• Home
• About Susan Orr
• Articles
• Speaking Events
• Documents & Resources
• Links
• Contact

Documents & Other Resources

Mobile Banking Security Best Practices Guidance

In the midst of high growth in mobile phone banking applications and an astounding global ubiquity of mobile devices, it is imperative to reinforce the security of mobile banking. Securing this new form of banking now is in investment in continued future consumer growth due to the well-known twin customer needs for convenience and security.

These international security best practices for mobile device banking are published by the ATM Industry Association, a global non-profit with over 1,200 members in 50 countries. A lifecycle approach has been adopted in developing these well-received security best practices to ensure there are no gaps in what to do to ensure a Trusted Environment for mobile phone banking.

Invest in mobile banking security. Study and follow these international best practices. Clients of Susan Orr receive a special 20% discount on each copy purchased, paying $160 instead of $200. To order your PDF copy here, fill out this simple form.

Remote Deposit Merchant Capture Templates

The FFIEC Risk Management for Remote Deposit Capture Guidance requires institutions to develop policies, procedures, and controls for the risk management of remote deposit capture operations. To assist you in developing your program and help ensure compliance with the guidance, Susan Orr Consulting, Ltd. has developed a set of templates and checklists that you can adapt to your specific requirements.

The complete package of Remote Deposit Capture documents includes tools and checklists to enable you to develop best practices for Remote Deposit Capture as well as meet the regulatory requirements of the FFIEC's latest guidance. Entire bundle of 11 customizable documents is $205.00 or individually priced.

Please contact Susan via email or by phone to order. In most cases the orders will be electronically delivered the same day.

RDC Onsite Visit Checklist
$35.00
FFIEC guidance states that an onsite visit should be performed whenever the risk rating of the customer warrants. Regulators will also accept a self certification that is completed by the merchant if the situation warrants especially when an onsite visit isn't feasible or for those businesses that would be exempt from an onsite visit by the institution.

Two documents are included, one is an Onsite Visit Checklist to be completed by the institution, the second is a self certification questionnaire for the merchant to complete and return to the institution inlieu of or in addition to an onsite visit. Both may be used as is or customized to meet the institutions internally developed audit criteria and or customers profile.

RDC Internal Policy Outline
$25.00
The institution must develop a policy to guide RDC operations. This outline is provided strictly as a guide in developing your internal policy. The policy must be unique to the financial institution's size, complexity, and RDC operations.

Items to be addressed in the policy may include a policy statement, applicable regulations, contract requirements, funds availability schedule, roles and responsibilities, risks, reporting requirements, and audit requirements.

While there are many fill in the blank, pre-populated templates available on the Internet, regulators caution that the policy must be unique to the institution's operations, size, complexity, and type of customers. Use this outline to develop your own unique policy, or compare it with a standardized template to ensure you cover all the areas recommended by best practices.

RDC Internal Procedures Outline
$25.00
This word document is to be used as a guide for developing internal procedures.

The outline covers many aspects of RDC operations; however, it is provided only as a guide. Your internal procedures will be more detailed and may address other activities other those provided in the outline.

Written procedures must be developed that are detailed enough to guide users in all phases of RDC.

RDC Risk Assessment Template
$25.00
This template is provided as a guide in developing the institutions risk assessment of RDC operations. RDC operations may be included in the institutions "enterprise-wide" information security risk assessment or assessed individually.

This document is provided as a guide, you may identify additional risk/threats during your analysis.

The form is pre-populated with a series of standard risks/threats that can be customized and expanded to meet the institution's unique profile. Performing a risk assessment on RDC is required for regulatory compliance and best practices.

Merchant Suitability Assessment Matrix
$25.00
This word document provides a guide for developing a merchant suitability matrix that can be used as is or customized by the bank.

The form is pre-populated with standard questions that should be considered when evaluating the suitability of potential RDC customer. You may also customize the form to meet your own specific requirements.

Regulators and best practices require that institutions perform a thorough review of a prospective customer to ensure the proper fit for remote deposit capture services.

The document also contains an example of high, medium, and low risk merchants.

Annual Customer Risk Analysis
$25.00
This word document provides an example of a customizable matrix that can be used to perform an annual analysis and/or provide a monitoring guide for customers currently using RDC.

The full document contains a listing of criteria as well as criteria if the form is used for evaluating new customers as well. Regulatory requirements and best practices both emphasize the need for proper credit analysis on new and existing customers.

