Risk Management Services

Business Continuity/Disaster Recovery

Proper planning and understanding your business needs is essential towards the long-term success of a credit union. Our certified staff can help your credit union be ready for any issue that could arise.

Compliance

Our team can advise your credit union on the BSA requirements using the FFIEC BSA/AML examination manual as well as Office of Foreign Control and FinCEN regulatory requirements.

Enterprise Risk Management (ERM)

Credit unions are faced with a substantial amount of risk. Our staff can help you manage this risk. Whether you need us to help review your current risk monitoring system or would like us to drop by to discuss the importance of risk management with your board, we are here to help.

IT Security and Risk Mitigation Strategies

You've been entrusted with your members' sensitive information. Vizo Financial can help make sure your credit union is prepared to mitigate potential attacks to keep your members' information secure.

If you are in need of bolstering your IT security posture or have a serious risk that needs to be mitigated, contact Vizo Financial for assistance and experienced advice. Maybe you have received the results of an IT security exam or audit and have a list of findings for which you simply don't have the technical resources to handle. The team at Vizo Financial can review your results, findings, and concerns and help you develop a strategy to address your IT security risks.

Training and Education

Vizo Financial’s team of risk management experts are available to provide training and education services to your staff and/or board. This training can be conducted in-person or virtually and is customized for your credit union’s specific needs.

Training and education topics offered include:

• Bank Secrecy Act (BSA)
• Business Continuity/Tabletop Exercise

In addition, each year Vizo Financial offers two webinar sessions for BSA Compliance Basics training (per person fee required) and Tabletop Exercise (no cost to attend).

Vendor Management

Manually keeping tabs on all of your vendor requirements is a time-consuming process. Let us help you sort out what information is important and guide you towards an automated means of tracking risk ratings, contracts, expiration dates, incident reports, requests for proposals, and vendor due diligence information.

And what do you need when an enemy comes to your doorstep (or in this case, your screen)? A good defense strategy. That’s why Vizo Financial has teamed up with DefenseStorm, a financial institution cyber risk management solutions provider, to help credit unions build those strategies and enforce them through security and fraud services.

Fraud Prevention

Fraud Prevention gives your credit union the ability to proactively stop fraud related to scams, account takeover, online account opening and insider threats to better protect your bottom line, your reputation and, of course, your members. Some features of Fraud Prevention include:

• Comparative analysis of online financial risks, dark web intelligence and additional threat resources for heightened awareness.
• Integration of your BSA/AML and security initiatives to achieve a greater level of communication between departments.
• Real-time alerts when fraud risks are identified.

Risk Assessment

This solution allows credit unions to strengthen their risk management practices through risk assessments that will help credit unions identify new and emerging risks, realize changes in risk levels and make informed risk-based decisions for budgeting, resource allocation and strategic planning.

Threat Surveillance

This solution is inclusive of your entire cybersecurity framework and gathers and analyzes data from all types of sources, technology, tools and systems and identifies threats in your environment, including:

• ThreatMatch - Automatically aggregates threat intelligence feeds to find known bad actors that could be affecting your network now or in the past.
• PatternScout - Provides better detection of anomalies that may be evidence of suspicious or malicious behavior in the network that would not be detected through a rules-based system.
• Incident Similarity - An AI model that compares two incidents and associated events. Credit unions gain additional insight into security concerns across their organization and enhance their incident management.

Governance Program

This solution collects evidence systematically against industry and regulatory control frameworks and self-assessments. This ability to help a credit union simplify governance by integrating, automating and optimizing compliance is critical to any cyber risk management program.

The DefenseStorm Difference

Sure, there are other cyber risk management firms out there, but DefenseStorm solutions offer a unique set of benefits that set them apart from the rest.

• An understanding of financial institutions’ specific business models, cyber risk management needs and regulatory requirements.
• A unique, all-in-one platform that connects the entire suite of solutions and integrates cyber risk capabilities and operations into a single point of management.
• 24/7 access to the Cyber Threat Surveillance Operations (CTS Ops) team of analysts and engineers who will help co-manage your cyber risks and offer the expertise you need.
• Use of Machine Learning and artificial intelligence (AI) to better defend against threat actors and decrease time to detection.
• Exclusive discounts through the Vizo Financial/DefenseStorm partnership.

