A low-tech armed robbery prompted a Houston credit union to deploy some high-tech policy monitoring to help prevent future such occurrences while keeping within the limits of the law itself.
First Service CU responded to the June 2009 holdup by deploying an automated compliance package designed to guarantee that controls such as alarm testing and inventory of bait money are in place at each of the credit union's 10 locations around Harris County.
"Together with our senior vice president of IT, I worked on a credit union-wide assessment of our security and compliance policies, which showed a definite need for FSCU to automate procedures, organize our control policies and create consistency among all branches," said Sid Zahn, vice president of compliance and internal audit at the Texas credit union.
The solution they chose is being delivered as software-as-a-service from Continuity Control in New Haven, Conn., and is one of 37 choices in the "control apps" list in the company's store at its website at www.continuity.net, covering categories such as accounting and finance, human resources, lending, operations, human resources and information technology as well as compliance.
The apps are regularly updated as compliance rules change and input comes in from the company's customers and partners, and Zahn said he simply inputs e-mail addresses of branch managers and other key employees to distribute and track compliance tasks without requiring the help of IT staff.
"Now everyone is on track, on the same page and moving forward. The system makes it easy for everyone to work as a team," Zahn said.
Teamwork takes place back at company headquarters, too, said Andy Greenawalt, the former CEO and founder of ePerimeter Security who led the creation of Continuity Control in 2008.
He said a dozen different partners are now building the applications for the Control Apps platform. "We're really creating a marketplace for these control packs, if you will, that all look and work the same," Greenawalt said. "There's no learning curve. If you can use one, you can use them all."
The applications are delivered for a fixed subscriptio
n price, some starting as low as $99 a month, the company said. They eliminate the uncertainty of consultants or training solutions, the company said, although it also offers the personal help of its "compliance directors."
Consultants also played a role in creating the apps, including Troy Evans, the bank robber turned branch security expert and motivational speaker who helped with the physical security application.
"We go to the best experts possible and let them define what needs to be in those policies and procedures," Greenawalt said. Continuity Control also maintains a compliance operations center in charge of updates, he said.
"As guidance comes down from NCUA and other parties and we learn of things through the examination process, we update our apps continuously," Greenawalt said. "Just one example is on the banking side of things, where we saw guidance last Wednesday at 9 a.m. on the handling of hard drives within copiers and fax machines. We issued our update by noon."
Continuity Control is focusing on credit unions and community banks, institutions engaged in the fight against fraud but "which don't have the wherewithal typically to keep up with all the different things they have to do now," Greenawalt said.
He pointed to Bank of America as an example of scale. "Here's a bank with $2.3 trillion in assets. A new requirement from FFIEC might cost them, let's say, $10,000. That's nothing to them. But to a $10 million credit union, that's a massive impact."
Mickey Goldwasser, who was at the time senior vice president of marketing, added, "We hear over and over again, just tell me what I need to do and help me through it. That's exactly what we're doing with these apps. And we guarantee that the responsibility for keeping up with each of these changes is borne by us. We attack the problems of compliance with technology."