Skip to main content

Risk Management Solutions

No doubt about it…finance is a risky business. Good news though – your credit union doesn’t have to face the risks alone. Vizo Financial is home to many risk management services, from business continuity to an array of information security solutions. And not only do we have risk management services to offer, but we also have an entire team of experienced experts who specialize in multiple areas of risk and compliance. How’s that for a risk management power punch?

ACH Audits

Vizo Financial offers ACH audit services to credit unions through our CUSO, MY CU Services. Our certified staff will take a look at your ACH information to determine compliance with NACHA Rules. In the end, you’ll receive a detailed audit report that meets the NCUA’s requirements.

Benefits of our ACH audit services include:

  • Audit can be performed at any time of the year.
  • Option for remote audit via secure portal or on-site audit.
  • Accredited staff with experience in the regulations and operations sides of ACH.
  • Convenient option for credit unions that use our ACH services.
  • Potential to help resolve audit findings.

Business Continuity Services

Don't overlook business continuity as just a regulatory requirement that will never be needed. Proper planning is essential towards the long-term success of a credit union. With over ten years of experience conducting disaster recovery testing and business continuity planning in the credit union industry, our certified staff can help ensure your credit union has a strong business continuity plan in place so that you are prepared for the worst.

Business continuity services offered include:

If the only reason your credit union currently has a business continuity plan is because it is a regulatory requirement then the plan is likely not as detailed as it should be. Business continuity plans are too important to your credit union's operations and the long-term success of your credit union to overlook it as just checking off a box for your regulator.

There are so many options in the financial services industry that your credit union can’t afford to have an issue that disrupts services to your members.

Often times, credit unions don’t have the time or expertise on staff to thoroughly create their own business continuity plan. But whether your credit union has a dedicated team in place or not, it is highly recommended that credit unions with a plan have a third party review the plan to provide an unbiased review and opinion.

Our staff can be this resource. And with over ten years of experience on staff dealing with disaster recovery and business continuity planning for credit unions, you can feel comfortable that your credit union will be prepared for any issue that may arise in the future.

A solid business continuity plan should be able to quickly recover your systems to continue operations or have contingency plans in place to continue your operations off-site or remotely in the event you experience a disruption of service.

It only takes one issue that impacts your members for them to start looking for another provider down the street. Because let’s face it, the lives of your members don’t stop when your services go down – even if it’s due to circumstances beyond your control. To your member, it’s your credit union’s fault that their mortgage payment may be a week late or they can’t withdraw money from the credit union for the vacation they are leaving for that day.

So it is very important to take a business continuity plan seriously, and not look at it as just a regulatory requirement/suggestion.

Credit union professionals historically wear many hats. And many institutions don’t have the time or expertise on staff to thoroughly create their own business continuity plan. Because each credit union runs their operations a little differently, you shouldn’t have to settle for a plan that is based on a template.

That’s why Vizo Financial can create a customized business continuity plan for your credit union that makes sure all of your unique operations are taken into account.

Call trees often breakdown and should not be relied upon to notify your employees of essential information. Our employee notification system can notify employees of important information quickly by multiple means of contact, including email, home phone, and cell phone. You can even create groups of employees for specific notifications that don’t affect all staff, and track your employees’ responses.

Consulting Services

Our team has almost 100 years of combined experience serving credit unions. Our knowledge and experience on the topics below are available through our consulting services whether you need us to come in for a group discussion or you need a quick explanation that can be discussed over the phone.

Business Continuity/Disaster Recovery

Proper planning and understanding your business needs is essential towards the long-term success of a credit union. Our certified staff can help your credit union be ready for any issue that could arise.


Our team can advise your credit union on the BSA requirements using the FFIEC BSA/AML examination manual as well as Office of Foreign Control and FinCEN regulatory requirements.

Enterprise Risk Management (ERM)

Credit unions are faced with a substantial amount of risk. Our staff can help you manage this risk. Whether you need us to help review your current risk monitoring system or would like us to drop by to discuss the importance of risk management with your board, we are here to help.

