Jack Henry & Associates is four months into an enforcementorder from federal regulators regarding its disaster recovery andbusiness continuity planning processes.
|The Monett, Mo.-based company entered into a formal agreementwith the OCC, FDIC and the Federal Reserve to resolve issues aroundthe recovery of operations at a bank item processing facility inLyndhurst, N.J., that was damaged by Hurricane Sandy in October 2012.
|The storm caused $13.7 million in expenses at the New Jerseysite, JHA said in a financial performance report last February. Thecompany's top executive said Tuesday that all issues are beingaddressed and resolved.
|Also ofInterest:
HurricaneSandy Flooding Hits Jack Henry Bottom Line
CreditUnions Favor Big Core Processors
OnlineApp Stores Thriving for Symitar, Fiserv Developers
The provider of core processing and other technology services tothousands of credit unions and banks signed a formal agreement onNov. 13, 2013, that outlined a series of reporting requirementsinvolving its own board and three regulators: the OCC, FDIC and theFederal Reserve. The OCC is listed as the agency in charge of theagreement.
|“The regulators have identified unsafe and unsound practicesrelating to the technology service provider's disaster recovery andbusiness continuity planning and processes,” the agreement said. Itsaid deficiencies were noted in a December 2012 supervisory letterand a February 2013 examination report. The company must resolvethose and meet FFIEC requirements for business continuityplanning.
|Jack Henry is best known in the credit union industry for itsSymitar core processing platforms and ProfitStars solutions thatinclude financial performance, retail delivery, image processing,information security and risk management and other software.
|Its CEO, Jack Prim, said credit unions were not involved.
|“The precipitating event had to do with a bank image itemprocessing facility and an improperly executed recovery process.That event did not impact any credit unions. The review and changesthat we have made since the event (and prior to the issuance of theformal agreement) will assure that all JHA processing plans havebeen thoroughly reviewed and tested,” Prim told CU Timeson Tuesday.
|Specifics were not provided in the order and the agencies saidthat earlier letter and report were not public information.
|The published agreement did outline what should be included inthe required DR/BCP process, including an assessment andprioritization of all business functions, systems and resourcerequirements and detailed risk assessments.
|Prim said a number of changes have been made to reportingprocesses and to the technologies in place at its image itemprocessing facilities, as well as to many of its data backup andreplication processes.
|“We installed new senior management to oversee all of our itemand data processing operations, for banks and credit unions. Wehave revisited all processing plans throughout the company andimplemented more extensive testing processes for all plans, notjust those impacted by Hurricane Sandy,” Prim said.
|“We brought in an independent third party with expertise inDR/BCP planning to review these plans and processes. We have addedto our DR/BCP planning staff and to our compliance staff to assurethat plans are tested and documented properly. The compliance andDR/BCP staffs now report to me as CEO and chairman of the board,”he said. The reports were to be submitted to the director of bankinformation technology at the OCC.
|A spokeswoman for the OCC said she could not comment on theagreement. An FDIC spokesman said his agency also could not commenton compliance with orders.
|“The FDIC has issued enforcement actions against third-partyservice providers in the past,” added David Barr, assistantdirector of the FDIC's Office of Public Affairs. “We do not trackthem separately, however.”
|This is at least the second time in the past couple years thatbank regulators have focused on a major technology provider in thecredit union space. A security breach first reported at paymentsprocessor FIS in 2011 drew regulator and industry attention whenthe NCUA advised credit unions to evaluate their relationship withthat vendor after the FDIC issued the big processor a supervisoryletter about its security practices.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
- Exclusive discounts on ALM and CU Times events.
- Access to other award-winning ALM websites including Law.com and GlobeSt.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