You don’t have to fight cyber risks alone with DefenseStorm’s cyber risk management solutions through Vizo Financial. Contact your corporate account manager at accountmanagers@vfccu.org to learn more today!

DefenseStorm Essentials delivers co-managed cyber threat monitoring and regulatory compliance support, designed specifically for credit unions with small teams. By combining the GRID Active platform with round-the-clock human expertise from the Cyber Threat Surveillance Operations (CTS Ops) team, this solution allows smaller institutions to gain a robust security foundation.

Eligibility Essentials

• Assets under $200 million
• Up to 50 employees
• Up to five branches

This program is ideal for smaller credit unions looking to:

• Expand their ability to prevent, identify, assess and manage cyber threats
• Consolidate data into a single “source of truth”
• Improve data gathering and reporting capabilities
• Reduce false positives and prioritize cyber events

Coverage, Visibility & Compliance Readiness Essentials

• 24/7 Expert Monitoring: The CTS Ops team continuously watches over your environment, investigates anomalies and notifies you only when action is required.
• Integrated Threat Detection: Security information and event management, threat intel and endpoint detection all work together, eliminating the need for multiple tools.
• Compliance-First Architecture and Reporting: Every alert and action is logged, mapped to regulatory controls and audit-ready. Pre-built dashboards and reports make it easy to demonstrate and export compliance.
• Co-Managed Approach: We provide the platform, the technology and the people to support your team.
• Scalable Coverage: Designed for smaller institutions but backed by the same infrastructure trusted by larger credit unions.
• Fixed Pricing and Exclusive Discounts: This solution features fixed rate pricing each month, plus an exclusive discount for Vizo Financial members.

Cybersecurity is no small part of protecting your credit union from threats and regulatory requirements…it’s essential.

To help our member credit unions, Vizo Financial has teamed up with two companies – Ncontracts and WolfPAC – to assist you with your enterprise risk management (ERM) needs. Not only does this dual-powered service offer your credit union access to a whole suite of ERM solutions, but it also gives you the freedom to find the provider that best suits your credit union.

Both Providers Offer:

• Web-based solution
• Informational and easy-to-use dashboard
• Risk assessments, trend tracking, financial impact measurements and compliance monitoring
• Real-time, on-demand reporting for board, management and regulators

The ERM Solutions:

Information management is key to any ERM solution. The Ncontracts and WolfPAC solutions through Vizo Financial offer several modules for efficient information management:

Ncontracts

Nvendor – Vendor Risk Management
Manage vendor relationships easily and effectively, while also reducing risk and costs, with a third-party risk management solution designed exclusively for financial service companies. From onboarding and risk assessments to contract management and ongoing due diligence, enjoy comprehensive, compliant oversight of the entire vendor management lifecycle.

Nrisk – Enterprise Risk Management
Ncontracts’ highly customizable ERM solution empowers your financial institution to continuously evaluate, measure and report on risk in real time. This cloud-based solution simplifies the ERM process, or it can make your existing program more efficient. Skillfully govern your risk and control environment with real-time alerts on one centralized dashboard for a 360-degree view of risk.

Ncontinuity – Business Continuity Management
Empower your financial institution with this unmatched disaster readiness and business continuity solution. Stay a step ahead of crises, ensure seamless operations and enhance your institution's resilience with our innovative business continuity solution.

Nfindings – Exam & Audit Findings Management
Findings come from everywhere across your financial institution. With this comprehensive audit findings solution, you can achieve immediate visibility for faster resolution, allowing you to confidently manage findings from internal and external compliance reviews, audits and exams.

Ncomply – Compliance Management
Ncomply is the comprehensive compliance management solution designed for financial institutions to help navigate regulatory changes, boost your team's effectiveness and consolidate all compliance tasks in one integrated platform.

WolfPAC Solutions

Business Continuity Management
This solution provides the ability to create a comprehensive recovery plan that analyzes enterprise-wide operational and integration risks. It detects gaps by evaluating which risks pose the highest threat to your company and which resources need the most attention, determining which functions need to be recovered first and developing viable recovery strategies to minimize downtime and maintain regulatory compliance.

Corrective Action Plan
This solution provides a lifecycle approach to corrective action control at your institution by tracking and managing all action items identified through audits, risk assessments and/or regulatory examinations, giving risk managers a centralized repository of all control weaknesses to ensure completeness in management responses, reporting and oversight.

