SERVICES

   

Strategic Technology Plan – Development of a formal strategic technology plan documenting Bank technology goals in support of its business goals. Includes a survey of bank employees, trends analysis, and a review of best practices in banking. Aligns the bank’s people, processes, and technology to achieve maximum performance.



Technology Assessments – An assessment of the Bank’s operations and technology designed to improve utilization, efficiency, and profitability. Major technology services provider contracts and relationships are reviewed. Emphasis is placed on the customer experience and frictionless operations.



Employee Tech Survey – Typically performed in conjunction with the Strategic Technology Plan, we survey your employees regarding the bank’s use of technology, customer service issues, and tech support. Employees respond anonymously which contributes to the integrity of the survey and the information gathered, much of which can be valuable to the strategic technology planning process.



Strategic Technology Planning Session with Bank Management – We facilitate a session that helps all stakeholders get on the same page, in the same room, to discuss the bank’s use of technology and how it supports the bank’s business goals. The bank’s Strategic Technology Plan is developed live as the day progresses. Includes an overview of the latest tech trends, review of the bank’s current operation, tech planning considerations, and tech planning goals.



System Selection – Consultation regarding any Bank system selection, including Requests for Proposals (RFPs), investment analyses, and vendor profiles.



CEO Tech Advisory – Trusted and independent advice, in plain English, to the bank’s CEO regarding the bank’s use of technology, personnel performance, and vendor value.



Board Education – Informative and educational presentations to the bank’s directorate on a variety of technology, cybersecurity, and risk management issues. Complex issues are presented in layman’s terms with real-world examples instead of hyperbole. Delivered with the business of banking and high performance in mind.



Customer Education – Entertaining and informative programs designed to help the bank’s customers better understand the bank’s role in using technology to deliver bank services in a safe and sound manner. Educates customers on what they can do to mitigate the risk of Corporate Account Takeover (CATO) incidents and helps promote awareness of how customers can collaborate with the bank to improve their operations.



IT Personnel Coaching – Expert coaching of the bank’s IT personnel to help them understand that the bank is a for-profit business and that technology is a means to an end (a tool) to help the bank perform at a high-level while delivering outstanding customer service in an efficient manner. We cover the best practices in bank technology and operations, giving your people the knowledge to succeed.



Contract Review – A review of the bank’s technology contracts to determine notification requirements, terms, and possible price breaks. The goal is to determine if the bank has the best possible vendor relationships and is paying a fair price for the value received. We apply our extensive knowledge of the technology services providers (TSPs) in the banking industry to help the bank secure the best possible arrangements with its providers.



Organizational Review – A review of the bank’s operations and technology organizational structure to determine if the people, processes, and technology are aligned for high performance.



M&A Tech Due Diligence – We assist the acquiring bank in determining the acquired bank’s technology service provider (TSP) relationships, related contracts, costs to terminate such contracts, and the path to converting the acquired bank to the acquiring bank’s systems. Potential pitfalls are examined and highlighted for consideration.



Conversion Management – Project management services to help your bank execute a core processing conversion successfully. We coach your team through this often difficult and arduous process and we hold your vendors accountable for performing at the level you expect. Our goal is to help you convert systems with little negative impact to customers or the bank.



Operational Efficiency Reviews – An analysis of Bank operations to identify cost-saving and revenue-generating opportunities.



Technology Provider Oversight – Documentation of contracts, confidentiality agreements, vendor financials, and technology provider performance.



Speaking Engagements – Access to nationally recognized speakers on the Sawyers & Jacobs team who can deliver customized presentations to your bank or industry group. We offer special consideration to our clients and design seminars and conferences for your employees or customers.



RedTorch Academy-Cybersecurity Board Training – Informative and educational presentations to the bank’s directorate on a variety of technology, cybersecurity, and risk management issues. Complex issues are presented in layman’s terms with real-world examples instead of hyperbole. Delivered with the business of banking and high performance in mind.



RedTorch Academy-Security Awareness Education – Annual Security Awareness Education is required by the Gramm-Leach-Bliley Act (GLBA) as part of a bank’s efforts to safeguard customer information. Such education is also imperative to preserving a bank’s reputation and customer trust.

To maintain compliance with federal and state banking laws, regulations, and guidelines, this online, on-demand, Security Awareness Education session will allow bank employees to view the session on a smartphone, tablet, laptop, or desktop computer. The session allows one to pause and play, setting the pace as desired.



