Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its...
-
Upload
shannon-simon -
Category
Documents
-
view
214 -
download
1
Transcript of Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its...
![Page 1: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/1.jpg)
Proprietary & Confidential© 2011 Fidelity National Information Services, Inc. and its subsidiaries.
Risk AssessmentsScott Yoshimura, Risk Management Consultant
![Page 2: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/2.jpg)
Proprietary & Confidential
Background
• FIS Managed IT Services (formerly ProNet Solutions) – Provides outsourced technology platform management solutions to independent community banks.– Virtual Network Management Services– Managed Security Services– Hosted Services
• Advisory Services Group – Provides facilitative solutions for IT related risk management programs and business continuity.
• In 2013 we completed 262 assessments for 66 banks in 13 states
![Page 3: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/3.jpg)
Proprietary & Confidential
Agenda
• Risk Assessment Overview• In Depth Look– GLBA/Information Security– Vendor Management– Online Banking– Business Continuity– New Product Development
• In Depth Look– Facilitative Solution– What Examiners Are Looking For– Questions
![Page 4: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/4.jpg)
Proprietary & Confidential
Purpose of a Risk Assessment
• Quantify risk into a measurable format• Designed to – Evaluate risks
• Impact• Likelihood
– Prioritize risks– Evaluate the effectiveness of controls– Identify gaps
![Page 5: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/5.jpg)
Proprietary & Confidential
Benefits of a Risk Assessment
• Improve decision making– Identifying areas of weakness or concern– Valuation of risk to determine risk/return benefit
• Measure change– Changes in controls– Changes in environment– Changes in risk
• Risk awareness
![Page 6: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/6.jpg)
Proprietary & Confidential
Creating a Risk Assessment
• Board and Executive support– Risk awareness and mitigation within the culture– Leadership and guidance– Understanding and expertise
![Page 7: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/7.jpg)
Proprietary & Confidential
Creating a Risk Assessment
• Knowledge and resources– Develop– Identify– Evaluate– Remediate– Manage
• Research Applicable Regulations and Guidance– FFIEC– OCC– FRB
![Page 8: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/8.jpg)
Proprietary & Confidential
How to create a risk assessment
• What is the driving force?– Your purpose will define the quality and benefit of your assessment
• Do you have the knowledge? Is there new guidance?– Utilize your available resources to ensure you have the
required/recommended criteria
• Have a sound methodology– Ensure your process meets your criteria, but is understandable and
explainable to staff, your board and examiners
![Page 9: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/9.jpg)
Proprietary & Confidential
Creating a Risk Assessment
• Quantitative vs Qualitative– Quantitative: Requires numerical values for both impact and
likelihood using data from a variety of sources– Qualitative: Assessing risk and opportunity according to descriptive
scales
• Inherent vs Residual– Inherent Risk: The risk that an activity would pose if no controls
were in place– Residual Risk: The risk that remains after controls are taken into
account
• Risk Formula– Inherent Risk = Impact x Probability– Residual Risk = Inherent Risk x Control Risk
![Page 10: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/10.jpg)
Proprietary & Confidential
Weak vs Strong Assessment
Asset Impact Likelihood Risk
Servers High High High
Mobile Devices Moderate High Moderate-High
Shred Bin Moderate Moderate Moderate
Appraisals Low Low Low
Asset Confidentiality Integrity Availability Likelihood Inherent Risk
Strength of Controls
Residual Risk
Servers High High High High High High Moderate
Mobile Devices
Moderate – High
Moderate Moderate – Low
High Moderate – High
High Moderate – Low
Shred Bins High Low Low Moderate Moderate Low Moderate – High
Appraisals Low Moderate Moderate Low Moderate – Low
High Low
![Page 11: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/11.jpg)
Proprietary & Confidential
Creating a Risk Assessment
• Does your assessment do the following?– Identify subjects– Identify and evaluate threats– Identify and evaluate controls– Determine impact and likelihood– Determine areas of concern– Prioritize order of importance
![Page 12: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/12.jpg)
Proprietary & Confidential
Tips for Performing a Risk Assessment
• Ensure everyone involved in the process understands the purpose
• Relate it to their line of business• Ensure everyone evaluates based on the same risk appetite
level• Challenge and pose questions
![Page 13: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/13.jpg)
Proprietary & Confidential
Board Reporting
• Understanding of the process• Understanding of the risks• Understanding of the position of the bank and strength of
controls• Understanding of the areas of concern• Understanding of recommendations and action plan
![Page 14: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/14.jpg)
Proprietary & Confidential
What Examiners are Looking For
• Based on guidance• Sound methodology• Management involvement• Clear board communication
![Page 15: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/15.jpg)
Proprietary & Confidential
GLBA/Information Security – Regulatory Guidance• IT Examination Handbook – Financial institutions must maintain an
ongoing information security risk assessment program that effectively– Gathers data regarding the information and technology assets of the
organization, threats to those assets, vulnerabilities, existing security controls and processes, and the current security standards and requirements;
– Analyzes the probability and impact associated with the known threats and vulnerabilities to their assets; and
– Prioritizes the risks present due to threats and vulnerabilities to determine the appropriate level of training, controls, and assurance necessary for effective mitigation.
