Skip to main content
vizo twitter linkedin pinterest youtube
HOME > Risk Management

Risk Management

Vizo Financial offers ACH audit services to credit unions through our CUSO, MY CU Services. Our certified staff will take a look at your ACH information to determine compliance with NACHA Rules. In the end, you’ll receive a detailed audit report that meets the NCUA’s requirements.

Benefits of our ACH audit services include:

  • Audit can be performed at any time of the year.
  • Option for remote audit via secure portal or on-site audit.
  • Accredited staff with experience in the regulations and operations sides of ACH.
  • Convenient option for credit unions that use our ACH services.
  • Potential to help resolve audit findings.

Don't overlook business continuity as just a regulatory requirement that will never be needed. Proper planning is essential towards the long-term success of a credit union. With over ten years of experience conducting disaster recovery testing and business continuity planning in the credit union industry, our certified staff can help ensure your credit union has a strong business continuity plan in place so that you are prepared for the worst.

Services Include:

What happens if your core system goes down for an extended period of time? What about a hurricane knocking out power for a week?

Closing the credit union until these disasters are resolved is not an option. You are competing with large, national banks that have devoted hundreds of millions of dollars to make sure their services are readily available to your members whenever they need them and no matter the circumstance. You’re also competing in an age where it has become so commonplace for organizations to make sure their services are available 24/7, that your members and potential members have come to expect this level of treatment.

So how will these potential disasters affect your membership? And if you aren’t prepared and the issue causes a noticeable impact to your members, what is the short-term and long-term effect on your brand?

A business impact analysis reviews your credit union’s operations to understand how your business is affected in the event of an uncontrollable circumstance.

This is an essential first step that should be done before creating/maintaining an effective business continuity plan.

With a decade of experience performing disaster recovery services and business continuity planning and testing for credit unions, Vizo Financial can help your credit union review all components of your operations to make sure you are asking the right questions to understand what issues could result in the interruption of each of your services and the impact these issues may have on your membership.

If the only reason your credit union currently has a business continuity plan is because it is a regulatory requirement then the plan is likely not as detailed as it should be. Business continuity plans are too important to your credit union's operations and the long-term success of your credit union to overlook it as just checking off a box for your regulator.

There are so many options in the financial services industry that your credit union can’t afford to have an issue that disrupts services to your members.

Often times, credit unions don’t have the time or expertise on staff to thoroughly create their own business continuity plan. But whether your credit union has a dedicated team in place or not, it is highly recommended that credit unions with a plan have a third party review the plan to provide an unbiased review and opinion.

Our staff can be this resource. And with over ten years of experience on staff dealing with disaster recovery and business continuity planning for credit unions, you can feel comfortable that your credit union will be prepared for any issue that may arise in the future.

A solid business continuity plan should be able to quickly recover your systems to continue operations or have contingency plans in place to continue your operations off-site or remotely in the event you experience a disruption of service.

It only takes one issue that impacts your members for them to start looking for another provider down the street. Because let’s face it, the lives of your members don’t stop when your services go down – even if it’s due to circumstances beyond your control. To your member, it’s your credit union’s fault that their mortgage payment may be a week late or they can’t withdraw money from the credit union for the vacation they are leaving for that day.

So it is very important to take a business continuity plan seriously, and not look at it as just a regulatory requirement/suggestion.

Credit union professionals historically wear many hats. And many institutions don’t have the time or expertise on staff to thoroughly create their own business continuity plan. Because each credit union runs their operations a little differently, you shouldn’t have to settle for a plan that is based on a template.

That’s why Vizo Financial can create a customized business continuity plan for your credit union that makes sure all of your unique operations are taken into account.

Call trees often breakdown and should not be relied upon to notify your employees of essential information. Our employee notification system can notify employees of important information quickly by multiple means of contact, including email, home phone, and cell phone. You can even create groups of employees for specific notifications that don’t affect all staff, and track your employees’ responses.

Business Impact Analysis/Business Continuity/Disaster Recovery
Proper planning done through a business impact analysis and understanding your business needs is essential towards the long-term success of a credit union. Our certified staff can help your credit union be ready for any issue that could arise.

