This webinar discusses remote deposit capture (RDC) risk management and FFIEC compliance. It provides an overview of the key aspects of the FFIEC guidance on RDC risks, including the three pillars of responsibility, risks, and mitigation. It summarizes various RDC risks and how financial institutions should assess and manage risks related to technology, operations, vendors, customers and more. The webinar emphasizes that RDC implementation requires involvement from many areas of a financial institution and strong risk management practices.
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
IT Infrastructure Management Powerpoint Presentation SlidesSlideTeam
Enhance your audiences knowledge with this well researched complete deck. Showcase all the important features of the deck with perfect visuals. This deck comprises of total of seventy slides with each slide explained in detail. Each template comprises of professional diagrams and layouts. Our professional PowerPoint experts have also included icons, graphs and charts for your convenience. All you have to do is DOWNLOAD the deck. Make changes as per the requirement. Yes, these PPT slides are completely customizable. Edit the colour, text and font size. Add or delete the content from the slide. And leave your audience awestruck with the professionally designed IT Infrastructure Management Powerpoint Presentation Slides complete deck. https://bit.ly/3sGXmkZ
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...PECB
ISO/IEC 27701, Data Protection, and Risk Management: How do they map?
Risk management has become a very important feature when it comes to data protection and information security. Due to the criticality of data that is processed on a daily basis, risk management is highly needed to ensure that individuals’ rights are protected.
Amongst others, the webinar covers:
• Privacy, Data Protection, and Risk Management Definitions
• Privacy, Data Protection , and Risk Management Inter-relationship
• Risk Management – Real world example
• Data Protection – How would it apply to the example?
Presenters:
Anthony English
One of the top cybersecurity professionals in Atlantic Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards-based compliance.
George Usi
George Usi is the CEO of Omnistruct Inc, a GaaS (cyber Governance as a Service) company with a vision to be the safety airbag of cyber risk and compliance.
After more than twenty-five years in internet open standards, networking, and security, George recognized that getting hacked in an Internet-delivered world was a matter of when. He also recognized that cyber laws with the potential of steep fines for business leaders who neglect to illustrate cyber security diligence would evolve with more aggressive sanctions in arrears of hacker success. So, he ideated a goal to eliminate cyber risk and set a mission for Omnistruct to be the “safety airbag” of cyber compliance. With a continuous audit and documentation approach, business owners can protect consumer privacy rights when they ideate, illustrate, and continuously measure their cyber posture using a new US guideline in cyber risk developed by NIST.
George attended California State University Chico, is a graduate of California State University Sacramento and a graduate of the Stanford Latino Executive Initiative (SLEI-ed) and Latino Business Action Network (LBAN) Graduate School of Business certificate program.
Michael Bastiani
Michael is a freelancer with his company Risk-BASE, available for roles as (but not limited to) risk manager, project manager, and consultant. With years of experience in the railway industry, Michael has experience in operational technology, automation, maintenance, IT, strategy, and safety. With his background as an engineer at TU Delft, one can always count on Michael to bring an innovative perspective to the table.
Date: July 20, 2022
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
After the last 2020 Global Leading voices webinar, comparing ISO27001 with CCPA and NYC Shield Act, we're taking a look at the next level of information and cybersecurity management.
How can you assess your security management? The CMMI model (using the 1 to 5 grading) is a well-known system. Early 2020 the US DOD launched the CMMC, Cybersecurity Maturity Model Certification which matches the same levels for cybersecurity. This session we'll discuss the maturity evaluation principles for information security, cybersecurity and application security and how you can use it in practice.
The webinar covers:
- What's the CMMI?
- What's the CMMC?
- Maturity in security governance (ISMS, cyber, application)
- Security maturity vs audit cycles
Recorded Webinar: https://youtu.be/9BpETh_nAOw
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
IT Infrastructure Management Powerpoint Presentation SlidesSlideTeam
Enhance your audiences knowledge with this well researched complete deck. Showcase all the important features of the deck with perfect visuals. This deck comprises of total of seventy slides with each slide explained in detail. Each template comprises of professional diagrams and layouts. Our professional PowerPoint experts have also included icons, graphs and charts for your convenience. All you have to do is DOWNLOAD the deck. Make changes as per the requirement. Yes, these PPT slides are completely customizable. Edit the colour, text and font size. Add or delete the content from the slide. And leave your audience awestruck with the professionally designed IT Infrastructure Management Powerpoint Presentation Slides complete deck. https://bit.ly/3sGXmkZ
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...PECB
ISO/IEC 27701, Data Protection, and Risk Management: How do they map?
Risk management has become a very important feature when it comes to data protection and information security. Due to the criticality of data that is processed on a daily basis, risk management is highly needed to ensure that individuals’ rights are protected.
Amongst others, the webinar covers:
• Privacy, Data Protection, and Risk Management Definitions
• Privacy, Data Protection , and Risk Management Inter-relationship
• Risk Management – Real world example
• Data Protection – How would it apply to the example?
Presenters:
Anthony English
One of the top cybersecurity professionals in Atlantic Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards-based compliance.
George Usi
George Usi is the CEO of Omnistruct Inc, a GaaS (cyber Governance as a Service) company with a vision to be the safety airbag of cyber risk and compliance.
After more than twenty-five years in internet open standards, networking, and security, George recognized that getting hacked in an Internet-delivered world was a matter of when. He also recognized that cyber laws with the potential of steep fines for business leaders who neglect to illustrate cyber security diligence would evolve with more aggressive sanctions in arrears of hacker success. So, he ideated a goal to eliminate cyber risk and set a mission for Omnistruct to be the “safety airbag” of cyber compliance. With a continuous audit and documentation approach, business owners can protect consumer privacy rights when they ideate, illustrate, and continuously measure their cyber posture using a new US guideline in cyber risk developed by NIST.
George attended California State University Chico, is a graduate of California State University Sacramento and a graduate of the Stanford Latino Executive Initiative (SLEI-ed) and Latino Business Action Network (LBAN) Graduate School of Business certificate program.
Michael Bastiani
Michael is a freelancer with his company Risk-BASE, available for roles as (but not limited to) risk manager, project manager, and consultant. With years of experience in the railway industry, Michael has experience in operational technology, automation, maintenance, IT, strategy, and safety. With his background as an engineer at TU Delft, one can always count on Michael to bring an innovative perspective to the table.
