Technology has been a boon for financial institutions, but it comes with challenges. One of those challenges is mitigating the risk of fraud and protecting the financial assets of customers in the custody of the bank.
In response, our firm has developed a menu of services for our bank clients that includes:
- Information security risk assessment
- IT general controls review
- Network security assessments
- Electronic banking review
- Remote deposit capture
- GLBA compliance
- Red flag compliance
- PCI DSS compliance
Information security risk assessment
Our industry-based risk assessment methodology will help you prioritize your risks so that you can put the right internal controls in place and build an efficient information security program. You can rely on our documented approach. It will provide auditors and regulators proof that you have analyzed risk and developed a multi-year IT audit plan to assure the controls are implemented.
IT general controls review
The methodology that our IT security professionals use for the review of your IT general controls follows the guidelines of COSO, AICPA, COBIT, and other industry standards like ITIL and ISO. It also takes into account various regulatory requirements by the Federal Financial Institutions Examination Council (FFIEC), the Gramm-Leach Bliley Act (GLBA), and Sarbanes-Oxley. It is a good first step in responding to heighten concern for safety from bank regulators and examiners.
Network security review
Our information security team understands the threats that most financial institutions face, but they will take the time to understand your institution and the specific threats it faces. Our information security specialists will then simulate various threat scenarios based on their understanding of the threats facing your institution. These threats can range from external non-knowledgeable to internal knowledgeable. Using traditional "hacker" attacks, our security assurance specialists will identify specific targets and launch controlled exploits against existing security controls. Their assessments can include external penetration testing, internal network security assessments, web applications security, and more targeted reviews such as social engineering tests, wireless security assessments, etc.
Electronic banking review
With the popularity of Internet and mobile banking, you are probably looking for ways to enhance and expand your services. With each change, however, comes the need to re-examine your controls to protect your customers’ money and information as well as your institution’s reputation. Our team will take a multi-layered approach when reviewing your security providing you a high level of confidence.
Remote deposit capture (RDC)
Remote deposit opens up markets, but it has to be handled with care. If you are making a decision on whether to set up merchant or branch capture solutions, our information security experts have the experience to help you make that decision. If you are using RDC, they can help you ensure the safety of your system.
Privacy reviews (GLBA, Red Flags)
Bank examiners are emphasizing a proactive approach to privacy protection. Our security assurance team can help you respond by making sure you have a security management process in place to protect against unauthorized access, use, disclosure, or modification of customer records.
PCI DSS compliance
The Payment Card Industry (PCI) requires any organization that stores, processes or transmits credit card data to comply with its Data Security Standards (DSS). Plante & Moran is a PCI Approved Scanning Vendor (ASV) and our team can help you through the 12 PCI DSS requirements, quarterly vulnerability scans and penetration testing.
To keep your bank in compliance, protect the confidentiality and integrity of your data, and make sure it is available when needed, you can depend on our information security specialists.