Risk Management Report Generator: Collaborative Partnerships for Analyzing, Simplifying, Comparing & Strategizing

1. Manage Your RiskUtilizing Collaborative Partnerships to analyze, simplify, compare & strategize

2. Agenda/Topics To Be Covered • Who’s Who • Information Security Program • Using the Risk Management Report Generator Web Site • Using Related Services for Overall Structure • What else is new for Auditing, Reporting & Compliance

3. Information Security ProgramAppendix A of Part 748, NCUA Rules, GLBA MUST: • Involve Board • Risk Assessment • Risk Management • Training • Testing • Service Provider Oversight • Adjustments

4. Board Involvement • Ultimate responsibility • Approved policies • Annual reports • Security committee • Breaches

5. Risk Assessment • Identify threats i.e. member data…disclosure and destruction • Assess potential damage • Policies sufficient to monitor and manage the risk

6. Risk Management • Protecting against the threats and mitigating risk • Monitoring systems • Dual control • Employee controls • Physical controls

7. Training • Recognizing the risk • Making it part of everyday process • Reporting unauthorized attempts • Federal and State Requirements, GLBA

8. Adjustments“you’re never done” • Reflect changes to technology • New threats • Business arrangements • Services and products

9. Response Programs • Assessment of access • Notification of regulatory authorities • Containment • Notification of members “All, specific, none”

10. Oversight of Third Party Providers • NCUA Letter 08-CU-09 • NCUA Letter 07-CU-13 • FFIEC • During the selection process • During the contract process • For on-going monitoring

11. WHEN DOES IT APPLY • Involves a new financial service activity • Materially affects revenues and expenses • Involves member data • Involves marketing of CU products by a third party • Involves subprime lending or card payment transactions • Poses risk that could significantly affect earnings or capital

12. What is the Risk Management Report Generator Site? • Your tool for evaluating third party relationships • Creating a community of responses • Serves as vault to store your reports and vital contract data • Allows you to complete your annual reviews • Follows NCUA guidelines as originally adopted in the letter to CU’s http://rmrg.cuanswers.com/

13. Activity for 2010 100 Users 160 Reports created 40 Vendors

14. Where are we at today • 122 Users • 296 Reports created • 288 Vendors

15. Vendors • Most Common Vendor types: • Insurance • Mortgage • Financial • Collection • Shredding services • Janitorial • Statement Providers

16. Feedback Easy to use. Good educational start with canned responses Excited to show examiners It’s Free!! Great single repository for all reports Improvements Email notification to renew report? Scanning contracts Credit Unions are saying…

17. What is coming • Review dates • Proliferating vendors outside of the cuasterisk network • Promoting additional responses • Audit Link Offerings • ACH • BSA • Audit Link Lite

18. Another Tool: Concentration Risk Analysis • Model for predicting concentration risk in investment portfolios • Includes Historical Loss Ratio and Credit Risk calculations • Portfolios will be shock tested based on potential economic impacts to the portfolio, and will also include tests based on portfolio growth • Clear and concise recommendations will be made based on test results • Sample policies are also available upon request

19. Sample Concentration Risk Analysis

20. Conclusion – You Should now know • Why is it important for me to use RMG Site? • Who do I contact if I have questions regarding the Risk Management Report Generator Site? • Who do I contact if I would like to participate in any of the other services highlighted today? • How much does it cost?

21. Linking the powers together is your key to success! • Jim Vilker- jvilker@cuanswers.com • Joe Spenski – jspenski@cuanswers.com • Patrick Sickels – psickels@cuanswers.com • 800-324-3478