Date: July 20, 2022
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
After the last 2020 Global Leading voices webinar, comparing ISO27001 with CCPA and NYC Shield Act, we're taking a look at the next level of information and cybersecurity management.
How can you assess your security management? The CMMI model (using the 1 to 5 grading) is a well-known system. Early 2020 the US DOD launched the CMMC, Cybersecurity Maturity Model Certification which matches the same levels for cybersecurity. This session we'll discuss the maturity evaluation principles for information security, cybersecurity and application security and how you can use it in practice.
The webinar covers:
- What's the CMMI?
- What's the CMMC?
- Maturity in security governance (ISMS, cyber, application)
- Security maturity vs audit cycles
Recorded Webinar: https://youtu.be/9BpETh_nAOw
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
Information technology experts can now take advantage of How To Handle Cybersecurity Risk PowerPoint Presentation Slides. This information security PPT theme infuses top-quality design with data obtained by industry experts. Explain the present situation of the target firm’s information security management employing this PowerPoint layout. The data visualizations featured here simplify the elucidation of complex data such as the analysis of the current IT department. Showcase the cybersecurity framework roadmap and risks of the internet using our PPT presentation. Elaborate on the cybersecurity risk management action plan using the tabular format via this PowerPoint slideshow. Demonstrate the cybersecurity contingency plan with appreciable ease. Our information security management system PPT templates deck assists you in assigning risk handling responsibilities to the staff. Explain the duties of the management in successful information security governance. This PowerPoint presentation also addresses the cost of cybersecurity management and staff training. Hit the download icon and start personalization. Our How To Handle Cybersecurity Risk PowerPoint Presentation Slides are explicit and effective. They combine clarity and concise expression. https://bit.ly/3o0xDkR
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
Main points covered:
• Understanding the inverted economics of cyber security, the incentives for cyber crime and its effect on the growing threat
• Inefficiencies with the traditional approaches to cyber risk assessment and why we are not making more progress in enhancing cyber defenses
• Resetting roles and responsibilities regarding cyber security within organizations
• Developing empirical, cost-effective cyber risk assessments to meet the evolving threat
Our presenter for this webinar is Larry Clinton, the president of the Internet Security Alliance (ISA), a multi-sector association focused on Cybersecurity thought leadership, policy advocacy, and best practices. Mr. Clinton advises both industry and governments around the world. He has twice been listed on the Corporate 100 list of the most influential people in corporate governance. He is the author of The Cyber Risk Handbook for Corporate Boards. PWC has found the use of this Handbook improves cyber budgeting, cyber risk management and helps create a culture of security. The Handbook has been published in the US, Germany, the UK and Latin America. He is currently working on a version for the European Conference of Directors Associations as well as versions for Japan and India. Mr. Clinton also leads ISA, public policy work built around their publication “The Cyber Security Social Contract” which the NATO Center of Cyber Excellence in Estonia asked for a briefing on.
Recorded Webinar: https://www.youtube.com/watch?v=8qVtoqi37X8
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
In this session, we have looked into the ISO/IEC 27701 standard that has been published in August 2019. This standard glues together the ISO/IEC 27001, ISO/IEC 27002, ISO 29100 and their sub-standards with the GDPR.
For certification and compliance, it's important to understand these standards and regulations, as the GDPR and other legislation have heated the discussion about certification. The ISO/IEC 27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
• Walkthrough of the ISO/IEC 27701
• Links with ISO/IEC 2700x series standards, ISO 29100 series...
• ISO/IEC 2700x and GDPR mapping
• Audit & certification
Presenter:
Our presenter for this webinar, Peter Geelen is director and managing consultant at CyberMinute and Owner of Quest For Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms.
Peter is an accredited Lead Auditor for ISO/IEC 27001/ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified Sr. Lead Cybersecurity Manager, ISO/IEC 27001 Master, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, CDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Date: December 04, 2019
The recorded webinar: https://www.youtube.com/watch?v=ilw4UmMSlU4&feature=emb_logo
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Google +: https://plus.google.com/+PECBGroup
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
Cyber Security For Organization Proposal Powerpoint Presentation SlidesSlideTeam
Developing an attractive website for your business operations to generate more leads and profit for the company is no longer the only concern. There are various other factors in play. It is important to ensure that the website and software of your company are safe from any kind of malware. The main priority of any organization should be to build a defence system for its servers and data. Render your expert service to the clients and meet their requirements with this Cyber Security for Organization Proposal PowerPoint Presentation Slides. Utilize this PPT template to highlight your key deliverables such as uninterrupted server protection, secure organization information, network security, penetration testing, monitoring system vulnerabilities, and personnel training to avoid cyber attacks. Use this internet security PPT layout to talk about the whole process of project kick-off, planning, development, implementation, maintaining, and training for the cyber security services that your company adopts. Showcase the overall project cost that a client has to invest in availing your services as well as mention in detail the financial outlay according to each service and package. Grab the opportunity to educate your audience about the additional services that you provide like software development, cloud services, security, and networking by employing our electronic safeguard services PPT deck. Implement this visually-appealing security services PowerPoint theme to present an attractive business overview of your company and convey your mission, vision, objectives, and goals in an organized manner. Gain the trust of your clients by displaying your past achievements, awards, and client testimonials with this PPT design. You can take the assistance of this PowerPoint slide to inform the customer about your expertise in mobile app development, onsite developer, and business intelligence analytics. Download our ready-to-use computer security PPT graphic and promise the best security to your clients and make an everlasting impression on them. https://bit.ly/3fxyjMt
Just created a slideshare presentation giving a basic introduction to ISO27001 and its Scope, Implementation & Application. You can see more slideshows on http://www.slideshare.net/ImranahmedIT or visit my website: http://imran-ahmed.co.uk
The importance of information security nowadaysPECB
Nowadays living without access to the information of interest at any time, any place through countless types
of devices has become unimaginable. However, its security has become more important than information
access itself. In fact today information security rules the world…! Why?
Slides for my lecture "Software security: vulnerabilities, exploits and
possible countermeasures" I had been giving for Samsung Electronics in Suwon, Korea (South).
Which career, what skills to excel in cybersecurity. Check this out.
You will learn what covers cybersecurity, what are the various job domains, and what skills you should learn. I have share books, videos, and other cybersecurity suggestions as well.