Our team has almost 100 years of combined experience serving credit unions. Our knowledge and experience on the topics below are available through our consulting services whether you need us to come in for a group discussion or you need a quick explanation that can be discussed over the phone.

Business Impact Analysis/Business Continuity/Disaster Recovery

Proper planning done through a business impact analysis and understanding your business needs is essential towards the long-term success of a credit union. Our certified staff can help your credit union be ready for any issue that could arise.


Our team can advise your credit union on the BSA requirements using the FFIEC BSA/AML examination manual as well as Office of Foreign Control and FinCEN regulatory requirements.

Enterprise Risk Management (ERM)

Credit unions are faced with a substantial amount of risk. Our staff can help you manage this risk. Whether you need us to help review your current risk monitoring system or would like us to drop by to discuss the importance of risk management with your board, we are here to help.

IT Security and Risk Mitigation Strategies

You've been entrusted with your members' sensitive information. Vizo Financial can help make sure your credit union is prepared to mitigate potential attacks to keep your members' information secure.

If you are in need of bolstering your IT security posture or have a serious risk that needs to be mitigated, contact Vizo Financial for assistance and experienced advice. Maybe you have received the results of an IT security exam or audit and have a list of findings for which you simply don't have the technical resources to handle. The team at Vizo Financial can review your results, findings, and concerns and help you develop a strategy to address your IT security risks.

Policy and Procedure Assistance

Making sure your credit union has the proper policies and procedures in place is an essential component to your operations. Vizo Financial is available to review your current policies and procedures to make sure your credit union is covering all of its bases, or we can relieve you of this burden and create the documentation for you.

Project Management

Project management is the application of knowledge, skills, and techniques used to execute projects effectively and efficiently. It’s a strategic competency for organizations, enabling them to tie project results to business goals.

With direct experience in the credit union industry, our project management service is a value driver that helps your organization maximize its performance while reducing the risk of potential rework.

Vendor Management

Manually keeping tabs on all of your vendor requirements is a time-consuming process. Let us help you sort out what information is important and guide you towards an automated means of tracking risk ratings, contracts, expiration dates, incident reports, requests for proposals, and vendor due diligence information.

As a financial institution, credit unions are faced with a substantial amount of risk compared to the average business, which makes managing risk an essential component of a credit union's operations. Vizo Financial offers several products/services that can help your credit union with this process. And with unlimited customer support, we are always here to help.

  • Enterprise Risk Monitoring
    Our easy-to-use, web-based solution allows your credit union to monitor risk through email alerts, notifications, and interactive dashboards. Included with the software, your credit union will have the ability to conduct risk assessments, track trending over time, measure financial impacts, and monitor financial ratios and compliance requirements.

    The software will automate your existing process by gathering the risk, notifying your personnel before the risk adversely affects your operations, and providing feedback to management. This system will allow your management team to make better informed decisions regarding the institution's risk posture.
  • Vendor Management
    Our vendor management product will allow you to track all of your vendor requirements, including risk ratings, contracts, expiration dates, incident reports, requests for proposals, and vendor due diligence requirements in a centralized online database that is accessible across your organization.This automated process will help you comply with regulatory requirements, track vendor performance, and keep all of your vendor data in a centralized location, while also monitoring vendor risk by criticality.
  • Findings Manager
    Stay organized by keeping all of your risk, audit, and regulatory findings in one place with our findings manager. This easy to use software assigns responsibilities for each finding and creates corrective actions to be completed.

    Our findings manager offers automated reminders to help your team stay on task and meet your deadlines. It also provides full reporting capabilities.

It's true that credit unions need to provide their members with a wide range of products and services to meet their financial needs. But in today's world, that's not enough. Credit unions also need to be able to protect their members from threats of fraud and identity theft.

Vizo Financial has joined forces with CyberScout (formerly IDT911), to offer your credit union Identity Theft Services, a complete suite of identity protection services that will reduce your members' data risks and boost your credit union's reputation for security.

Our proactive program provides continuous fraud education and access to resources to help resolve harmful and time-consuming identity theft incidents and data breaches.

