clouds and other telecommunications devices.
• Network Security, Internet Banking, Web Site Controls
We help to set up and/or analyze the provisions and policies that have been put into place for an institution’s network administrator(s) to follow. This includes monitoring and preventing unauthorized access, misuse, modification or denial of a computer network and network-accessible resources. Authorization of access to data in a network is key. Securing the network, as well as protecting and overseeing all operations, is the focus of our work in this area of security analysis.
• Vulnerability Assessments
Vulnerabilities are identified through the use of both internal and external vulnerability reviews and assessment scans. An Internal Vulnerability Assessment performs a complete scan of the internal network, detects all known vulnerabilities and generates a report. An External Vulnerability Assessment analyzes the integrity of perimeter security, validating the firewall configuration to determine if the possibility exists for attacks via the protocols currently allowed through the firewall. These comprehensive reviews then result in recommendations for securing a network, as well as protecting and overseeing the operations being performed.
• GLB Act Compliance
The Gramm-Leach-Bliley Act requires financial institutions to explain their information-sharing practices to their clients and customers, as well as to safeguard sensitive data. We can step in and provide a risk assessment overview and information security program evaluation that will ensure all provisions of the Act are being met and communicated clearly to the customer-base.

Our comprehensive credit review program includes performing the following analyses and examinations:

• Credit Quality Assessments and Risk Grade Assignments

• Credit Policy Evaluations

• Adequacy of Loan Documentation

• Condition/Covenant Compliance

• Evaluation of ALLL Methodology/Adequacy

• Credit Concentration Analysis/CRE “Stress Testing”