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
Cyber Security & Data Protection India Summit 2018 aims to convene the best minds in Cybersecurity under one roof to create an interactive milieu for exchange of knowledge and ideas. The event will endeavour to address the emerging and continuing threats to Cybersecurity and its changing landscape, as well as respond to increasing risk of security breaches and security governance, application security, cloud based security, Network, Mobile and endpoint security and other cyber risks in the India and abroad.
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
Information technology experts can now take advantage of How To Handle Cybersecurity Risk PowerPoint Presentation Slides. This information security PPT theme infuses top-quality design with data obtained by industry experts. Explain the present situation of the target firm’s information security management employing this PowerPoint layout. The data visualizations featured here simplify the elucidation of complex data such as the analysis of the current IT department. Showcase the cybersecurity framework roadmap and risks of the internet using our PPT presentation. Elaborate on the cybersecurity risk management action plan using the tabular format via this PowerPoint slideshow. Demonstrate the cybersecurity contingency plan with appreciable ease. Our information security management system PPT templates deck assists you in assigning risk handling responsibilities to the staff. Explain the duties of the management in successful information security governance. This PowerPoint presentation also addresses the cost of cybersecurity management and staff training. Hit the download icon and start personalization. Our How To Handle Cybersecurity Risk PowerPoint Presentation Slides are explicit and effective. They combine clarity and concise expression. https://bit.ly/3o0xDkR
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
Main points covered:
• Understanding the inverted economics of cyber security, the incentives for cyber crime and its effect on the growing threat
• Inefficiencies with the traditional approaches to cyber risk assessment and why we are not making more progress in enhancing cyber defenses
• Resetting roles and responsibilities regarding cyber security within organizations
• Developing empirical, cost-effective cyber risk assessments to meet the evolving threat
Our presenter for this webinar is Larry Clinton, the president of the Internet Security Alliance (ISA), a multi-sector association focused on Cybersecurity thought leadership, policy advocacy, and best practices. Mr. Clinton advises both industry and governments around the world. He has twice been listed on the Corporate 100 list of the most influential people in corporate governance. He is the author of The Cyber Risk Handbook for Corporate Boards. PWC has found the use of this Handbook improves cyber budgeting, cyber risk management and helps create a culture of security. The Handbook has been published in the US, Germany, the UK and Latin America. He is currently working on a version for the European Conference of Directors Associations as well as versions for Japan and India. Mr. Clinton also leads ISA, public policy work built around their publication “The Cyber Security Social Contract” which the NATO Center of Cyber Excellence in Estonia asked for a briefing on.
Recorded Webinar: https://www.youtube.com/watch?v=8qVtoqi37X8
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
In this session, we have looked into the ISO/IEC 27701 standard that has been published in August 2019. This standard glues together the ISO/IEC 27001, ISO/IEC 27002, ISO 29100 and their sub-standards with the GDPR.
For certification and compliance, it's important to understand these standards and regulations, as the GDPR and other legislation have heated the discussion about certification. The ISO/IEC 27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
• Walkthrough of the ISO/IEC 27701
• Links with ISO/IEC 2700x series standards, ISO 29100 series...
• ISO/IEC 2700x and GDPR mapping
• Audit & certification
Presenter:
Our presenter for this webinar, Peter Geelen is director and managing consultant at CyberMinute and Owner of Quest For Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms.
Peter is an accredited Lead Auditor for ISO/IEC 27001/ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified Sr. Lead Cybersecurity Manager, ISO/IEC 27001 Master, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, CDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Date: December 04, 2019
The recorded webinar: https://www.youtube.com/watch?v=ilw4UmMSlU4&feature=emb_logo
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Google +: https://plus.google.com/+PECBGroup
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
Cyber Security For Organization Proposal Powerpoint Presentation SlidesSlideTeam
Developing an attractive website for your business operations to generate more leads and profit for the company is no longer the only concern. There are various other factors in play. It is important to ensure that the website and software of your company are safe from any kind of malware. The main priority of any organization should be to build a defence system for its servers and data. Render your expert service to the clients and meet their requirements with this Cyber Security for Organization Proposal PowerPoint Presentation Slides. Utilize this PPT template to highlight your key deliverables such as uninterrupted server protection, secure organization information, network security, penetration testing, monitoring system vulnerabilities, and personnel training to avoid cyber attacks. Use this internet security PPT layout to talk about the whole process of project kick-off, planning, development, implementation, maintaining, and training for the cyber security services that your company adopts. Showcase the overall project cost that a client has to invest in availing your services as well as mention in detail the financial outlay according to each service and package. Grab the opportunity to educate your audience about the additional services that you provide like software development, cloud services, security, and networking by employing our electronic safeguard services PPT deck. Implement this visually-appealing security services PowerPoint theme to present an attractive business overview of your company and convey your mission, vision, objectives, and goals in an organized manner. Gain the trust of your clients by displaying your past achievements, awards, and client testimonials with this PPT design. You can take the assistance of this PowerPoint slide to inform the customer about your expertise in mobile app development, onsite developer, and business intelligence analytics. Download our ready-to-use computer security PPT graphic and promise the best security to your clients and make an everlasting impression on them. https://bit.ly/3fxyjMt
Just created a slideshare presentation giving a basic introduction to ISO27001 and its Scope, Implementation & Application. You can see more slideshows on http://www.slideshare.net/ImranahmedIT or visit my website: http://imran-ahmed.co.uk
The importance of information security nowadaysPECB
Nowadays living without access to the information of interest at any time, any place through countless types
of devices has become unimaginable. However, its security has become more important than information
access itself. In fact today information security rules the world…! Why?
Slides for my lecture "Software security: vulnerabilities, exploits and
possible countermeasures" I had been giving for Samsung Electronics in Suwon, Korea (South).
Which career, what skills to excel in cybersecurity. Check this out.
You will learn what covers cybersecurity, what are the various job domains, and what skills you should learn. I have share books, videos, and other cybersecurity suggestions as well.
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
Cyber Security & Data Protection India Summit 2018 aims to convene the best minds in Cybersecurity under one roof to create an interactive milieu for exchange of knowledge and ideas. The event will endeavour to address the emerging and continuing threats to Cybersecurity and its changing landscape, as well as respond to increasing risk of security breaches and security governance, application security, cloud based security, Network, Mobile and endpoint security and other cyber risks in the India and abroad.
Prezentace sortimentu ukrajinského e-shopu www.garnamama.com. Garnamama.com aktivně hledá distribuční partnery pro dětské oblečení ukrajinské výroby v Evropě.