IT Security and Risk Mitigation Strategies

You've been entrusted with your members' sensitive information. Vizo Financial can help make sure your credit union is prepared to mitigate potential attacks to keep your members' information secure.

If you are in need of bolstering your IT security posture or have a serious risk that needs to be mitigated, contact Vizo Financial for assistance and experienced advice. Maybe you have received the results of an IT security exam or audit and have a list of findings for which you simply don't have the technical resources to handle. The team at Vizo Financial can review your results, findings, and concerns and help you develop a strategy to address your IT security risks.

Policy and Procedure Assistance

Making sure your credit union has the proper policies and procedures in place is an essential component to your operations. Vizo Financial is available to review your current policies and procedures to make sure your credit union is covering all of its bases, or we can relieve you of this burden and create the documentation for you.

Project Management

Project management is the application of knowledge, skills, and techniques used to execute projects effectively and efficiently. It’s a strategic competency for organizations, enabling them to tie project results to business goals.

With direct experience in the credit union industry, our project management service is a value driver that helps your organization maximize its performance while reducing the risk of potential rework.

Vendor Management

Manually keeping tabs on all of your vendor requirements is a time-consuming process. Let us help you sort out what information is important and guide you towards an automated means of tracking risk ratings, contracts, expiration dates, incident reports, requests for proposals, and vendor due diligence information.

Enterprise Risk Management

As financial institutions, credit unions are faced with a substantial amount of risk compared to the average business, which makes managing risk an essential component of a credit union's operations. Vizo Financial offers several products/services that can help your credit union with this process. And with unlimited customer support, we are always here to help.

Vizo Financial has teamed up with Ncontracts to assist you in your enterprise risk management (ERM) needs. Our service can offer your credit union access to a whole suite of ERM solutions. Even better? Our team of experts will help you find the provider and solution that is the best fit for your credit union and get you a cost benefit on your ERM services! How’s that for a win-win?

Our ERM Solutions Offer:

  • Web-based solution
  • Informational & easy-to-use dashboard
  • Vendor and contract monitoring
  • Central database for vendor management
  • Real-time, on-demand reporting for board, management & regulators
  • Risk assessments, trend tracking, financial impact measurements & compliance monitoring

Information management is key to any ERM solution. Ncontracts solution through Vizo Financial offers a combination of the following modules for efficient information management:

  • Business Continuity
  • Data Security & Privacy Risk
  • Cybersecurity Risk
  • Enterprise Risk Management
  • Findings/Remediation Management
  • Information Technology Risk
  • Transaction Risk
  • Regulatory Compliance
  • Third Party/Vendor Management

Information Security Risk Solutions

Credit unions are entrusted with their members’ sensitive information. Criminals recognize this, which is why financial institutions are often the targets of criminal cyber-attacks and social engineering attacks designed to compromise your member's sensitive information.

Make sure your credit union is prepared to mitigate potential attacks. And don’t think that just because you are part of a smaller institution that you don’t have to worry about being targeted. Many criminals see smaller financial institutions as ideal targets, because they often have fewer resources devoted to preventing attacks.

Let us help you keep your members' sensitive information protected with the following products and services:

Let's say you find out you've had a data breach. What do you do?

If you haven't developed a plan for how your credit union will deal with incidents, now is the time to act. A data breach is a serious and costly issue that could lead to fines and other expenses related to member notification, credit card replacement, lawsuits, etc.

But data breaches aren't the only type of incident your plan should worry about. What if you have a broken water pipe that is leaking into your computer room? Or you lose internet connectivity or phone service for an extended period of time?

The experienced staff at Vizo Financial can walk you through the scenarios, questions, planning, and documentation needed to develop an incident response plan specific to your credit union so you are prepared in the event you experience an issue, while also keeping you in compliance with industry regulations related to incident response.