Data Security and Privacy Risk Management
This solution gives you a holistic view of all business confidential data, allowing you to identify risks, implement preventive procedures, secure data and create mitigation strategies in the event of a breach. Its centralized inventory houses all confidential information, giving you a secure location to create, update or analyze your data.

Enterprise Risk Management
WolfPAC’s ERM solution centralizes risk-related data and documentation onto one platform, offering a simplified and holistic way to detect and manage risks, increase the efficiency of data review, streamline data flows, create custom controls and identify control gaps and develop control remediation plans when they’re needed most.

Financial Reporting Control Management
This robust solution gives full visibility—from a high-level overview to an in-depth perspective—on your financial controls, and the testing of those controls, on one comprehensive system—allowing you to uncover gaps and the risks of those financial accounts, centralize all your financial reporting information and maintain your control inventory.

Incident Management
Unaddressed risks and vulnerabilities can cause long-lasting damage. Using this solution, you’ll be able to efficiently coordinate all activities throughout the lifecycle of a planned or unplanned disruption and maintain stability by centralizing your threats, gaps and recovery plans, giving you an integrated crisis management plan that meets risks head-on and protects your business for the future.

IT Risk Management
The rapidly changing information technology space has brought increased risk to business environments and structures. The IT Risk Management solution gives you valuable insight into potential threats and gaps in your security plans and allows you to create and implement the necessary policies and procedures to protect your business from attacks.

Regulatory Compliance Risk Management
Relying on manual solutions to keep up with ever-changing regulatory requirements is nearly impossible. This solution enables you to identify risks, remediate gaps and track current regulatory obligations all in one convenient location.

Third-Party Risk Management
Keeping track of all of your vendor information (and the risks associated with each) can be a challenge. This solution can help your institution streamline vendor due diligence and contracting, create risk ratings, manage vendor lifecycles and improve risk-based monitoring.

Transaction Risk Management
Having all of your transactional risk data in one consolidated solution ensures the efficiency of your risk review process – saving you valuable time and resources. This solution addresses vulnerabilities, allowing you to identify gaps, prioritize threats and evaluate controls in your risk management plans.

WolfPAC Essentials
WolfPAC Essential ensures that companies of all sizes, locations or level of risk management maturity now have an easy and automated way to build a modern, scalable enterprise risk management program that protects them from the threats of today and tomorrow. The solution provides everything needed to build a sophisticated risk management program in three core areas: information technology, vendor management and business continuity planning. This solution also includes the Corrective Action Plan.

Additional WolfPAC Assessments

• NIST CSF 2.0 Readiness Assessment
• Ransomware Self Assessment
• Fedline Assurance Program Attestation Assessment
• Climate Risk Vulnerability Assessment
• Project Risk Assessment

Make sure your credit union is prepared to mitigate potential attacks. And don’t think that just because you are part of a smaller institution that you don’t have to worry about being targeted. Many criminals see smaller financial institutions as ideal targets, because they often have fewer resources devoted to preventing attacks.

Let us help you keep your members' sensitive information protected with the following products and services:

Penetration Testing

Vulnerability Scanning

Vizo Financial has partnered with KnowBe4, an industry leader in simulated social engineering testing and security awareness training, to help you get that practice through our social engineering testing services.

In this subscription-based service, you will be able to perform ethical social engineering tests to evaluate the level of security awareness among your staff. By utilizing the same tactics criminals might leverage to gain access to your credit union, the service can help you gauge your level of risk within the institution and adjust your security awareness training accordingly.

From there, you will be able to review your results from the testing through a convenient online portal, where you can also manage your credit union’s information, testing templates and more.

What do our KnowBe4 service mean for your credit union? All these things:

• Reduced risks by improving staff’s security awareness and preparedness
• Creation of custom security awareness training plans based on staff’s level of knowledge
• Control over your own social engineering tests with ready-made templates and tools
• Real-time test results and information storage in an easy-to-use online portal
• Continuous testing and support from Vizo Financial’s security experts for the length of your subscription

At Vizo Financial, we get it. We know that the security of your credit union and the ability for your employees – those on your front lines – to keep your members’ information safe is so important. Important enough, in fact, it’s worthy of performing social engineering testing, or “drills.” Let us make sure you get the practice you need to better deal with social engineering attacks and other threats!