Save-Guarding Your Innovation Landscape: Outsource Innovation and Channel Rev...Derrydean Dadzie
This presentation shoots into innovation and how enterprises can maximize innovation by outsourcing the innovation endeavor to a third party partner. I did this presentation in July 2014.
Особенности внедрения РРО в чешском e-commerceJan Ruzicka
Особенности внедрения РРО в чешском e-commerce. Внедрение системы РРО (в оригинале EET) в Чехии. Отрицательные моменты внедрения РРО в Чехии. Какие проблемы приносит РРО
для чешских интернет-магазинов?
MOBILE APPLICATIONS DEVELOPMENT
for all digital devices with wireless interfaces: BT, Wi-Fi, NFC
for any device connected to home Ethernet
for Internet of Things (IoT) devices
for digital devices without wireless interfaces - we complement your devices with wireless modules
we develop algorithms: digital data processing & storing - sound, images and video
SERVICES
project management
business analytics
interface design
algorithm development
development for iOS, Android & Windows Phone
automated, manual, functional testing
ALGORITHMS DEVELOPMENT
encoding /decoding - audio & video: wav, mp3, aac, jpeg, mjpeg, h.264, etc;
augmented reality objects adding (AR);
image analysis, objects selection, data processing: speed of objects; behavior of objects; changing facilities; comparison with reference; objects tracking; objects dimensioning
Specialties
mobile apps development, algorithms development, internet of things, mobile application design, connected devices, wireless digital devices
E commerce in der Ukraine 2016. Eintritt in den ukrainischen Online-Markt. Demographische Daten der ukrainischen Kunden. E-Commerce-Volumen in der Ukraine. Besonderheiten der ukrainischen Käufer.
Remote Deposit Capture Risk Management, May 2010 UpdateJTLeekley
Just as the Remote Deposit Capture Industry continues to change and evolve, so too must your organization\'s approach to RDC Risk Management & FFIEC Compliance. The FFIEC has issues important updates to their RDC Risk Management Guidelines in February, and as recently as April 29, 2010. Beginning may 19th, Join John Leekley and Ed McLaughlin of RemoteDepositCapture.com for an in-depth discussion on this topic, brought to you free of charge by FISERV and FIS. Visit www.RemoteDepositCapture.com to learn more.
The Role of Regulations in the Development of Digital FinanceJohn Owens
This presentation focuses on the balancing act between innovation, safety and soundness of digital financial services as well as steps to support consumer protection. It also includes a review of the current guidelines and a checklist format to guide regulators and policy makers to compare their own regulations, policies, environments and supervisory capacity in relation to emerging developments in the field of DFS.
Navigate the Financial Crime Landscape with a Vendor Management ProgramPerficient, Inc.
What is the impact of a failed risk management program as a result of actions committed by a vendor or service provider? Your financial institution may be exposed to reputational damage and financial losses running into billions of dollars.
During this webinar, our financial crime and risk management experts discussed current financial crime trends, steps to identifying vendor risks, the need for Know Your Vendor (KYV) and due diligence, and creating a cross-functional risk-based approach to vendor governance.
Presented by Dr Sam De Silva, partner at Nabarro to over 100 CEOs and Executives in London.
Explains what leaders should do immediately after becoming aware of a cyber attack, from a legal perspective.
A 60-minute webinar presented by Core Compliance & Legal Services and sponsored by LiveOffice.
Once You Archive Email, What's Next?
When it comes to email compliance, preparedness is key.
View this crash course in email compliance, and find out what else you need to know to protect yourself and your business.
You'll learn:
- What you are required to do after you capture electronic data
- What SEC and FINRA rules apply to email
- What types of communications require email supervision and more
It’s no secret that the major reporting regimes – MiFID II, EMIR, MiFIR, REMIT, CSDR, SFTR, FinfraG – have drastically impacted the European financial industry.
The level and volume of new regulations that businesses, firms, providers, and organisations are still adjusting to is only the beginning. Transaction reporting will continue to have a large impact on the infrastructure, resources, and budgets of organisations, providers, firms, and subsidiaries well into the future.
RESPA-TILA Integrated Disclosure: Are You Ready?Infinitive
New Consumer Financial Protection Bureau (CFPB) rules are game-changing for the financial and mortgage industries. Learn more about RESPA-TILA Integrated Disclosure requirements and how a dedicated program focusing on Intensity, Intimacy and Influence will ensure compliance.
1. RDC Risk Management
& FFIEC Compliance
Presented By:
John Leekley, Founder & CEO
Ed McLaughlin, Executive Director
RemoteDepositCapture.com
&
Hope Schall, Attorney, Vedder Price P.C.
February 2009
This webinar is sponsored by:
2. A Unique Perspective
RemoteDepositCapture.com is an independent information & services
resource for the Payments Industry.
– We are NOT a reseller, solution provider, etc.
– We ARE experts in, and an open resource for the industry.
– We work with the vast majority of leading solution providers, FIs, processors.
– Thousands of FIs, corporations, businesses and consumers visit the site each month.
– We were directly involved in the formulation of the guidance and training of hundreds
of auditors.
– Services
• News & Research
• RDC Marketplace
• Solution Provider Directories
• RDC Overviews
• White Paper Central
• FREE Webinars, and more.
•Contacts:
• John.Leekley@RemoteDepositCapture.com
• Ed.McLaughlin@RemoteDepositCapture.com
Copyright 2009, Remote Deposit Capture, LLC 2
Remote Deposit Capture Risk Management
& FFIEC Compliance
3. Today’s webinar is brought to you by…
Copyright 2009, Remote Deposit Capture, LLC
Remote Deposit Capture Risk Management
& FFIEC Compliance
3
Digital Check is a leading technology provider of low-cost check scanners for the distributed
capture marketplace. Delivering reliable performance with superior MICR and image quality,
the TellerScan® and award-winning CheXpress® models TS215 TS230, TS4120, and CX30
are specifically designed to meet the needs of today’s branch and RDC users.
To learn more about Digital Check, the Secure Choice in Distributed Capture™, please visit
www.digitalcheck.com or call 888-838-5744.
Fiserv Source Capture OptimizationTM
enables a common web platform
for remote deposit capture at the Consumer, Merchant, Branch, Teller
and ATM.
Ranked #1 Branch and Teller Capture Solution in the industry (AITE, Dec 2008)
Visit www.sco.fiserv.com to learn more.