At Vizo Financial, we are familiar with issues that credit unions are facing. We know your resources and finances are limited, and that your time is valuable. That's why we've developed a reasonably priced product that can be tailored specifically for your credit union.

Trying to resolve an incident is not the time to "wing it." Let us help you develop a proper plan to make sure your credit union is ready for potential incidents.

Know exactly how your systems' vulnerabilities could impact your credit union with our penetration testing.

A more in-depth version of a vulnerability scan, our penetration test allows you to see the consequences of a skilled attacker exploiting your systems weaknesses as we simulate an attacker by making controlled attempts to exploit vulnerabilities on target systems.

Our penetration test results provide deeper insight into the actual business risks of vulnerabilities that are present on your system and show how an attacker can exploit the vulnerabilities on your network and use the compromised machine to gain access to sensitive member information.

This test helps to clearly identify the actual risk the vulnerabilities on your network pose to your overall infrastructure.

Penetration testing provides your institution with regulatory compliance on the following guidelines:

  • GLBA – Section III.C.3 12 CFR Part 364 Appendix B.
  • NCUA – IS&T Questionnaire IT-IDS/IPS, Section E, 34 and 35; IT – Penetration Test Review, Section A, B, C,6-7, and 8c; IT – Servers, Section C, 19-21.t

People are the weakest link in the day-to-day management of an organization's network security. Our social engineering testing examines the security awareness and best practices of your employees and suppliers.

One of the main reasons credit unions are successful is their staff's willingness to provide top-level member service. Not only do you train your staff to be courteous to members and try to assist them with their needs, you generally hire people that possess these helpful traits by nature.

Criminals recognize this and prey on your staff's willingness to "help."

Depending on your needs, we can offer social engineering testing either remotely or on-site providing an accurate representation of your employees' security awareness.

Types of Social Engineering Testing

Off-site testing includes a wide range of attacks using email and phone calls designed to compromise company policy and access confidential information.

On-site testing includes attempts at gaining physical access to the premises, obtaining records, files, equipment, sensitive information, network access and more. Even though each engagement has unique characteristics, the testing is always conducted in a strictly professional manner.

Social engineering testing provides your institution with regulatory compliance on the following guidelines:

  • GLBA – Section III.C.3
  • NCUA – IS&T Questionnaire IT – Penetration Test Review, Section 6G

Attackers are always looking for ways into a financial institution’s systems to gain access to the sensitive information that they possess. Being a small credit union doesn’t exclude you from the potential of an attack. In fact, many criminals actually target small financial institutions specifically; knowing they are less likely to devote the necessary resources to prevent attackers.

A vulnerability scan is an automated process that scans the computers, servers, printers, and other devices connected to your institution’s network.

Our scanning service scans your systems and looks for known security gaps and holes in your network. The system will then generate a report prioritizing the remediation efforts based on the severity of each threat and the relative risk that your credit union assigns to each of your assets.

Vulnerability scanning provides your institution with regulatory compliance to the following guidelines:

  • GLBA – Section III.C.3 12 CFR Part 364 Appendix B
  • NCUA – IS&T Questionnaire IT-IDS/IPS, Section E, 34 and 35; IT – Penetration Test Review, Section A, B, C, 6-7, and 8c; IT – Servers, Section C, 19-21

Attacks against vulnerabilities in web-based application software continue to be an increasing trend. Application software that does not properly validate user inputs, or fails to sanitize user inputs by filtering out unneeded, malicious characters, could be vulnerable to a remote attack.

Attackers can inject specific exploits, including SQL injection attacks, buffer overflows, cross-site scripting, and click-jacking of code to gain control over vulnerable machines. This can lead to a compromise of your internal network with your public web applications providing an open door directly from the internet to your sensitive member data.

Performing regular web application testing and following up with the removal or mitigation of the vulnerabilities bolsters your layered network security strategy and provides an excellent control against a potential network data breach.

Our team tests your web applications for potential vulnerabilities, helping to ensure the security of your most critical business interfaces.

