LexAlign automates the onsite audit function using a sophisticated diagnostic assessment. LexAlign replaces the manual questionnaire process most widely used today.  

The LexAlign diagnostic assessment derives directly and transparently from regulatory guidance (in the form of exam manuals, institution letters, bulletins, supervisory highlights, summaries to rule changes, etc.), so that what is measured (and risk rated) are customer operational deviations from those official expectations.  In effect, LexAlign makes expert guidance accessible in a targeted way to the persons actually conducting the activities.

When a customer completes the LexAlign diagnostic assessment, they have immediate access to an audit report with gap analysis and action plan that explains their risk factors and how to remediate them.  This empowers the customer to manage their own operational risks.

The questions are all derived from regulatory exam manuals and guidance, reflecting regulator expectations.

Here is a list of the authoritative sources used by LexAlign.

Because the diagnostic interviews are dynamic, meaning that the questions you see depend on how you did and/or did not answer prior questions, the system won’t let you go backwards.  The customer has various options: cancel and restart an Assessment before completing it; finish the Assessment and indicate Remediation for any relevant issue (this will update both the information and scoring that the Bank sees); or simply re-do the Assessment.  We have rarely seen any Customer complain about having made mistakes, and in the couple of times it did happen, it related to an earlier section. When it has happened, we recommend bank staff tell the Customer that any mistakes will be noted and encourage them to use the Remediation feature to update information, and then make a note on the Customer’s page for that Diagnostic in the Dashboard. 

This typically happens when the email goes to your spam folder and you are trying to access the link within it. First move the email to your inbox where it will be seen as a trusted email. You will then be able to click on the link within the email to access the demo site.

That’s a question we often get, and the answer is that it’s up to the bank.  Typically, we recommend thinking about locations.  If the customer has multiple accounts but all are handled out of one office, then one LexAlign account (meaning one assessment) for that customer is likely sufficient.  If, however, the customer has multiple locations, and each location has a scanner and uses RDC, then you might want to assess them separately as their practices might vary from location to location.

The RDC and Security modules are sold as a bundle. A Security assessment is a required component to create a complete solution for RDC.

The LexAlign Security module was created as a standalone module for these reasons:

• It applies to all treasury customers, not just RDC.
• The person completing the Security Assessment is typically different than the person completing the RDC Assessment.
• The Security Assessment is also considered to be ACH Part 1, the natural starting point for ACH operational risk management.

The LexAlign solution is a much better experience for customers, they see immediate benefits as opposed to the alternative approaches. The LexAlign solution empowers customers to recognize and manage their operational risks. The typical completion time for each LexAlign Assessments is around 30 minutes. Requiring customers to spend 30 minutes per year to complete an Assessment is not unreasonable.

Please check your spam folder. If the email invitation is not in your spam folder please let us know and we will resend it.

LexAlign does a number of things to ensure emails are delivered to bank customers and can be trusted. Most of these are easily configured in the LexAlign Control Panel.

• We use a sub-domain of the bank’s domain such as “lexalign.bankname.com”. LexAlign provisions this sub-domain based on the name the bank wants to use. When we provision the domain, we provide DNS (Domain Name System) information to the bank so that their IT department can add these records to their DNS. This lets email servers know that the email is authorized by the bank’s domain.
• We use a “Sender name” that matches what bank customers are used to seeing.
• We use a “reply to” email address that matches what bank customers are used to seeing.
• We include a link in the emails to a frequently asked questions page that lives on the banks website.
• We use the bank’s email footer as another item that bank customers will recognize to help them trust the email.

In addition to the above, prior to the launch of LexAlign, the bank will send an email through their normal delivery letting their customers know that they are using a new system for their annual audit process and to expect emails from LexAlign.

https://demo.lexalign.com/users/sign_in

https://demo.lexalign.com/institution_reps/sign_in

It’s still early days but the response so far from users, test users, and other institutions has been positive.  One of our test users (a bank customer) said in connection with an earlier version of our current Security Diagnostic, “Just going through the questions is opening my eyes to things we need to think about.” A business owner said, “This is great. It’s going to save me money because I don’t need to hire an IT security expert to do an assessment.” An IT manager said, “I’ve been trying to get management to focus on security, and the audit report helps me do that.”

Nacha also said that our Security Diagnostic would satisfy the security audit requirements for the annual ACH audits, so it satisfies two sets of requirements.  In general, the LexAlign Security Diagnostic enables customers to do a self-assessment against what the Federal Trade Commission recommends as appropriate and prudent practices.  Financial regulators defer to the FTC for guidance on business security to address the extraordinary risk of fraud that targets them.  By using the Security Diagnostic you’re helping customers align their operations with the FTC’s authoritative guidance.

The use case for LexAlign is listed as approved in the FIS system for a reseller relationship where no personal data is shared with the vendor (Tier 3).

The LexAlign solution is accessible through secure online sites for both the Customer Dashboard and the Bank Dashboard. 

Each group designates the level of risk a customer poses, based on exhibiting operational gaps or other factors that (in each case) regulators discuss in RDC, AML, or fraud risk management.  The gaps are risk weighted according to their prominence in the regulatory guidance or examination manuals, prudential considerations, expert input, and industry feedback.  Most customers end up between 2 and 3, then 4. 