• call (800) 872-7882
• email: victoria.lant@fiserv.com
4. Agenda
• Introduction to the FFIEC Guidance
• RDC Risk Overview
• Legal Agreements
• Strategic Approaches to Risk Management &
Compliance
– Technology
– Operations
– Information Security
– Vendors, Customers & Personnel
– Risk Measurement, Monitoring & Reporting
– Mitigation & Control
Legal Disclaimer: This is not legal advice. RemoteDepositCapture.com is reporting on observations and experiences while
working directly with dozens of solution providers, financial institutions and the various regulatory agencies. For legal advice /
guidance, please work with a competent and qualified legal representative.
Legal Disclaimer: This is not legal advice. RemoteDepositCapture.com is reporting on observations and experiences while
working directly with dozens of solution providers, financial institutions and the various regulatory agencies. For legal advice /
guidance, please work with a competent and qualified legal representative.
Copyright 2009, Remote Deposit Capture, LLC 4
Remote Deposit Capture Risk Management
& FFIEC Compliance
Please see our “Best Practices in RDC Risk Management” Webinar for implementable RDC risk
management tactics.
5. Introduction
• FFIEC RDC Risk Management Guidance released January 14, 2009
– Elements of an RDC risk management process in an electronic environment,
– Focusing on RDC deployed at a customer location.
• Principles of RDC risk management discussed are also applicable to
– FI’s Internal deployment – Branch, Cash Vault
– Other forms of electronic deposit delivery systems (e.g., mobile banking and
automated clearing house [ACH] check conversions).
• Click Here to Download the FFIEC Guidance
• Click Here to View our Webinar: Best Practices in RDC Risk Management
Copyright 2009, Remote Deposit Capture, LLC 5
Remote Deposit Capture Risk Management
& FFIEC Compliance
6. RDC is a Payments Platform
RDC Applies to a family of related products &
services most often differentiated by location of
check capture.
Consumer RDC: - Already here with 75,000+
Users!
The term “Remote Deposit Capture” refers to the process of electronically
capturing check images and data, transmitting that information for deposit
and clearing, and truncating the original paper checks. This definition is
evolving to include additional payment types, including card payments.
Remote Deposit Capture
Lockbox
Branch
Teller
Corporate
Merchant
Correspondent
ATM
Consumer
RDC is becoming an integrated technology platform increasingly used to
process different types of payments and data with the ability to feed that data
to systems both internal and external to the organization.
Copyright 2009, Remote Deposit Capture, LLC 6
Remote Deposit Capture Risk Management
& FFIEC Compliance
8. FFIEC - Risks With RDC
• Legal/Contractual Agreements
• Customer Selection – Risk begins here
– Customer Audit
• Access
• Vendor Selection & Risk Management
• Implementation
• Physical & Logical Security
– Monitoring & Thresholds
– Duplicate Detection
• Privacy of Non Public Information
• Business Continuity & System Failure
Copyright 2009, Remote Deposit Capture, LLC 8
Remote Deposit Capture Risk Management
& FFIEC Compliance
9. Risk Management of Remote Deposit Capture
• RDC is a new delivery system and not simply a new service.
• It is necessary to identify and assess the following:
– Risks
• legal,
• compliance,
• reputation, and
• operational
– Business Objectives & Capabilities
• Insure RDC is compatible with institution’s business:
• Strategies
• ROI
• Ability to manage the risks inherent in RDC.
• Incorporate RDC Risk assessments into existing risk assessment
processes
Copyright 2009, Remote Deposit Capture, LLC 9
Remote Deposit Capture Risk Management
& FFIEC Compliance
10. Risk Management Processes & Responsibilities
• Establish a Risk Framework
– Planning,
– Risk identification and assessment,
– Controls,
– Measuring and Monitoring
• Determine appropriate level of
governance, oversight, and risk
management
– Size and complexity of the financial
institution,
– Relative scale and impact of RDC to
overall activities
• Management must:
– Approve plans, policies, and significant
expenditures,
– Review periodic performance and risk
management reports on implementation
and ongoing operation and services.
– Management is responsible for the RDC
system
Risk
Granularity
Risk Discipline
Risk
Activities
Legal
Com
pliance
Reputation
O
perational
Internal
3rd
Party
Planning
Risk Identification
Monitor
Risk Assessment
Controls
Measure
Report
Customer
Technology
RDC Risk Framework
Copyright 2009, Remote Deposit Capture, LLC 10
Remote Deposit Capture Risk Management
& FFIEC Compliance
11. Hope Schall - Biography
• Ms. Schall is an attorney at Vedder Price P.C. in Chicago, Illinois. The
Financial Institutions Group at Vedder Price represents financial institutions
and financial service providers of all sizes throughout the U.S.
• Ms. Schall concentrates her practice on a wide range of bank and thrift-
related matters, including regulatory and payment issues, mergers and
acquisitions and the development of new financial products.
• Prior to joining Vedder Price, Ms. Schall served as an attorney for the
Federal Reserve Bank of Chicago, where her responsibilities included
advising the Reserve Bank on banking supervisory and regulatory issues
and payments and financial services issues, including matters involving
FedLine Services, Fedwire, FedACH and various check services.
• Ms. Schall is a frequent speaker at banking and payment conferences
across the country. She holds an LL.M. degree in Financial Services Law
from Chicago Kent College of law, a J.D. degree from DePaul University.
12. Legal Risk Overview
• Anti-Money Laundering & Bank
Secrecy Act issues
• Applicable law, rules and
agreements
• Agreements between banks and
their service providers
• Agreements between banks and
their customers
13. Contracts & Agreements
• Bank’s engaging in RDC should have
strong, well-constructed contracts and
customer agreements.
• Legal counsel should help develop
agreements.
• Agreements should include various
provisions set forth in the guidance.
• Guidance requires actions that can only be
accomplished via an agreement.
Copyright 2009, Remote Deposit Capture, LLC 13
Remote Deposit Capture Risk Management
& FFIEC Compliance
14. “Top” 5 Requirements
1. Roles and responsibilities
2. Governing laws, regulations and
rules
3. Allocation of liability
4. Termination
5. Handling and record retention
procedures
Copyright 2009, Remote Deposit Capture, LLC 14
Remote Deposit Capture Risk Management
& FFIEC Compliance
15. 1. Roles and Responsibilities
• Contract should be tailored to the service.
• Describe the service that is being provided.