Choose to offer your members one or all of our Identity Theft Services:


  • Educational resources for learning how to minimize risks
  • Full identity theft recovery assistance
  • Proactive risk reduction and resolution for all types of identity theft
  • Document and identification replacement
  • Protection for members' immediate family
  • Unlimited 24/7 access to dedicated fraud specialists


  • Credit and non-credit fraud monitoring
  • Potential fraud detection alerts
  • Easy-to-use web portal to access reports


  • Protection for businesses/business owners
  • Breach management hotline
  • Identity management for employees
  • Access to elective breach resolution services (notification letters, call-handling for breach victims, investigative services)

Not only are information security risk assessments (ISRA) a regulatory requirement under National Credit Union Administration rules and regulations part 748, but they also provide you with the tools you need to make proper decisions for implementing controls to protect your members' sensitive information.

Many credit unions do not have the technical resources on hand to be able to conduct an effective ISRA. Using an outside source, like Vizo Financial, gives you an unbiased view of the risks that may affect your members' data, and will guide you towards implementing effective mitigations to protect the confidentiality, integrity, and availability of that data.

If you are shopping around for ISRA assistance, you may come across providers that give you a canned questionnaire to answer on your own without any guidance. After you answer the questions, you may be able to generate a report that shows your credit union completed an ISRA. But if you are like many credit unions, your employees wear multiple hats and don't have a dedicated staff member with the experience and background to know if you did an effective job answering the questions properly.

Our program is designed to take a minimum amount of your time and provide you with an honest assessment of risks and recommended mitigations, while taking into consideration your asset size and potential limits to your financial resources for applying mitigations and controls. Knowing that your credit union has utilized a thorough ISRA will allow your credit union to be confident in the security of your members' sensitive information.

Credit unions are entrusted with their members’ sensitive information. Criminals recognize this, which is why financial institutions are often the targets of criminal cyber-attacks and social engineering attacks designed to compromise your member's sensitive information.

Make sure your credit union is prepared to mitigate potential attacks. And don’t think that just because you are part of a smaller institution that you don’t have to worry about being targeted. Many criminals see smaller financial institutions as ideal targets, because they often have fewer resources devoted to preventing attacks.

Let us help you keep your members' sensitive information protected with the following products and services:

Let's say you find out you've had a data breach. What do you do?

If you haven't developed a plan for how your credit union will deal with incidents, now is the time to act. A data breach is a serious and costly issue that could lead to fines and other expenses related to member notification, credit card replacement, lawsuits, etc

But data breaches aren't the only type of incident your plan should worry about. What if you have a broken water pipe that is leaking into your computer room? Or you lose internet connectivity or phone service for an extended period of time?

The experienced staff at Vizo Financial can walk you through the scenarios, questions, planning, and documentation needed to develop an incident response plan specific to your credit union so you are prepared in the event you experience an issue, while also keeping you in compliance with industry regulations related to incident response.

At Vizo Financial, we are familiar with issues that credit unions are facing. We know your resources and finances are limited, and that your time is valuable. That's why we've developed a reasonably priced product that can be tailored specifically for your credit union.

Trying to resolve an incident is not the time to "wing it." Let us help you develop a proper plan to make sure your credit union is ready for potential incidents.

“Phishing” attacks are becoming more prevalent and more sophisticated every day and pose a serious threat to financial institutions and individuals on several levels. A phishing attack is an attempt, usually via email, to trick an individual into divulging personal information; particularly details about your financial institution.

The most typical and obvious aim is to enable the attacker to steal from the individual’s account. Some attacks attempt to convince the targeted individual to participate in an investment scam purportedly “endorsed” by your institution. All phishing attacks involve illegal activities that infringe on your trademarks and service marks, and are potentially injurious to the reputation of your institution.

Our anti-phishing takedown service offers a specialized process aimed at alerting your credit union when a "phisher" appears to be preparing an attack against your members. It also puts operational phishing sites out of business fast.

This service provides your institution with regulatory compliance on the following guidelines:

  • GLBA - Section III.C.1.
  • NCUA - IS&T Questionnaire IT-Authentication, Section J, NCUA Letter to Credit Unions 05-CU-20.

