Compliance with the complex and evolving regulatory and legislative requirements is top-of-mind for credit unions of all sizes. Symitar maintains a strict corporate commitment to proactively address compliance issues and implement all requirements imposed by the federal credit union regulators prior to the effective date.
Symitar’s comprehensive compliance program is provided by a team of compliance analysts and auditors that possess extensive regulatory agency and financial institution experience, and a thorough working knowledge of Symitar and its solutions. These compliance professionals leverage multiple channels to remain informed about potential and recently enacted regulatory requirements, including subscriptions to related magazines, Web sites, and newsletters; regular contact and discussions on emerging topics with the FFIEC examination team and the examiner-in-charge; and training sessions sponsored by various professional associations.
Symitar has developed a proven process to inform internal contacts of new and revised regulatory requirements. Upcoming regulatory changes also are presented to Symitar’s product-specific Change Control Boards and the necessary product changes are included in the ongoing product development cycle. A representative of Symitar’s compliance organization serves on every Change Control Board to ensure that the regulatory perspective is addressed in all proposed product/service changes.
Periodically, customer advisory groups are assembled to discuss significant regulatory changes, such as the USA Patriot Act. These advisory groups validate Symitar’s interpretation of complex regulations and ensure the proposed product/service changes address the inherent impact on financial institutions.
Internal audits of all Symitar systems, networks, operations, and applications are conducted; and highly specialized outside firms are periodically engaged to perform testing and validation of its systems, processes, and security. The internal audit process includes verification of Symitar’s contractual commitment to comply with the provisions of the Gramm Leach Bliley Act. Ensuring that confidential information remains private is a high priority within the organization, and Symitar’s initiatives to protect confidential information include regular third-party application reviews intended to better secure information access. Additional third-party reviews are performed throughout the organization, such as vulnerability tests, intrusion tests, and SAS 70 reviews. The FFIEC conducts annual reviews throughout all of Jack Henry & Associates and issues reports that are reviewed by the Jack Henry Audit Committee. These FFIEC reports can only be distributed by the FFIEC and Symitar is prohibited by regulation from sharing information from the examinations.