– E.g., Who is the customer? Is ACH processing
involved? Where does imaging occur?
• Describe the items to be processed.
• Describe limitations.
• Address responsibility for equipment and
software.
• Address responsibility for security.
Copyright 2009, Remote Deposit Capture, LLC 15
Remote Deposit Capture Risk Management
& FFIEC Compliance
16. 2. Governing Law
• There is no law that governs the processing of check
images.
• Paper check processing without an agreement is
governed by the UCC default provisions.
• Banks need agreements to set forth the law and
provisions they want to apply to the processing of check
images.
Copyright 2009, Remote Deposit Capture, LLC 16
Remote Deposit Capture Risk Management
& FFIEC Compliance
17. 2. Governing Law
• Make check law apply.
– E.g., UCC Articles 3 & 4, Regulation CC, Clearinghouse Rules,
Federal Reserve Operating Circulars, etc.
• Address gaps in the law.
– E.g., image format, image quality, returned items, duplicate items,
etc.
• Push back warranties, liabilities and risks.
– E.g., bank of first deposit warranties, Check 21 Act warranties and
indemnities
Copyright 2009, Remote Deposit Capture, LLC 17
Remote Deposit Capture Risk Management
& FFIEC Compliance
18. 3. Allocation of Liability
• Only responsible for performing the services set forth in
the agreement.
• Only liable for actual damages.
• Except as otherwise required by law, liable up to a
certain limit.
Copyright 2009, Remote Deposit Capture, LLC 18
Remote Deposit Capture Risk Management
& FFIEC Compliance
19. 4. Termination
• Customer may terminate with prior notice and Bank may
terminate immediately.
• Termination does not affect transactions in process.
• Retain ability to obtain funds from other customer
accounts.
• Customer should have contingency procedures in place.
Copyright 2009, Remote Deposit Capture, LLC 19
Remote Deposit Capture Risk Management
& FFIEC Compliance
20. 5. Handling and Record Retention
• Big issue for examiners.
• Must require that the customer securely store and
destroy original checks.
Copyright 2009, Remote Deposit Capture, LLC 20
Remote Deposit Capture Risk Management
& FFIEC Compliance
21. Additional Provisions
• Warranties, indemnification and dispute resolution
• Types of items that may be transmitted
• Documents RDC customers must provide to facilitate investigations
or resolve disputes
• Processes and procedures that customer must follow
• Periodic audits of the RDC process, including IT infrastructure
• Performance standards for the financial institution and customer
• Funds availability, collateral and collected funds requirements
• Authority of the financial institution to mandate internal controls,
customer’s location, audit of operations or request additional
information
22. RDC Risk Assessment Should Identify
• Risks to the security and confidentiality of nonpublic personal
information
• Changes in:
– Technology
– Sensitivity of customer information
– Internal or external threats to information
– Business arrangements.
• Risks associated with location may vary based on:
– In house deployment
– Type of Business
– Remote locations – Business or Home (Consumer)
– Domestic or International
• Difference depending on clearing items under either or both:
– Check 21
– ACH
Copyright 2009, Remote Deposit Capture, LLC 22
Remote Deposit Capture Risk Management
& FFIEC Compliance
23. RDC Has Impacts Throughout The Organization
Financial Institution
• Systems Impacted
– DDA, Float, Billing, Client Information Files, ACH, Returns, etc.
• Operations Impacted
– Check Processing, ACH, Research, Proof, etc.
– Business Continuity
• Business Divisions Impacted
– Sales, Support, Product Management, Risk,
and more
• Financials Impacted
– Fee Income
– Float
– Deposit Balances, Capital Base, Liquidity, Loans
• Products Impacted:
– DDA, Deposits, ACH, Online Banking, and more.
• RDC requires an organization-wide collaborative effort
• Deposit Products Product Management should lead.
DDA
ACH
RISK
SECURITY
OPERATIONS
TREASURY
TECHNOLOGY
Copyright 2009, Remote Deposit Capture, LLC 23
Remote Deposit Capture Risk Management
& FFIEC Compliance
24. Which Resources are Required?
Remote Deposit Capture
Implementation Stakeholders
Area
Senior Management Sponsor
Project Management Office (PMO)
Product Management
Cash Management Sales
IT ‐ Application Development
IT ‐ Infrastructure/Operations
IT – Security
Audit
HR/Training
Procurement/Vendor Management
Operations (ACH, Day1, Day 2, Lockbox)
Risk / Compliance
Finance & Treasury
3rd Parties
Source; Catalyst Consulting, RemoteDepositCapture.com
Deposits are the “lifeblood” of any
financial institution. RDC impacts almost
all areas within an FI.
Copyright 2009, Remote Deposit Capture, LLC 24
Remote Deposit Capture Risk Management
& FFIEC Compliance
25. Vendor Due Diligence and Suitability
• Deployment Options
– “In-House”
– “ASP / Hosted”
– View Webinar: Hosted vs. In-House Solutions
• Service Level Agreements
– Processing Timeliness, Bandwidth, Uptime
– Cutoffs, Reviews, Data Entry
– Help Desk Roles & Responsibilities
• Security, Accessibility & Reliability
– SAS 70 Type II Certification
– Issue Resolution, Reporting
– Process / System Monitoring & Confirmations
Financial institutions that rely on service providers for RDC activities should ensure
implementation of sound vendor management processes
Copyright 2009, Remote Deposit Capture, LLC 25
Remote Deposit Capture Risk Management
& FFIEC Compliance
26. Vendor Risk Management
• Selecting the “Right” Solution Provider
– Is RDC a Core Capability?
– Financial Stability
– Systemic Capabilities
– Strategic Fit for your organization
• Operational Risk Management
– Scalability, Reliability & Processing Bandwidth
– Online access to real-time reports
– Parameter-driven systems (item thresholds, etc.)
– Process & System Monitoring Capabilities
Financial institutions that rely on service providers for RDC activities
should ensure implementation of sound vendor management processes
Copyright 2009, Remote Deposit Capture, LLC 26
Remote Deposit Capture Risk Management
& FFIEC Compliance
27. Business Continuity & Disaster Recovery
The financial institution’s BCP & DR plans
should address:
• RDC systems and business processes, and the
testing activities
• Contingency plan development and testing should
be coordinated with customers using RDC.