How effective is the technical design of your credit union’s network?

Our network security architecture review can provide an independent assessment on the overall effectiveness of the design to determine the types of attacks your credit union may be prone to

After working with your credit union to understand the state of your network security architecture and any changes you have planned for the future, our team will evaluate the designs against industry best practices to determine how effectively you are meeting your security needs and establish the weaknesses in your system.

Our network security architecture review provides your institution with regulatory compliance on the following guidelines:

  • GLBA - Section III.C.3
  • NCUA – IS&T Questionnaire IT-Networks Section C, 16.

Know exactly how your systems' vulnerabilities could impact your credit union with our penetration testing.

A more in-depth version of a vulnerability scan, our penetration test allows you to see the consequences of a skilled attacker exploiting your systems weaknesses as we simulate an attacker by making controlled attempts to exploit vulnerabilities on target systems.

Our penetration test results provide deeper insight into the actual business risks of vulnerabilities that are present on your system and show how an attacker can exploit the vulnerabilities on your network and use the compromised machine to gain access to sensitive member information.

This test helps to clearly identify the actual risk the vulnerabilities on your network pose to your overall infrastructure.

Penetration testing provides your institution with regulatory compliance on the following guidelines:

  • GLBA – Section III.C.3 12 CFR Part 364 Appendix B.
  • NCUA – IS&T Questionnaire IT-IDS/IPS, Section E, 34 and 35; IT – Penetration Test Review, Section A, B, C,6-7, and 8c; IT – Servers, Section C, 19-21.t

People are the weakest link in the day-to-day management of an organization's network security. Our social engineering testing examines the security awareness and best practices of your employees and suppliers.

One of the main reasons credit unions are successful is their staff's willingness to provide top-level member service. Not only do you train your staff to be courteous to members and try to assist them with their needs, you generally hire people that possess these helpful traits by nature.

Criminals recognize this and prey on your staff's willingness to "help."

Depending on your needs, we can offer social engineering testing either remotely or on-site providing an accurate representation of your employees' security awareness.

Types of Testing

Off-site testing includes a wide range of attacks using email and phone calls designed to compromise company policy and access confidential information.

On-site testing includes attempts at gaining physical access to the premises, obtaining records, files, equipment, sensitive information, network access and more. Even though each engagement has unique characteristics, the testing is always conducted in a strictly professional manner.

Social engineering testing provides your institution with regulatory compliance on the following guidelines:

  • GLBA – Section III.C.3
  • NCUA – IS&T Questionnaire IT – Penetration Test Review, Section 6G

Attackers are always looking for ways into a financial institution’s systems to gain access to the sensitive information that they possess. Being a small credit union doesn’t exclude you from the potential of an attack. In fact, many criminals actually target small financial institutions specifically; knowing they are less likely to devote the necessary resources to prevent attackers.

A vulnerability scan is an automated process that scans the computers, servers, printers, and other devices connected to your institution’s network.

Our scanning service scans your systems and looks for known security gaps and holes in your network. The system will then generate a report prioritizing the remediation efforts based on the severity of each threat and the relative risk that your credit union assigns to each of your assets.

Vulnerability scanning provides your institution with regulatory compliance to the following guidelines:

  • GLBA – Section III.C.3 12 CFR Part 364 Appendix B
  • NCUA – IS&T Questionnaire IT-IDS/IPS, Section E, 34 and 35; IT – Penetration Test Review, Section A, B, C, 6-7, and 8c; IT – Servers, Section C, 19-21

Attacks against vulnerabilities in web-based application software continue to be an increasing trend. Application software that does not properly validate user inputs, or fails to sanitize user inputs by filtering out unneeded, malicious characters, could be vulnerable to a remote attack.

Attackers can inject specific exploits, including SQL injection attacks, buffer overflows, cross-site scripting, and click-jacking of code to gain control over vulnerable machines. This can lead to a compromise of your internal network with your public web applications providing an open door directly from the internet to your sensitive member data.