RedTorch Academy-Information Security Officer (ISO) Training – Based upon our live presentation, which is familiar to many bankers across the nation, Sawyers & Jacobs has developed an excellent six-module on-demand training program specifically for Information Security Officers.  Whether you are a new ISO or a seasoned veteran ISO, the information security landscape shifts daily, requiring continuous education and constant diligence.  Staying on top of the latest trends, practical approaches, and regulatory expectations can be daunting.  Let the Sawyers & Jacobs team make your life “ISO-easier” through these entertaining and informative sessions.



Cybersecurity Risk Assessment – Using our customized, proven cybersecurity risk assessment model as part of our RiskRaptor™ system, we help your bank establish its cybersecurity risk appetite and cybersecurity profile while identifying threats and trends, assessing your bank’s specific cybersecurity risk, and offering suggested mitigating controls designed to reduce risk. The Cybersecurity Risk Assessment culminates in a color-coded, comprehensive, practical summary of the bank’s cybersecurity risk. An executive summary is provided for board reporting and examiner presentation.



Enterprise Risk Assessment (ERA) – Using our proven Enterprise Risk Assessment models, we facilitate a high-level, enterprise-wide assessment of your bank’s risk in 14 bank-specific areas. Color-coded and easy to interpret, our ERA is designed to help bank management and the board of directors manage risk within the bank’s risk appetite and navigate a rapidly changing marketplace.



Enterprise Risk Management (ERM) – We offer quarterly reporting and monitoring of the bank’s financial performance to round out an Enterprise Risk Management (ERM) program. Through our alliance with our friends at Seifried & Brew LLC, we offer a practical, community bank-oriented approach to ERM. Schedule a free consultation and receive a copy of our book, The Art of Enterprise Risk Management for Community Banks.



Gramm-Leach-Bliley Act (GLBA) Information Security Risk Assessment – A color-coded, quantitative risk assessment of the bank’s information security in accordance with the GLBA. We ask the right questions and identify the threats that will help your bank reduce risk and establish prudent information security safeguards. Board reporting and consultation is provided.



Information Security Program Updates – Pursuant to Section 50l(b) of the Gramm-Leach-Bliley Act (GLBA), all banks are required to have an Information Security Program that is reviewed and approved by the board of directors each year. This program complements the GLBA Information Security Risk Assessment and is an important component in the bank’s GLBA compliance efforts. We help the bank by providing suggested content, updates based on recent trends and requirements, and expert advice on information security safeguards.



Information Technology Risk Assessment – A color-coded, quantitative risk assessment of key IT business functions and controls designed to rank IT risks from highest to lowest. Serves as a useful heat map and helps determine the scope of IT audits. Included in our IT Review/Audit service.



Electronic Banking & Online Services Risk Assessment – A risk assessment of the bank’s online and electronic banking services in accordance with regulatory guidelines on such services and related controls such as multifactor authentication. Serves to identify and mitigate risk in this critical area.



Cloud Computing Risk Assessment – The risk assessment is designed to identify and measure risk regarding clould computing services and establish mitigating controls designed to reduce risk.



Mobile Banking Risk Assessment – A threat-based risk assessment designed to assess the risk of mobile banking services.



Remote Deposit Capture (RDC) Risk Assessment – A risk assessment per the January 2009 regulatory guidelines for Remote Deposit Capture (RDC). Identifies the latest threats to RDC process and systems.



Identity Theft Red Flags Risk Assessment – This required risk assessment, per the FACT Act, assists the bank with identifying covered accounts maintained by the bank, recognizing “Red Flags” which should trigger the bank’s ID Theft Prevention Program, and documenting controls the bank has implemented to respond to “Red Flags.”



Vendor Management Risk Assessment – A detailed risk assessment that aids bank management with classifying vendors based on criticality. This user-friendly risk assessment contains detailed questions that inquire about the bank’s vendors. Once the questions are answered, the risk assessment assists bank management in identifying vendors who may pose a higher risk to the bank’s environment. The risk assessment meets current regulatory guidelines.



RiskRaptor™ Vendor Management Program – This 14-Point Vendor Management Program provides oversight of the Bank’s critical vendors in accordance with current banking laws, regulations, and guidelines. The program allows Bank management to establish sound business practices regarding vendor evaluation, selection, and management.



Social Media Risk Assessment – A color-coded, quantitative risk assessment of threats related to the bank’s use of social media (e.g., Facebook, Twitter, YouTube, Linked In).



Bank Secrecy Act Risk Assessment – Designed to identify and measure risk in the four key areas (i.e., products, services, customers, and geographic locations) in accordance with Bank Secrecy Act guidelines for assessing program risk.



BSA/AML Independent Testing – Independent testing of the Bank’s compliance with the Bank Secrecy Act, per regulatory guidelines.



