informational web site puts your nancial institution at risk for fraudulent and criminal acts.
Insurance carriers specializing in depository institu- tions ask that you complete questionnaires as part of the underwriting process. These questions come from the insurance company’s loss history and are intended to help the company and you determine where there may be exposure.
IT auditors and consultants also bring up various issues to help with risk management. There are many questions you can ask yourself and your staff to deter- mine if there are any gaps in your loss control program. The following are just a few questions to include in a self-assessment tool. More procedures and controls are available upon request, along with examples of losses. • If the website links by any means to any other website, has permission been granted or a link license been obtained?
• Does someone regularly review activity on social media?
• Are logical access controls (user IDs and pass- words) in place to allow only authorized employ- ees to access the network? Are the passwords changed every 120 days?
• Is the content of the website reviewed to ensure mandatory legal disclosures and relevant regulatory and compliance issues have been adequately addressed?
• Has the internet banking strategic/business plan been reviewed and approved by the board of directors annually?
• Has the Disaster Recovery Plan been modified to include Internet banking and other electronic activities?
• Have the internal and external audit programs been updated to speci cally address internet bank- ing and electronic activities?
• Do employees have remote access to the bank’s computer system(s)?
• Is software used to manage or monitor employee e-mail content, le downloads, or unsolicited e-mail (SPAM) activities?
• Has publicly obtainable information such of date of birth, social security number, mother’s maiden name, etc. been removed from the list of authentication options?
• Are exception reports generated and reviewed on a daily basis, which would reveal: (1) restricted transactions; (2) correcting and reversing entries; and (3) unsuccessful attempts to access the system or restricted information?
ABOUT THE AUTHOR
Diana Poquette is with UNICO Group, Inc. She can be reached at 402-499- 1011 or firstname.lastname@example.org
NOVEMBER-DECEMBER 2018 WWW.CBAK.CO
Image © utah778/iStock
| Page 2
| Page 3
| Page 4
| Page 5
| Page 6
| Page 7
| Page 8
| Page 9
| Page 10
| Page 11
| Page 12
| Page 13
| Page 14
| Page 15
| Page 16
| Page 17
| Page 18
| Page 19
| Page 20
| Page 21
| Page 22
| Page 23
| Page 24