Performing regular web application testing and following up with the removal or mitigation of the vulnerabilities bolsters your layered network security strategy and provides an excellent control against a potential network data breach.

Our team tests your web applications for potential vulnerabilities, helping to ensure the security of your most critical business interfaces.

Web application testing is designed to meet all regulatory requirements, and fully evaluates the security of your applications, whether they have been deployed or are in the development stage.

Contact us today to make sure your web application is not an open door for criminals to access your members' sensitive data.

Wireless internet access is becoming commonplace in most businesses. And credit unions are no different. Whether you offer Wi-Fi access to your members while they are in the branch or only have it available for staff to test systems from outside of your main network, many credit unions now have a wireless system in place at their institution.

This poses separate security issues than just your main network itself.

A wireless security audit analyzes your wireless security configuration, wireless infrastructure, and attacks against your wireless network to establish how well your wireless network is protected from an attack.

Our comprehensive wireless security audit assesses your wireless networks, devices, and countermeasures to ensure you are protecting your organization from potential intruders.

Through our team’s experience and knowledge, we can also demonstrate the impact a successful wireless network intrusion can have on your credit union.

Our team has almost 100 years of combined experience serving credit unions. Our knowledge and experience on the topics below are available through our consulting services whether you need us to come in for a group discussion or you need a quick explanation that can be discussed over the phone.

Bank Secrecy Act (BSA)

As defined by the FFEIC, employee training is an integral part of any compliance program. Our BSA/AML training will educate your staff on the importance of the regulations and requirements of the Bank Secrecy Act. We offer a variety of options for your credit union to meet the annual training requirements for your board and staff.

Business Continuity

Planning, knowing your plan, and exercising your plan are essential steps towards the long-term success of your credit union. Our certified staff can help your credit union be prepared for any issue that could arise.

Enterprise Risk Management (ERM)

Managing risk is an essential component of your credit union’s operations. Our team can help your staff understand the risk credit unions are faced with, as well as how to manage that risk.

Security Awareness

Our training teaches your employees the guidelines of appropriate system use and password construction to provide them with an appreciation of the need for physical and IT-based security measures. This comprehensive training session typically requires less than an hour of an employee’s time to complete and also addresses social engineering tactics that may be putting your business at risk.

We also have programs available for your members, which are designed to raise your members’ awareness of phishing attacks, trojans, key-stroke loggers, viruses, etc. Phishing attacks have become a particularly effective weapon, resulting in substantial losses from fraud, lost business, and damaged reputations.

Holding security awareness training sessions for your members not only decreases the risk your members may cause to your systems, but is also a great way to increase your contributions to the community.

There’s a reason why we practice fire and bad weather drills. It’s so that when life hands us an unexpected situation, we’re able to handle it because we already know the risks. The same can be said of your credit union’s security – the more practice and emphasis you put into security awareness, the better you’ll be able to deal with social engineering threats like phishing, vishing and cyberattacks.

Vizo Financial has partnered with KnowBe4, an industry leader in simulated social engineering testing and security awareness training, to help you get that practice through our social engineering testing services.

In this subscription-based service, you will be able to perform ethical social engineering tests to evaluate the level of security awareness among your staff. By utilizing the same tactics criminals might leverage to gain access to your credit union, the service can help you gauge your level of risk within the institution and adjust your security awareness training accordingly.

From there, you will be able to review your results from the testing through a convenient online portal, where you can also manage your credit union’s information, testing templates and more.

What do our social engineering testing services mean for your credit union? All these things:

  • Reduced risks by improving staff’s security awareness and preparedness
  • Creation of custom security awareness training plans based on staff’s level of knowledge
  • Control over your own social engineering tests with ready-made templates and tools
  • Real-time test results and information storage in an easy-to-use online portal
  • Continuous testing and support from Vizo Financial’s security experts for the length of your subscription

At Vizo Financial, we get it. We know that the security of your credit union and the ability for your employees – those on your front lines – to keep your members’ information safe is so important. Important enough, in fact, it’s worthy of performing social engineering testing, or “drills.” Let us make sure you get the practice you need to better deal with social engineering attacks and other threats!