BSA Board Education – A customized session on BSA compliance and trends, designed for the Bank’s board of directors and to satisfy this annual requirement.



Regulatory Support – Support and consultation regarding IT examination prep, coordination, exit meeting, and response. We will represent your bank in board meetings with examiners and help translate regulatory requirements in the cybersecurity and technology areas while understanding that the bank is a for-profit entity.



IT Exam Prep – We help your bank prepare for its next IT exam by coaching your people on regulatory hot buttons and helping them prepare your documentation for examiner review. We also provide ongoing consultation regarding regulatory issues related to cybersecurity and technology.



Internal Audit Outsourcing – When specialized knowledge or expertise is required, selected internal audit functions can be outsourced to our firm. We observe regulatory guidelines regarding the outsourcing of internal audit and we complement your internal auditors, providing coaching and training designed to help improve the internal audit function.



Business Continuity Plan – Review or development of a bank-wide Business Continuity Plan designed to address natural, technical, and human-caused disasters.



Tabletop Testing – We use our proven model to facilitate a review of multiple disaster scenarios, the bank’s preventive measures, and action plans for each disaster event.



Disaster Recovery Testing – Consultation regarding disaster recovery testing and documentation per industry guidelines.



Business Continuity Plan Risk Assessment – A color-coded, quantitative risk assessment of multiple disaster scenarios to determine the most likely and highest risk disasters.



Physical & Environmental Security – A review of the Bank’s physical and environmental security designed to strengthen the Bank’s protective measures and safeguards.



Business Impact Analysis – An analysis of key business functions, related timeframes for recovery, and financial impact. This process documents the Maximum Tolerable Downtime (MTD), Recovery Time Objective (RTO), Recovery Point Objective (RPO), and Financial Impact of each disrupted business function.



Internal Controls Risk Assessment – A risk assessment to assist with the bank’s internal audit planning. The risk assessment process includes identifying key audit areas and determining each area’s risk. This information helps the bank’s internal audit department with audit plan development, audit scheduling, and allocating resources effectively.

 

AlphaWolf Scanner™ – Ongoing, independent, internal vulnerability scans across all devices on the Bank’s network. Service includes tracking vulnerabilities that will illuminate patch management effectiveness, identify device misconfigurations, and expose default or easily guessed passwords. Formal monthly reporting suitable for board presentation is provided. On-demand scanning and additional consultation available upon request. Satisfies current regulatory requirements to perform vulnerability scans of all bank devices on a frequent basis. This service complements our full suite of cybersecurity consulting services including our annual cybersecurity assessment, IT Audit, and related risk assessments, all of which enhance the Bank’s cybersecurity preparedness.



Cybersecurity Assessments – A review of the Bank’s network security posture in accordance with industry best practices. Includes penetration testing, social engineering, and vulnerability scanning. Designed to offer helpful and practical advice to bank management and technical staff. Our team understands the business of banking, the regulatory environment, bank technology service providers, and the most current cybersecurity threats. We apply real-world experience to help the bank mitigate cybersecurity risk in a rapidly changing world where cybercriminals are attacking banks on a 24/7 basis.



IT Audits – A review of IT controls in accordance with the Federal Financial Institutions Examination Council’s (FFIEC’s) guidelines and industry best practices. We apply our banking experience to help bank management address the controls necessary to maintain a safe and sound banking operation while complying with applicable laws, regulations, and guidelines, yet competing effectively in an increasingly open and interconnected world.



Penetration Testing – Testing the bank’s network security by attempting to safely exploit vulnerabilities and offering recommendations for remediation.



Social Engineering – Using social interaction with bank employees to determine their vulnerability to hackers, intruders, and con artists. We use a variety of sophisticated, professional, and non-intrusive methods to determine your bank’s susceptibility to such ploys.



External Vulnerability Scanning (one-time) – Assessing the bank’s network perimeter for known security vulnerabilities which could be exploited by hackers. Detailed reporting is provided. A snapshot in time and a one-time scan. Monthly scanning is also available.



External Vulnerability Scanning (monthly) – Assessing the bank’s network perimeter for known security vulnerabilities which could be exploited by hackers. A monthly service with full­featured reporting.



Internal Vulnerability Scanning (one-time) – Assessing the bank’s internal systems for known security vulnerabilities, which could be exploited by hackers, and missing patches, which should be applied to remedy such vulnerabilities.



Phishing Tests (one-time) – Included in a full-scope Cybersecurity Assessment. Professionally delivered spear phishing tests designed to test the effectiveness of your bank’s security awareness education efforts and teach your employees how to identify and respond to security threats.