Web application testing is designed to meet all regulatory requirements, and fully evaluates the security of your applications, whether they have been deployed or are in the development stage.

Contact us today to make sure your web application is not an open door for criminals to access your members' sensitive data.

Wireless internet access is becoming commonplace in most businesses. And credit unions are no different. Whether you offer Wi-Fi access to your members while they are in the branch or only have it available for staff to test systems from outside of your main network, many credit unions now have a wireless system in place at their institution.

This poses separate security issues than just your main network itself.

A wireless security audit analyzes your wireless security configuration, wireless infrastructure, and attacks against your wireless network to establish how well your wireless network is protected from an attack.

Our comprehensive wireless security audit assesses your wireless networks, devices, and countermeasures to ensure you are protecting your organization from potential intruders.

Through our team’s experience and knowledge, we can also demonstrate the impact a successful wireless network intrusion can have on your credit union.

Training and Education Services

Our team has almost 100 years of combined experience serving credit unions. Our knowledge and experience on the topics below are available through our consulting services whether you need us to come in for a group discussion or you need a quick explanation that can be discussed over the phone.

Bank Secrecy Act (BSA)

As defined by the FFIEC, employee training is an integral part of any compliance program. Our BSA/AML training will educate your staff on the importance of the regulations and requirements of the Bank Secrecy Act. We offer a variety of options for your credit union to meet the annual training requirements for your board and staff.

Business Continuity

Planning, knowing your plan, and exercising your plan are essential steps towards the long-term success of your credit union. Our certified staff can help your credit union be prepared for any issue that could arise.

Enterprise Risk Management (ERM)

Managing risk is an essential component of your credit union’s operations. Our team can help your staff understand the risk credit unions are faced with, as well as how to manage that risk.

Security Awareness

Our training teaches your employees the guidelines of appropriate system use and password construction to provide them with an appreciation of the need for physical and IT-based security measures. This comprehensive training session typically requires less than an hour of an employee's time to complete and also addresses social engineering tactics that may be putting your business at risk.

We also have programs available for your members, which are designed to raise your members' awareness of phishing attacks, trojans, key-stroke loggers, viruses, etc. Phishing attacks have become a particularly effective weapon, resulting in substantial losses from fraud, lost business, and damaged reputations.

Holding security awareness training sessions for your members not only decreases the risk your members may cause to your systems, but is also a great way to increase your contributions to the community.

Social Engineering Testing

There’s a reason why we practice fire and bad weather drills. It’s so that when life hands us an unexpected situation, we’re able to handle it because we already know the risks. The same can be said of your credit union’s security – the more practice and emphasis you put into security awareness, the better you’ll be able to deal with social engineering threats like phishing, vishing and cyberattacks.

Vizo Financial has partnered with KnowBe4, an industry leader in simulated social engineering testing and security awareness training, to help you get that practice through our social engineering testing services.

In this subscription-based service, you will be able to perform ethical social engineering tests to evaluate the level of security awareness among your staff. By utilizing the same tactics criminals might leverage to gain access to your credit union, the service can help you gauge your level of risk within the institution and adjust your security awareness training accordingly.

From there, you will be able to review your results from the testing through a convenient online portal, where you can also manage your credit union’s information, testing templates and more.

What do our social engineering testing services mean for your credit union? All these things:

  • Reduced risks by improving staff’s security awareness and preparedness
  • Creation of custom security awareness training plans based on staff’s level of knowledge
  • Control over your own social engineering tests with ready-made templates and tools
  • Real-time test results and information storage in an easy-to-use online portal
  • Continuous testing and support from Vizo Financial’s security experts for the length of your subscription

At Vizo Financial, we get it. We know that the security of your credit union and the ability for your employees – those on your front lines – to keep your members’ information safe is so important. Important enough, in fact, it’s worthy of performing social engineering testing, or “drills.” Let us make sure you get the practice you need to better deal with social engineering attacks and other threats!