COLUMBIA, S.C. – Crumbled infrastructure and biological warfare, disrupted travel plans and a reeling economy – the aftershocks of the Sept. 11 terror attacks reverberated quickly across the credit union data processing community, like everywhere else. A year later, in a development less dramatic but perhaps more systemic, many processors now say their clients are paying closer attention to the now not-so-routine paperwork of the profession – things like SAS70 audits of the processes and policies at companies the nation's credit unions rely on to crunch their crucial numbers around the clock. "Those reports have been of much greater interest to our client base since 9/11," says Greg Smith, vice president at Enhanced Software Products (www.esp-svision.com) in Spokane, Wash., which provides core processing services to about 60 credit unions ranging up to $700 million in assets. Their concern, of course, is how to keep operating if the unimaginable happens. And what that could be has expanded greatly in the past year. That list includes, inconceivably until that day, a direct hit by a hijacked airliner. XCEL Federal Credit Union, located in the Twin Towers, found that out, and so did its core processor, XP Systems. From its base 3,000 miles away in suburban Los Angeles, the veteran core processor (www.xpsystems.com) for about 300 credit unions nationwide was called on to help its client continue serving its panic- and grief-stricken members. Because its main system was located in nearby New Jersey, the credit union's transaction operations were basically unaffected and XP Systems was able to continue with an ongoing installation of a shared branch network, a process that despite the aftermath of the attacks was completed within a couple weeks. And while the industry's mettle and software has been sorely tested in the past year, the biggest change has perhaps been in priorities and pace, some say. Changing Priorities? "The disaster has not significantly altered product development underway," says John Edwards, senior vice president of product development at XP Systems. "We do see a shift in the priority credit unions have when they come to us for a new system," he says. "For instance, the ability to maintain fail-safe systems through data redundancy has moved higher on the list. "This and other disaster-recovery services has always been key in our industry. New capabilities we are bringing to market are as much due to new technology as to 9/11." John Schooler shares that observation, but the senior vice president and CTO at USERS Inc. (www.users.com) says there were still some lessons suddenly learned that day and in the days after; for instance, how to help a USERS client whose headquarters had to be temporarily abandoned because of an anthrax scare. "Events of this nature have caused USERS, our clients and the entire credit union industry to rethink the concept of business recovery and the notion of what constitutes a `disaster,' " says Schooler, whose firm serves 330 clients from its base in Valley Forge, Pa. " Traditionally, the term has implied events like fires, floods, earthquakes and hurricanes. Now, we all recognize the presence of very different threats that have the potential to render a credit union's systems, sites or personnel unavailable," Schooler says. "We also recognize the very real possibility of a disaster affecting many credit unions at the same time and not necessarily in the same geographic area," he says. Smith at ESP sees the industry responding in a variety of ways – such as his company securing arrangements with equipment suppliers "to be deliverable to us ahead of the general market" and renewed client interest in service bureau as opposed to in-house deployment. He also sees the credit union industry displaying a renewed unity that reflects a changed business culture nationally. "There seems to be a greater sense among credit unions that they're a global community. We see a larger number of discussion among credit unions how they could assist each other in case of a major disaster," Smith says. "These alliances are becoming part of many credit unions' disaster-recovery plans," he says. Schooler, meanwhile, sees credit unions also getting back to the basics as they face a flood of new share deposits fleeing the stock market and generally coming under increasing pressure to bolster the bottom line. "In this environment, it's not surprising to find credit unions moving away from `gee-whiz' technologies that once dominated the headlines, resulting in a precipitous drop in the demand for bleeding-edge technologies like account aggregation and wireless banking," says Schooler. "Instead, credit unions are focusing on tried-and-true technologies that can help them build loan business, improve efficiencies and generate income," Schooler says. Here's how some other noted industry players responded when Credit Union Times asked them how the events of 9/11 had changed things at their shop: AFTECH: We need you . and your technology "The old standard of just arranging for a hot site just doesn't cut it when so much goes so wrong on such a large scale," says Joe Antellocy, president of AFTECH. "Clients need our expertise even more than they need a stand-in facility. This became evident within hours of the Sept. 11 attacks." But the backup capabilities – and their electronic ties to such things as ATM networks, the Internet and the Fed – remain crucial. Like fellow Fiserv company USERS (which added a new hot site in Washington state), 86-client AFTECH (www.aftech.com) bolstered its backup capabilities when it moved into new Malvern, Pa., headquarters this summer. "AFTECH now has two neighboring facilities, linked by RF communications. They're first class in every respect . security, technology, efficiency, etc.," Antellocy says. "In short, we now protect our site as if it were a data center, even though in normal times, we do not process any client data." CCC: No need to train by plane A diminished reliance on air travel, for reasons of security and cost, has hastened the adoption of online sales, service and training for the mostly smaller credit unions that rely on Computer Consultants Corp. (www.cccorp.com) for core processing. At least 134 of the Salt Lake City's company's more than 625 clients plan to migrate to CCC's new Internet-based Mercury system next year, says CCC President Hugh Butler, continuing a growing move toward electronic delivery of services (and training for the CU staffers). While "the calamity of 9/11 passed over our clients in New York City and elsewhere, thankfully," Butler says, "the new paradigm – leveraging modern communications and information technology methods to make training easier and more effective – may have received a little push from 9/11, when air travel became a very different proposition." CUSA Technologies: A matter of security "When an event of such magnitude occurs, vulnerability will play a role," says Dennis Connick, president of CUSA Technologies (www.cusa.com), which serves more than 900 credit unions from its base in Salt Lake City. "We saw a greater interest in disaster recovery services, and our clients wanted to ensure that the security protecting their systems was strong," Connick says, adding that CUSA already was in the process of strengthening data security, especially in the online arena, when the terrorist attacks occurred. Third-party security tests and other measures "have made our handling of client concerns more effective," Connick says, adding: "Beyond the initial need for validation, our client relations remain strong, just as they were previous to 9/11." EDS: Macroeconomics and microprocesses Industry giant EDS (www.eds.com) sees the effects of the terrorist attacks in the big picture and in the crucial, small details. "There is a renewed focus on business and recovery capabilities and redundancies for all their services (teller, ARU, Internet) and on security measures, including internal processes," says Scott Butler, president of the Texas firm's 1,000-plus client credit union division. "It obviously has impacted the economy tremendously," Butler adds. "Businesses are not investing as much in IT, which certainly has affected EDS. "Fortunately, EDS is a very strong company, can withstand the current economic conditions, and is starting to see things turn around." EPL: Open systems shouldn't open doors EPL Inc., which serves more than 150 credit unions from its offices in Birmingham, Ala., says it has shifted its focus from security planning to security management. Ensuring business functionality and data security as they adopt new technology becomes even more crucial as core systems become more open, says Michael Stoeckert, CIO/CTO for EPL (www.eplinc.com). "As open systems get more prevalent, credit unions will take advantage of Web services and other forms of third-party integration. These solutions add a lot of value, but provide gaps in security if not implemented according to an enterprise security strategy," Stoeckert says. HFS: A boom in disaster recovery business A keen interest in testing and the need for alternative storage for backup tapes has led to an investment in greater capacity and more robust technology at Harland Financial Solution's Disaster Recovery Center, and an increase in their use, says the parent company of ULTRADATA, which has more than 430 credit union clients. "We also have seen a significant increase in testing by our customers over the past year and are currently booked solid at our DRC through the end of 2002 into 2003 for testing slots," says Stephanie Shah, director of marketing and product management. "We've been busier this year than I can ever remember, and I've been with ULTRADATA for 14 years," adds Jerry Greer, who manages the disaster recovery center in Carrollton, Texas, for HFS (www.harlandfinancialsolutions.com). Liberty FiTECH: Getting there, getting it done Travel plans, and business continuation plans, have been in transition for the past year for clients of Atlanta-based Liberty FiTECH Systems (www.libertysite.com), the company says. "As a result of the tragic events of 9/11, credit unions are much more concerned about business continuation plans and disaster recovery services," says Mark Roberson, senior vice president. "Credit unions are also evaluating their travel plans differently, considering not only the cost, but how comfortable employees feel about flying. Therefore, we are addressing ways to deliver more services remotely via network support and use of the Internet," says Roberson, whose company provides core processing for nearly 200 credit unions. Share One: Data-vaulting for flexibility "After 9/11, we undertook a thorough review of our company's disaster recovery plan as well as the plans of our clients," says Daryl Tanner, president of Memphis-based Share One (www.newsolutions 4u.com), provider of core processing solutions for 30 credit unions. As a result, "we have developed a `data-vaulting' service for our clients' security. It consists of hardware and software components that provide an automated and secure database transfer system to move data backups to remote locations on a daily basis," Tanner says. A new backup processing center with VPN connectivity is also in the works, Tanner says, and, big picture, he adds: "Looking at the recent experiences of New York's Municipal Credit Union, it is important to ascertain that the credit union's business resumption plan is robust yet flexible enough to enable reasonably intelligent people to cope with any reasonably conceivable circumstance." Summit: Strength in redundancy "Since 9/11, there has been an increased desire from our customer base for true, redundant 24/7 processing," says Kevin Sparks, president of 300-client Summit Information Systems (www.summitsite.com) in Corvallis, Ore. "As a result, fail-proof systems are much more in demand, with a greater emphasis on data integrity and disaster recovery strategies," says Sparks, whose company has responded with new disk array systems that assure real-time, around-the-clock protection. Maintaining communications with customers also is a priority, and Webinars and other online strategies are expected to grow in use as airline travel becomes more costly and less predictable, Sparks says. Symitar: A thoughtful bottom line What has changed since 9/11, for everyone, "is that people are much more thoughtful in their actions than they used to be. There's a lot less carelessness and lot more attention to detail," says Bruce Cormode, president and CEO of 350- client Symitar Systems (www.symitar.com) in San Diego. "I believe 9/11 was a wake-up call for all Americans to watch what's going on around them and to make the most prudent decisions in all situations. It's also my observation that people are taking a lot more pride in what they do," he says. One area of prudence Cormode sees among his client base is "a much greater interest in Centurion Disaster Recovery, one of our Jack Henry and Associates sister companies." Cormode concludes: "In the long run, that's a good thing for our clients, because now they'll be ready for the next disaster that comes along. "And like or not, there will be other disasters." -

[email protected]