Copyright 2009, Remote Deposit Capture, LLC 27
Remote Deposit Capture Risk Management
& FFIEC Compliance
28. Operational Risks
•Identify operational risks
• Access and Security of systems,
• Access and storage of original deposit items
• Location and security of electronic files
• Security and safekeeping of retained
nonpublic personal information
• Faulty equipment
• Inadequate procedures
• Inadequate training
• Document processing
• Poor image quality
• Inaccurate electronic data
Therefore, it is important to require customers to implement
appropriate document management procedures to ensure the
safety and integrity of deposited items from the time of receipt
until the time of destruction or other voiding.
Copyright 2009, Remote Deposit Capture, LLC 28
Remote Deposit Capture Risk Management
& FFIEC Compliance
29. Authentication & High Risk Transactions
Authentication system recommendations: multifactor
authentication, layered security, or other controls
reasonably calculated to mitigate risks.
• Elevated or New Risks in an RDC environment.
– Check alteration & Magnetic Ink Character Recognition (MICR) line
– Forged or missing endorsements
– Check security features
– Physical alteration of a deposited check – such as by “washing”
– Counterfeit items
– Duplicate presentment.
• Customer personnel
• Access by customers and their staffs to nonpublic personal information.
High-risk transactions involve access to customer information or the
movement of funds to other parties. The agencies consider transfer of
deposit transaction information to represent “the movement of funds to
other parties.”
Copyright 2009, Remote Deposit Capture, LLC 29
Remote Deposit Capture Risk Management
& FFIEC Compliance
30. Operational Risks - Lack of Control
Guidance
• Ineffective controls at the
customer location lead to:
• The intentional or unintentional
alteration of deposit item
information,
• Resubmission of an electronic
file,
• Re-deposit of physical items.
• Inadequate separation of duties
at customer location can afford
an individual:
• End-to-end access to the RDC
process
• The ability to alter logical and
physical information without
detection.
Control
• Identify and flag changes made to
scanned item or meta data (MICR,
CAR/LAR
• Duplicate file detection
• Duplicate Item detection
• Franking, endorsement, audit trail
marking
• Administrative controls that assign,
track and report entitlements. E.g.
require separate person for account set
up and deposit review approval
• Dual control where appropriate
Copyright 2009, Remote Deposit Capture, LLC 30
Remote Deposit Capture Risk Management
& FFIEC Compliance
31. IT Security Risks
Guidance
• Internal networks
• External networks of service
providers & customers.
• Technology-related operational
risks include
– Failure to maintain compatible
and integrated IT systems
– Multiple release levels-
associated software or
hardware
– Fail to install an update or
patch
– Web application vulnerabilities,
– Authentication
– Lack of encryption at any point
in the process.
Control
• IT audit controls (existing)
• Vendor Risk Management
(existing)
• Customer audits and
certification
• Active monitoring of HW & SW
inventory
• Stringent change control
procedures
• IT security audits (existing)
• Layered authentication (BITS,
MFA
• IT security audit (existing)
Copyright 2009, Remote Deposit Capture, LLC 31
Remote Deposit Capture Risk Management
& FFIEC Compliance
32. Examples of Existing Assessment Requirements
Interagency Guidelines Establishing Information Security Standards:
The Security Guidelines require a financial institution to design an information security
program to control the risks identified through its assessment, commensurate with the
sensitivity of the information and the complexity and scope of its activities
FFIEC IT Examination Handbook: Information Security Booklet:
Individual financial institutions and their service providers must maintain effective security
programs adequate for their operational complexity. These security programs must have
strong board and senior management level support, integration of security activities and
controls throughout the organization’s business processes, and clear accountability for
carrying out security responsibilities
Bank Secrecy Act / Anti-Money Laundering Examination Manual:
12 CFR 748 — “Security Program, Report of Crime and Catastrophic Act and Bank
Secrecy Act Compliance” Requires federally insured credit unions to maintain security
programs and comply with the BSA
Copyright 2009, Remote Deposit Capture, LLC 32
Remote Deposit Capture Risk Management
& FFIEC Compliance
33. Goal - Assess Once For Many
Copyright 2009, Remote Deposit Capture, LLC 33
Remote Deposit Capture Risk Management
& FFIEC Compliance
34. Risk Management: Mitigation and Controls
Management must complete and approve a comprehensive
risk assessment before (prior to) implementing an RDC
system and show:
• It can manage the risks associated with RDC
• Implement appropriate risk management policies
• It can effectively mitigate, measure, and monitor those
risks and establish:
– Risk tolerance levels,
– Internal procedures and controls,
– Risk transfer mechanisms where appropriate and available,
– Develop well-designed contracts
Copyright 2009, Remote Deposit Capture, LLC 34
Remote Deposit Capture Risk Management
& FFIEC Compliance
35. Customer Due Diligence and Suitability
• Risk Mitigation begins with Customer Selection
• Establish appropriate risk-based guidelines, e.g. BSA/AML
• Foreign correspondent accounts are subject to further due diligence
• New and existing customers, a suitability review should include:
– Business activities
– Review of their risk management processes
– Location
– Their customer base - Review should be commensurate with the level of risk
– When the level of risk warrants, visits to the customer’s physical location should be
included to evaluate the following:
• Management, operational controls and
• Risk management practices,
• Staffing and the need for training and ongoing support,
• IT infrastructure
• Review available reports of independent audits
• When appropriate, risk self-assessments by the RDC customer may be
adequate
Copyright 2009, Remote Deposit Capture, LLC 35
Remote Deposit Capture Risk Management
& FFIEC Compliance
36. Mitigation and Control Considerations
• Separation of duties or other compensating controls
• Strong change control processes
• Deposit items can be endorsed, franked, or
otherwise noted as already processed.
• Insurance coverage may provide a cost
effective way to mitigate risk further.
These controls should be designed and implemented
to ensure the security and integrity of data
Copyright 2009, Remote Deposit Capture, LLC 36
Remote Deposit Capture Risk Management
& FFIEC Compliance
37. Risk Management: Measuring and Monitoring
The following elements must be addressed in a Risk Management and
Monitoring System:
• Risk measuring and monitoring systems – Internal, Partner and Customer
• Establish accurate & timely operational performance metrics
• Set operational benchmarks and standards,
• Regular reviews of the reports, scheduled periodic reviews and operational risk
assessments.
• Establish Reports to track, monitor and measure:
– Duplicate entries
– Violations of deposit thresholds.
– Velocity metrics , i.e.; file size and number of files, transaction dollar value and
volume, and return item dollar value and volume
– Reject items and corrections,.