Phishing Tests (monthly) – Professionally delivered spear phishing tests delivered monthly and designed to test the effectiveness of your bank’s security awareness education efforts. Results are useful in teaching your employees how to identify and respond to security threats.



Website Vulnerability Assessments – We review your bank’s website for vulnerabilities that could be exploited by hackers to disable, vandalize, or alter your website and its content.



Backup Assessment – An assessment to determine what data is being backed up and what gaps exist that might endanger the bank’s recovery capability.



Cybersecurity Risk Assessments – Using our customized, proven cybersecurity risk assessment model as part of our RiskRaptor™ system, we help your bank establish its cybersecurity risk appetite and cybersecurity profile while identifying threats and trends, assessing your bank’s specific cybersecurity risk, and offering suggested mitigating controls designed to reduce risk. The Cybersecurity Risk Assessment culminates in a color-coded, comprehensive, practical summary of the bank’s cybersecurity risk. An executive summary is provided for board reporting and examiner presentation.



Security Awareness Training – A self-paced presentation that educates bank employees regarding security do’s and don’ts and compliance with bank security policies. Presented in layman’s terms and designed to help your employees do the right thing when they encounter security threats. The training is accompanied by a test designed to reinforce what was learned in the one-hour security awareness presentation.



Cybersecurity Education for Board Members – An informative and educational presentation to the bank’s directorate on one of the most important topics in banking … cybersecurity. Complex issues are presented in layman’s terms with real-world examples instead of hyperbole and sensationalism. Because we teach cybersecurity classes at banking schools, industry conferences, and universities, we are uniquely qualified to deliver this important education to your board of directors.



Cybersecurity Education for Customers – Entertaining and informative programs designed to help customers better understand the bank’s role in using technology to deliver bank services in a safe and sound manner. Educates customers on what they can do to mitigate the risk of Corporate Account Takeover (CATO) and other cybersecurity incidents. Helps promote awareness of how customers can collaborate with the bank to improve their operations. Delivered on line or live. Excellent opportunity for community outreach.



Network Design & Installation – Determining network specifications, designing, and installing the bank’s network and/or related components.



Network Health/Performance Assessment – A review of your bank’s network to assess its health and performance and to provide an early warning of possible disruptions and system failures. Maintaining a network to operate at an acceptable level is akin to one eating right and exercising to avoid a heart attack. Let us give your network the checkup it needs to give bank management confidence that applications will be available and responsive so the business of banking can flow unimpeded.



Tech Support – Expert tech support delivered in a professional, friendly, and responsive manner. We work closely with your IT personnel to help them keep the bank running smoothly with no disruptions or downtime. Our consultants have the advantage of working in numerous banks where we see what works and what doesn’t; which vendors perform as billed and which ones fail on a regular basis; and how the complex components of a bank’s network work together to help the bank perform at a high level.



Server Virtualization Project – Applying the efficiencies and cost-savings of server virtualization on selected bank servers.



Wireless Network Design & Installation – Determining wireless network specifications, designing, and installing the bank’s wireless network and/or related components.



Outlook/Exchange Support – Consultation regarding onsite or hosted (Office 365) Outlook/Exchange configuration, administration, change management, and user support.



Desktop Support – Helping users with desktop issues ranging from operating system support to internet access.



Server Support – Technical assistance with the bank’s application servers ranging from patch management issues to general performance and troubleshooting.



Application Support – Consultation regarding user applications ranging from Microsoft Office to bank-specific solutions.



Infrastructure Support – Support and documentation of the bank’s network infrastructure designed to help bank management use the right hardware, software, and applications to maintain an efficient operation where employees are productive and customers are satisfied.



Backup Assessment – An assessment to determine what data is being backed up and what gaps exist that might endanger the Bank’s recovery capability.



Disaster Recovery Plans and Testing – We can help bank management mitigate the risk of excessive downtime as the result of a disaster event. By planning for selected events and testing the bank’s recovery capabilities, we can provide the peace of mind that bank systems can be restored quickly, meeting the bank’s recovery time objectives, recovery point objectives, and maximum allowable downtimes.



Conversion Management – Mergers and acquisitions can present challenges when attempting to combine two different bank networks. We are experienced in such conversions and can help bank management navigate this difficult process. We can work alongside your people to guide the bank to increased efficiency and high performance.



Project Management – It is easy to start technology projects but it is difficult to finish them. Many banks suffer from partially or improperly installed systems or systems that were purchased and never installed. Let us help you manage your bank’s technology projects and complete them successfully and completely with desired results.