![Page 16: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/16.jpg)
Proprietary & Confidential
Information Security Risk Assessment – Valuation Table
![Page 17: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/17.jpg)
Proprietary & Confidential
Information Security Risk Assessment – Asset Analysis
![Page 18: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/18.jpg)
Proprietary & Confidential
Information Security Risk Assessment – Asset Analysis
![Page 19: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/19.jpg)
Proprietary & Confidential
Information Security Risk Assessment – Asset Analysis
![Page 20: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/20.jpg)
Proprietary & Confidential
Information Security Risk Assessment – Risks & Controls Worksheet
![Page 21: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/21.jpg)
Proprietary & Confidential
Information Security Risk Assessment – Vendor Analysis
![Page 22: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/22.jpg)
Proprietary & Confidential
What Examiners Are Looking For
• Inherent vs Residual Risk• Evaluation of threats• Evaluation of controls• Identification of key controls• Testing of controls
![Page 23: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/23.jpg)
Proprietary & Confidential
Information Security Risk Assessment – Controls Analysis
![Page 24: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/24.jpg)
Proprietary & Confidential
Vendor Management – Regulatory Guidance• FIL-44-2008 – Guidance for Managing Third Party Risk– This guidance outlines the potential risks that may arise from the
use of third parties and addresses the following four basic elements of an effective third-party risk management program: •Risk assessment •Due diligence in selecting a third party •Contract structuring and review •Oversight
• OCC Bulletin 2013-29 – Third Party Relationships, Risk Management Guidance
• Federal Reserve SR 13-19/CA 13-21 – Guidance on Managing Outsourcing Risk
![Page 25: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/25.jpg)
Proprietary & Confidential
Vendor Management – Program Review
• Oversight• New Vendor
Selection & Due Diligence
• Ongoing Monitoring & Due Diligence
![Page 26: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/26.jpg)
Proprietary & Confidential
Vendor Management – Valuation Table
![Page 27: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/27.jpg)
Proprietary & Confidential
Vendor Management – GLBA Analysis
![Page 28: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/28.jpg)
Proprietary & Confidential
Vendor Management – Significant Vendor Rating
![Page 29: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/29.jpg)
Proprietary & Confidential
Vendor Management – Significant Vendor Rating
![Page 30: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/30.jpg)
Proprietary & Confidential
Vendor Management – Significant Vendor Rating
![Page 31: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/31.jpg)
Proprietary & Confidential
Vendor Management – Critical Vendor Review
• Risk Assessment• Strategic Review• Due Diligence• Contingency
Planning• Contract
Structuring and Review
• Audit Requirements
• Monitoring & Oversight
![Page 32: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/32.jpg)
Proprietary & Confidential
Vendor Management – User Controls Considerations
![Page 33: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/33.jpg)
Proprietary & Confidential
Vendor Management – New Vendor Review
• Risk Assessment• Due Diligence• Contingency
Planning• Contract
Structuring and Review
• Monitoring & Oversight
![Page 34: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/34.jpg)
Proprietary & Confidential
What Examiners Are Looking For
• Risk assessment and proper due diligence prior to the selection of a vendor
• Consumer protection– Risk third party poses regarding consumer complaints– UDAAP/Fair Lending risks
• Ensure completion of enhanced due diligence (SSAE16)• Review and documentation of compliance with User Control
Considerations
![Page 35: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/35.jpg)
Proprietary & Confidential
Vendor Management – Consumer Protection
![Page 36: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/36.jpg)
Proprietary & Confidential
Online Banking – Regulatory Guidance
• 2005 FFIEC – Authentication in an Internet Banking Environment– The 2005 Guidance provided a risk management framework for
financial institutions offering Internet-based products and services to their customers.
