Product/Service Risk Assessment

Products and Services Risk Assessment Services

BTG Consultants have extensive experience and knowledge within many compliance areas, which require organizations to maintain internal risk management programs.  Our expertise provides the trusted ability to perform various risk assessments to analyze products and services in place at the organization.  Organizations are able to select the level of support needed to meet risk assessment requirements.  For example, BTG can create and customize a risk assessment for you based on the product/service, or you can select BTG’s maintenance services in which we perform the risk assessment on behalf of the organization and report on the results to management.

Professional and consulting services available, but not limited to, include:

Website Regulatory Compliance Assessments

Websites are an important part of regulatory compliance for the financial institution. Your website needs to have an independent audit that verifies compliance and security. BTG offers a single audit of your website or to better protect your financial institution enroll in our periodic maintenance program. The periodic maintenance program ensures your financial institution will remain in compliance at all times.

BTG will perform a complete audit review on a periodic scheduled determined by you. As part of our service, BTG will review any marketing material or revisions your financial institution would like to post to your website prior to publishing to your customer to ensure it meets regulatory requirements. Your own compliance person at your fingertips! BTG also offers website security reviews under our Technology Risk Assessment offering.

A BTG website audit includes the following verification of compliance with federal regulations:

  • Logos
  • Regulation B – Equal Credit Opportunity Act
  • Regulation E – Electronic Funds Transfer Act
  • E-sign – Electronic Signatures
  • Regulation DD – Truth in Savings Act (TISA) – APY
  • Regulation Z – Truth in Lending – APR
  • Regulation C – Home Mortgage Disclosure Act
  • Regulation BB – Community Reinvestment Act
  • Regulation X – Real Estate Settlement Procedures Act
  • Children’s Online Privacy Protection Act
  • Gramm-Leach-Bliley Act – Online Privacy Protection
  • Equal Employment Opportunity Act
  • Health Information Portability and Accountability Act
  • Credit CARD Act
  • Products and Services
  • Variable Rate Account
  • Balance Requirements
  • Non-Deposit Investment Products
  • Loan Products
  • Closed End Credit
  • Open End Credit
  • Home Equity Rules
  • Payment of Overdrafts
  • Website solicitations or Applications for Credit Cards
  • Calculators and Links
  • Web-linking to Third Parties
ADA Website Compliance Assessments

In the past two years, more and more financial institutions are receiving demand letters alleging that their websites are a violation of Title III of the Americans with Disabilities Act (ADA). Since 2015, ADA Title III lawsuits are up by 63% making it no longer reasonable to wait until the Department of Justice finalizes rules and regulations specific to website accessibility.

Website accessibility impacts more than 39 million people in the U.S., and financial institutions must take a proactive approach to ensure their sites meet accessibility standards. Buckley Technology Group provides services to assist financial institutions in meeting these compliance expectations:

Our assessments review websites against current Accessibility and Usability standards; including

  • Web Content Accessibility Guidelines (WCAG) 2.0,
  • W3C best practices,
  • the U.S. Department of Health & Human Services (HHS) Usability guidelines, and
  • Readability assessments.

ADA Website Compliance Assessment reports provide clear and actionable recommendations to assist the financial institution and/or their website hosting, design, or development service provider(s) in remediating issues to ensure the websites can accommodate users with diverse abilities.

Technology Risk Assessment

Financial Institutions are becoming more and more reliant of third-party solutions and technology to perform day-to-day operations. With this reliance on outsourced technology comes the increasing risks of data loss or breach, and unavailable services due to third-party downtime- just to name a few!

BTG will assist Financial Institutions in identifying vulnerabilities and threats to its IT assets and assist in the completion of Technology Risk Assessments. Give your IT department the tools and resources that it needs to accurately manage information systems risk.

BTG Technology Risk Assessment Services include:

  • Identification and classification of IT assets including hardware, software, hosted services, and internet applications
  • Review of Technology Risk Assessments and risk ratings
  • Ongoing employee training of technology risk assessment process
  • Annual reporting to executive management to ensure the technology risk assessment processes are monitored by key management
Social Media Audits

Financial Institutions use social media to enhance communications to the communities they service, which can impact the financial institution’s risk profile. The increased risks can include the risk of harm to consumers, compliance and legal risk, operational risk, and reputation risk. Increased risk can arise from a variety of directions, including poor due diligence, oversight, or control on the part of the financial institution. BTG will perform a Social Media Risk Assessment for financial institutions to help identify potential risk areas to appropriately address, as well as to ensure institutions are aware of their responsibilities to oversee and control these risks within their overall risk management program.

BTG Social Media Audits include:

  • Review of social media websites utilized by the financial institution and telephone interviews with applicable staff
  • Review of existing policies and procedures to ensure identification and inclusion of responsibilities, controls, alignment with strategic plan and initiatives, regulatory compliance, due diligence, and staff resources and training
  • Identify existing vulnerabilities that represent business risks and/or liabilities
  • Report of results including finding and “Best Practices” recommendations to mitigate identified risks