– Reports should address point-in-time activities as well as trends for individual and/or
groups of customers with similar characteristics, and for the RDC product as a whole
• Report content should be structured to meet the needs of the various levels of
management.
Copyright 2009, Remote Deposit Capture, LLC 37
Remote Deposit Capture Risk Management
& FFIEC Compliance
38. • Measure Results
– Establish Schedule, Standards and
Measurement Criteria
– Automate as many as possible
– Establish a red, yellow and green
system to identify risk exposure
– Audit – Internal, external
and customer
• Monitor
– Policy
– Operations
– Security
– Procedures
• Report
– Frequency of Reports
– Frequency of Reviews
• Risk Planning
̶ Identify Risks Items and Categories
̶ Assign Risk Levels
• Assess Risk
̶ Customer Selection – Business,
Tenure, Transaction
̶ History, Balances, Availability
̶ Legal Requirements
̶ Operations – IT, Networking, Vendor
̶ Security – Data, Identity, Network
• Mitigation Plans – Controls
̶ Policies
̶ People
̶ Processes
̶ Technology
Risk Management Process –
A Planning and Mitigation Life Cycle
Copyright 2009, Remote Deposit Capture, LLC 38
Remote Deposit Capture Risk Management
& FFIEC Compliance
39. Risk Reporting & Monitoring
• Establish Policies and procedures for RDC that include metrics for
reporting and risk tolerances for accounts:
– Account rules and limits
• Account Selection – Tenure, Transaction history, Balances, Type of Business
• Deposit limits – per day for review and analysis + per week or month
• Item amount ($) limits – Maximum per check
• Random review of deposits – For accuracy
– Monitoring and review of accounts for, (aka ACH) for duplicates, rejected
and returned items
– Monitor internal processes for separation of responsibilities:
administration for password, account setup, account access, deposit
review etc.
– Establish procedures for regular reporting of deposit history and to
identify patterns
– Periodic emails or letters to customers to remind them of their
responsibilities for: training, security, process, check retention,
endorsements, adequate safeguards for storage of checks and account
information
• Include RDC in audit process
Copyright 2009, Remote Deposit Capture, LLC 39
Remote Deposit Capture Risk Management
& FFIEC Compliance
40. Risk Reporting and Monitoring Checklist Examples
Develop a Risk Audit Checklist – Example
Written RDC Policies and Procedures Document
Legal Agreement need periodic review
Account Selection rules and limits
Establish thresholds and limits for volume, velocity and value
Monitoring and review of accounts for duplicates, rejected
and returned items
Monitor internal, partner and customer processes:
• Security and Access
• Separation of responsibilities
• Establish procedures for regular reporting
• Deposit history and to identify patterns
• Periodic training, emails or letters to customers
RDC included in audit process (GRC) and customer visits/audit scheduled
as necessary
Frequency of Audit established
Copyright 2009, Remote Deposit Capture, LLC 40
Remote Deposit Capture Risk Management
& FFIEC Compliance
41. Risk Management
Key Risks
• KYC
• Duplicate Presentment
• Data Alteration
• Information Security – Paper &
Electronic
• Fraud Detection
• Image Quality/Integrity
• Errors
Risk Management
Insurance
Duplicate Detection
Data Encryption
Information Security – Procedures &
Technology
Legal Liabilities Shifted
Standards Evolving
Availability Assignment
Security Levels / Approvals
RDC & Related Technologies can provide better risk
management capabilities than were present in a paper-
based processing environment.
Copyright 2009, Remote Deposit Capture, LLC 41
Remote Deposit Capture Risk Management
& FFIEC Compliance
42. Conclusion
A financial institution offering RDC should have:
• Sound risk management and mitigation systems
• Require adequate risk management at customer locations.
• Prior to implementing RDC, and thereafter, management should:
– Periodically conduct a risk assessment to identify types and levels of risk
exposure.
• Comprehensive contracts and customer agreements should identify clearly
the roles, responsibilities, and liabilities.
• Appropriate technology and process controls at both the financial institution
and the customer locations
• Financial institution management and the customer should implement
effective risk measurement and monitoring systems.
• Insurance coverage should be considered as a risk transfer mechanism.
• RDC may not be appropriate for all customers or for all financial institutions.
• The board and senior management are ultimately responsible for safe
and sound operations, including RDC products and services.
Copyright 2009, Remote Deposit Capture, LLC 42
Remote Deposit Capture Risk Management
& FFIEC Compliance
44. Thank you to our Sponsors…
Fiserv Source Capture OptimizationTM
enables a common web platform for remote
deposit capture at the Consumer,
Merchant, Branch, Teller and ATM.
Ranked #1 Branch and Teller Capture Solution in the
industry (AITE, Dec 2008)
Visit www.sco.fiserv.com to learn more
call (800) 872-7882
email: victoria.lant@fiserv.com
Copyright 2009, Remote Deposit Capture, LLC
Remote Deposit Capture Risk Management
& FFIEC Compliance
44
45. Thank you to our Sponsors…
Copyright 2009, Remote Deposit Capture, LLC
Remote Deposit Capture Risk Management
& FFIEC Compliance
45
Digital Check is a leading technology provider of low-cost check scanners for the distributed
capture marketplace. Delivering reliable performance with superior MICR and image quality,
the TellerScan® and award-winning CheXpress® models TS215 TS230, TS4120, and CX30
are specifically designed to meet the needs of today’s branch and RDC users.
To learn more about Digital Check, the Secure Choice in Distributed Capture™, please visit
www.digitalcheck.com or call 888-838-5744.
46. For More Information:
• Hope Schall Contact Info
– Hschall@VedderPrice.com
– www.VedderPrice.com
• RemoteDepositCapture.com
– Ed.McLaughlin@RemoteDepositCapture.com
– John.Leekley@RemoteDepositCapture.com
• Additional Resources:
– Download a pdf of the FFIEC Guidance by clicking here.
– Download a pdf of RemoteDepositCapture.com’s Best Practices in RDC Risk
Management presentation by clicking here.
– Join The Discussion: Remote Deposit Capture Risk Management Best Practices,
Examples and More.
– View the Webinar: Best Practices in RDC Risk Management – A Financial
Institution Perspective.
– FFIEC Press Release Website
Copyright 2009, Remote Deposit Capture, LLC 46
Remote Deposit Capture Risk Management
& FFIEC Compliance