Merchant Security Recommendations
$25.00
Chances are your customer has no idea what needs to be done to securely implemented and conduct RDC operations. Security for the computer and the physical documents is imperative.

This document can be customized by you or used as is to provide guidance to the customer on securely deploying RDC. Use this document as part of your training program for your customers. Regulators are looking to you to provide guidance and training regarding RDC.

The content of the document has been derived from best practices and the Payment Card Industry Data Security Standards.

Merchant Incident Response Policy Outline
$25.00
This word form provides an outline and guidance for directing your customer's in developing an incident response plan for their RDC operations. The form can customized by you and your customer so it is unique to their operations and specific plan.

Being prepared for responding to an incident or breach in security is just as important for your customer as it is for you and chances are your customers are unprepared to develop such a plan. Add this to your list of training documents you provide to your customer.

Merchant Continuity Plan Outline
$15.00
This document provides an outline for your customer to guide them in developing their own continuity plan for RDC operations, or you could customize it for them and provide as part of your training package.

The document is only an outline as the actual plan needs to be unique to the customers operations.

RDC Checklist Template
$25.00
This example is provide to help you get started in developing your own unique set of processes and ensure that all the steps are completed from evaluating merchant suitability through ensuring employee and customer education.

This word format can be used as is and just add any additional steps you require.

The Susan Orr Consulting Remote Deposit Capture App manages ongoing monitoring of risk of the institutions remote deposit product by providing a strong start-up kit, automating merchant approval process, and detailed ongoing risk management process. The Remote Deposit Capture App automates the new merchant process step-by-step: from application, suitability, underwriting, approval, through set-up. The App includes all the required forms.

Vendor Management Program Templates

The FFIEC agencies require financial institutions to develop a written program to manage their outsourced relationships beginning with an assessment to determine the need for the product or service and alignment with the business objectives of the institution. Following the needs assessment phase, institutions are expected to conduct due diligence on the vendor/provider. This due diligence should also be repeated in the form of an annual evaluation of the vendor/provider and service as part of the ongoing monitoring and oversight of the relationship. Another key element of the vendor management program is to conduct a risk assessment of all third party relationships on an annual basis. To guide the process of management these relationships, institutions must also develop a policy and establish procedures to ensure a consistent, repeatable process.

To assist you in developing your vendor management program, Susan Orr Consulting, Ltd. Has developed a set of templates that can be adapted to fit your specific requirements.

The entire bundle of 5 customizable documents may be purchased from Susan Orr Consulting, Ltd. For a nominal fee of $140.00, or the documents may be purchased individually.

Please contact Susan via email or by phone to order. In most cases the orders will be electronically delivered the same day.

Vendor Management Risk Assessment and Contract Review
$50.00
This excel spreadsheet is provided to assist you in completing your vendor risk assessment and contract review. The document consists of two worksheets: risk assessment and contract review.

Both worksheets are pre-populated with a series of items that should be addressed in your assessment and contract review. These documents are extensive and may be used as is or if you have need can be customized.

Needs Assessment Form with Risk Rating
$25.00
This form is a pre-populated comprehensive Word document that will guide you through the request for services and a needs assessment. A risk assessment guide is also provided to assist you in establishing a “pre-assessment” of the provider or product to further help you in your decision making process.

This document can be used as is or customized to meet your needs.

Vendor Management Policy Outline
$25.00
This Word document provides an outline and examples to assist you in developing your program policy. This document takes you through each requirement of a comprehensive policy. While it is not a true “fill in the blank” template, examples for each section are provided to guide you in creating your own unique policy.

Vendor Due Diligence Checklist
$25.00
This Word document is pre-populated with a set of questions to guide you in your initial due diligence of a vendor/provider and/or service. While a series of questions are provided, the form may be customized for your institution needs or to fit an individual situation. The checklist is provided as a guide to get you started, but can be used as is.

Annual Vendor Review Checklist
$25.00
This pre-populate Word document will assist you in addressing your annual vendor review and can be used as a supplement to your vendor risk assessment. The document will guide you in the annual oversight process and ensure you are receiving and reviewing all the required documents such as an independent audit, business continuity plan, incident response plan, and other performance and security related documents. The checklist design is such that one form is to be completed for each vendor and has a comments section where you can tract issues or record any specific comments relating to the item being reviewed.

As with the other documents, this checklist can be used as is or customized for your unique requirements.