Risk Management Services
A reactive approach to risk management can make you feel like you’re always under fire. But when it comes to keeping your company and your data secure, we prefer to go on the offensive, and we’ve been helping our clients do just that for more than 25 years.
Got questions? We can help.
No matter what’s happening in the financial world or in the world-world, we’re here to make your life easier. Let’s talk.
Enterprise Risk Management (ERM)
The world of banking is turbulent and fraught with complex regulatory challenges coming at you from all sides. Stop treating your bank like a leaky ship – frantically patching holes on the fly. It’s time to take a big picture look at your institution and develop a whole-bank framework to avoid loss and address emerging risks before they become leaks that need patching. You know the waters can get rough – so make sure your bank is sea-worthy.
Loan Review & Credit Services
Managing a credit portfolio is two-fold: portfolio management and risk avoidance. DD&F’s Credit Management services provide assistance by reviewing your commercial and consumer portfolios, analyzing lending concentrations, stress testing your portfolio and providing guidance in overall portfolio management. DD&F’s Loan Review services help you avoid icebergs well before you’re on top of them by reviewing loan underwriting, credit administration and identifying loan deficiencies.
Read More →
Asset and Liability Management
Don’t juggle your asset liability management needs alone. Let us help you monitor potential exposures, limit risks and meet regulatory requirements. We review your bank’s interest rate and/or liquidity management program by assessing both the adequacy of oversight processes and practices, and the use of IRR models. We can also evaluate the sufficiency of liquidity and funds management practices, and the establishment of acceptable contingency funding plans.
Consumer Compliance Services
Staying on top of consumer compliance is an industry challenge. With harsh penalties for noncompliance, you can’t afford to drop the ball. DD&F helps by performing comprehensive reviews that assess the effectiveness of your compliance management. We make recommendations for enhancing processes, procedures, internal controls and training. We also offer a wide range of reviews and assessments, including Consumer Loan and Deposit Reviews, CRA and HMDA Data Verifications or Data Scrubs, CRA Performance Evaluations and Fair Lending Assessments.
IT Audit & Strategic Planning
IT audits and the qualifications of those performing them continues to be a hot button for regulators. Don’t trust just anybody. DD&F has the knowledge, scope and expertise to identity, address, and resolve information technology risk while meeting the necessary regulatory requirements. Our reviews assess the full spectrum of IT risk including management oversight activities, information security practices, business continuity planning, vendor management practices, electronic banking activities, and general IT operations. We can also help evaluate your current technology and plan for future needs based around the organization’s strategic initiatives.
Bank Secrecy Act
Bank Secrecy Act (BSA) compliance continues to be highly scrutinized by the various regulatory agencies. Examiners pay particular attention to the scope, frequency and quality of a bank’s BSA audit program, and the independence and qualifications of its auditors. We conduct comprehensive reviews to ensure your BSA program and compliance efforts are consistent with regulatory guidelines.
Internal Audit
Internal audits are a fundamental component of a risk management program and are continually assessed for adequacy by examiners. DD&F has the flexibility to provide customized risk assessment and internal audit services based on your size, complexity and risk profile. We can help you develop an Internal Audit Program or hone in on specific practices with Trust Audits, Audit Risk Assessments, Enterprise Risk Assessments and Automated Clearinghouse (ACH) Audit.
Vulnerability Assessment
DD&F provides internal and external vulnerability assessments that are designed to detect technical weaknesses that could result in unauthorized access to the network and to confidential or sensitive data. Our professionals can detect these weaknesses and assist your institution in taking corrective actions in a cost-effective manner.
Network Penetration Testing
Take your security testing to the next level! Utilizing the Penetration Testing Execution Standard (PTES), DD&F scans external facing systems and devices to detect any technical weaknesses, and then attempts to exploit these weaknesses. This allows us to discover potential methods a bad actor could use to attack and disrupt your systems.
Social Engineering
The bad guys will stop at nothing to get at your confidential information, and the social engineering tactics employed today are increasingly clever and deceptive. Regulators are well aware of the risks and expect you to be addressing them. Let DD&F help you conduct phishing testing along with training for your staff, so this potential point of entry remains closed.
Information & Cybersecurity Program
The security of information has never been more in jeopardy. Take every measure to safeguard your data by implementing a top-notch information and cybersecurity program with the help of DD&F. We help assess risks, set up protective measures, and provide guidance on information/cybersecurity risk mitigation and response, including assistance with development of a comprehensive Incident Management Program.
Business Continuity Planning
Setting up a solid business continuity program is important for regulatory oversight, but it’s also time-consuming, frustrating and a daunting task for bank personnel. DD&F’s business continuity program meets the FFIEC IT requirements and includes a business impact analysis, disaster risk assessment, emergency response plan, pandemic plan, bank-wide business and disaster recovery plan, and contingency plans for specific bank departments. We can also facilitate tabletop testing of the plan with a detailed report of the results and implications.
Risk-Specific Training
The security of your organization relies on your risk-management programs and the preparedness of your staff. Make sure the programs are in place, but don’t overlook the training. We offer both on and off-site training formats customizable to your needs in areas such as Cybersecurity, Social Media, Corporate Account Takeover (CATO), Emergency Response, Incident Response, Identity Theft and Information Security Programs and Policies.
Policies & Risk Assessments
Incomplete policies and procedures can negatively impact your bank’s asset quality, compliance, security and even your customer service. We can help ensure things are up to date and complete with our policy review and development processes. We also conduct various risk assessments to expose weaknesses and help you implement an in-depth risk management program to mitigate potential exposures.
Read More →
Vendor Management
DD&F’s experienced consultants will perform an annual risk assessment of each vendor to evaluate the bank’s level of exposure, investment and dependency, assigning a risk rating to each vendor. Additional scrutiny is given to higher-risk vendors analyzing vendor performance, consumer protection compliance, contract content, financial stability, internal controls and business continuity planning.
Regulatory Assistance with Exam Issues
Despite all your best efforts, regulatory exam findings may require that you take additional action. DD&F has extensive experience working with all supervisory agencies and has proven highly effective in helping organizations overcome problem areas to the satisfaction of examiners. We help you get back on solid footing.