Information SecurityCorporate Account Take Over (CATO)• Objective: 1) Breach Customer – ZeuS – Polymorphic/Custom Trojan 2) Coerce Bank Personnel – Our Phones are down? – I really need this now? 3) Take the Money and Run! – Wire – ACH domestic or IAT (w History)
Information SecurityCorporate Account Take Over (CATO)• Protections – ACH Schedule & Check Account Numbers – Voice Authorization for Wire/ACH over pre-set limit – No foreign RDC – No “Drawn Against Uncollected Funds” – Education – Reference TDB Guidance – http://www.ectf.dob.texas.gov/index.htm
Information Security• http://www.bluekaizen.org/securitykai zen_mag/issue4/Security_Kaizen_41. pdf – Hacking Banks for Fun & Profit – Facebook Awareness – Best Practices for InfoSec Training• Less Thought of Breaches (part 364) – Mobile Phones – Client List• Still Using IE7? Is Your Customer? – BEAST – Break SSL/TLS
Use Data & Tools to Your Benefit• National Credit Tool File – Perform you own analysis – We can provide Header / Format – Put your examiner hat on!
Use Data & Tools to Your Benefit• HMDA / CIP / PIF Data – Find “Fair Lending” violations before the examiners do – Prevent UDAAP – Small Business is Next – Dive Deeper: • Check Loan Amounts for Areas – Only Low Amounts in Low Income Areas? » Makes Sense Right? No? • Run for Several Years Prior – “Regression Testing” • Prevent “Racist Output Without Racist Input” • In Case of Question – Ask for Examiner Data Dump!
Use Data & Tools to Your Benefit• PIF / CIP Data for Deposit Accounts – Class Actions for Account Structures • Check Deposit Account Types by Area • Check Deposit Account Types by Ethnic Groups
Use Data & Tools to Your Benefit• CRA Data – Map IT! / Don’t Branch IT! • Export Data to Excel • Import into MapPoint • Look for holes / concentrations • Compare to Demographics or Income Maps• iPad for Board – Secure Device/Data and you’re all set • Presentation Available @ CoNetrix Conference
Use Data & Tools to Your Benefit• Vendors – What’s Available? – P2P – Advertise IT! – Text Alerts – Payment Reminders – Mobile Banking – Marketing Support – Cash Management • Let the service outweigh the risk“As bankers we have a tendency to market theproducts we buy to support the customer ratherthan the features of the products that mean themost to the customer.”
Tools to Complete• OFM/PFM – Personal Financial Management – Spending Analysis – Account Aggregation• P2P – Person to Person Payments – Available in Bill Pay• Mobile Merchant Processing – Through Referral• Mobile/ATM Check Deposit (soon)• Social Media – On Your Own or BuzzBanking
Regulatory• June 30th 2012 – FinCEN files must be filed electronically• Reg Z Interpretation – Watch out for bonuses• Fair Lending / UDAAP – Small Business• Vendor Management (FIL-44-2008)• Payday/Predatory Lending – Look at Georgia• Reg E – Transfers (Consumer & Foreign)• OCC – No blanket preemption (CFPB) – Might as well got the way of Frost!
Relax!Consumer Financial Protection Bureau(CFPB)• Good Web Site Template (Dummy Proof) – “Know Before You Owe”• Non-Bank Focus / Rules – 9 months – 1 yr Rule Implementation (after issuance)• 120 Hour Estimate for Compliance – Systems (Majority) – Disclosures (8) – Policies (8)
Relax!Dodd-Frank• Main Issues Already Implemented• Political Influence – Wait for November or Go to D.C.?• Too Big – Wait for Guidance• Too Confusing – Wait for GuidanceDurbin Amendment• Competition Limitations – Delayed by Implementation of Interchange Caps