• 2011 FFIEC – Supplement to Authentication in an Internet Banking Environment– The purpose of this Supplement to the 2005 Guidance (Supplement)
is to reinforce the Guidance’s risk management framework and update the Agencies’ expectations regarding customer authentication, layered security, or other controls in the increasingly hostile online environment.
![Page 37: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/37.jpg)
Proprietary & Confidential
Online Banking Risk Assessment – Program Review• Website Review• Vendor Due Diligence &
Suitability• Contracts &
Agreements• Customer Eligibility &
Review• Risk Assessments• Account Origination &
Customer Verification• Layered Security
Programs• Effectiveness of Certain
Authentication Techniques
• Monitoring & Reporting• Customer Awareness &
Education
![Page 38: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/38.jpg)
Proprietary & Confidential
Online Banking Risk Assessment – Valuation Table
![Page 39: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/39.jpg)
Proprietary & Confidential
Online Banking Risk Assessment – Transaction Analysis
![Page 40: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/40.jpg)
Proprietary & Confidential
Online Banking Risk Assessment – Transaction Analysis
![Page 41: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/41.jpg)
Proprietary & Confidential
Online Banking Risk Assessment – Transaction Analysis
![Page 42: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/42.jpg)
Proprietary & Confidential
Online Banking Risk Assessment – Risks & Controls Worksheet
![Page 43: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/43.jpg)
Proprietary & Confidential
What Examiners Are Looking For
• Consumer protection– UDAAP– GLBA
• Other considerations– Distributed Denial-of-Service (DDoS) Attacks– Corporate Account Takeover (CATO)
![Page 44: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/44.jpg)
Proprietary & Confidential
Business Continuity – Regulatory Guidance• FFIEC IT Examination Handbook
– A business impact analysis (BIA) is the first step in the business continuity planning process and should include the:• Assessment and prioritization of all business functions and processes, including
their interdependencies, as part of a work flow analysis;• Identification of the potential impact of business disruptions resulting from
uncontrolled, non-specific events on the institution's business functions and processes;
• Identification of the legal and regulatory requirements for the institution's business functions and processes;
• Estimation of maximum allowable downtime, as well as the acceptable level of losses, associated with the institution's business functions and processes; and
• Estimation of recovery time objectives (RTOs), recovery point objectives (RPOs), and recovery of the critical path.
![Page 45: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/45.jpg)
Proprietary & Confidential
Business Continuity – Business Impact Analysis
![Page 46: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/46.jpg)
Proprietary & Confidential
Business Continuity – Business Impact Analysis
![Page 47: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/47.jpg)
Proprietary & Confidential
What Examiners Are Looking For
• Impact to the bank• Recovery Time Objectives (RTOs)• Recovery Point Objectives (RPOs)
![Page 48: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/48.jpg)
Proprietary & Confidential
New Product Assessment – Regulatory Guidance• OCC Bulletin 2004-20 – Risk Management of New, Expanded, or
Modified Bank Products and Services– An effective risk management process includes (1) performing adequate
due diligence prior to introducing the product, (2) developing and implementing controls and processes to ensure risks are properly measured, monitored, and controlled, and (3) developing and implementing appropriate performance monitoring and review systems
![Page 49: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/49.jpg)
Proprietary & Confidential
New Product Risk Assessment
• Strategic Review• Personnel• Risk Management
Review• Regulatory
Compliance• Information Security• Vendor Due
Diligence• Business Continuity• Policies &
Procedures• Reporting• Performance
Monitoring
![Page 50: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/50.jpg)
Proprietary & Confidential
New Product Risk Assessment
![Page 51: Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.](https://reader036.fdocuments.in/reader036/viewer/2022070410/56649f1c5503460f94c329a3/html5/thumbnails/51.jpg)
Proprietary & Confidential
What Examiners Are Looking For
• Risk assessment on all new products/services• Third Party involvement• Consumer protection
– Consumer complaints– UDAAP/Fair Lending