• Group 1: Minimal to low risk
• Group 2: Low to moderate risk
• Group 3: Moderate risk
• Group 4: Higher risk
• Group 5: Warrants prompt attention, possibly including disabling the service

Banks typically use a one-size-fits-all questionnaire and use their staff to email it to customers and hound them to complete it.  These questionnaires offer no value to the customer.  With the continued rise in fraud and customer mistakes it is clear this method is ineffective.

LexAlign Diagnostics are based on regulatory guidance and industry expertise.  This is hard for customers to do themselves because the information is multi-sourced, and it is hard to know if you’ve found all of the important components.

About 70 percent of customers complete the assessments just with the automated emails that we do based on the content that is configured and approved by the bank.  Typically, those that do not complete the assessment have been related to the wrong person being invited to do the assessment or having a bad email address for the customer.

We use a SaaS subscription model based on the number of seats required. Each of our Diagnostic Modules on each customer dashboard is a seat license. 

We don’t look at any financial transactions, there are plenty of solutions available that do that, we are complimentary to them.  Our solution creates a unique data set that measures customer operational risk.

Fraud risk management is part of operational risk management under the federal scheme. Operational risk not only includes fraud but also customer mistakes and AML.

There are lots of solutions available to financial institutions for transaction monitoring, KYC, and public source information but there has been no effective way to do a proactive and effective assessment of customer operational risk and empower frontline fraud defense until LexAlign.

The typical implementation process for the first LexAlign Diagnostic is 6-8 weeks. The actual length can vary greatly depending on how quickly the bank can complete the prerequisites. Each LexAlign Diagnostic has its own implementation process. LexAlign Diagnostics are typically staggered so that there are at least two to three months between Diagnostics.

The LexAlign solution does not collect any PII (personally identifiable information), nor does it contain or use any transactional information, account numbers, or credentials.  The information we collect can not be used to create financial transactions.  The information we collect is only about customer operations.

Yes, the Security for Electronic Banking can apply to all treasury customers. It can be used for commercial customer on-boarding as well as ACH Part 1.

When they exceed their tier, they pay a per customer fee for all customers over the tier until their next contract cycle where they can move to a higher tier and get the benefit of a reduced price per customer.

Pricing is based on the number of treasury customers and the LexAlign Diagnostics used.  The number of customers is based on a tier, for example, if a client has 850 customers they would be in the 1000 tier which defines the LexAlign Diagnostics price per customer.  The higher the tier, the lower the fee per customer for each LexAlign Diagnostic.

No, the LexAlign solution is a separate web-based application. Any bank can use LexAlign, regardless of who they use for their core.

It is cloud-based.

The LexAlign solution was developed using regulatory exam manuals and guidance and should be viewed as a standard that applies to all financial institutions. Since LexAlign Assessments are diagnostic interviews, rather than questionnaires, there isn’t a defined set of questions that every customer sees.  It’s dynamic in the sense that the system delves into issues based on prior answers.  However, there are topics we cover that for the most part are standard, though a small subset are reserved for larger organizations.  We scour the regulatory sources and consult with experts to determine the issues the regulators are focused on, and we believe our Assessments are far more comprehensive and granular than questionnaires that banks have historically used.  We don’t ask simple high-level questions like “Is your banking computer secure?” because we don’t think they’re meaningful, in part because they presume a level of subject area expertise that we don’t think many, if not most customers have.  Instead, we ask factual questions about practices that our system then uses to determine compliance and risk. 

Over the standard six-week automated notification period, we’ve seen banks achieve more than a 70% assessment completion rate from their commercial customers without any manual effort.

Abrigo Due Diligence Manager primarily focuses on streamlining the customer onboarding process.  It can also make the one-size-fits-all audit questionnaires web-based instead of emailing them and replaces a small part of the manual process. 

LexAlign is a next-generation solution that transforms the compliance assessment and management process and automates it completely. The LexAlign solution empowers customers to manage their risk.

• What are you doing to cut costs and improve your operational efficiency?
• How are you managing the pressure to reduce the labor burden of auditing and achieving customer compliance for treasury services like RDC?
• Many of our clients tell us they are doing all they can to manage customer compliance, and yet losses from fraud and customer mistakes continue.  What are you doing to manage customer compliance for treasury services like RDC?
• Many of our clients have initiatives to improve back office efficiency ratios this year, can you tell me what yours are focused on?
• If you could reduce the time spent on customer compliance audits from hours to minutes, how would that help you and your organization?
• If you could empower your customers with a self-audit and tailored information on where they have gaps and how to remedy those gaps, how would that help you and your organization?
• Do you know what percentage of your customers follow best practices and regulator insights?

Do you know how many of your customers might be inactive because they have RDC scanner issues?

We do this by automating the onsite audit function for customer compliance which reduces the time it takes to manage commercial customers by up to 90 percent.

The LexAlign solution reduces costs by automating the onsite audit function for security and compliance, directly based on the regulators’ stated expectations.  This reduces the time it takes to manage customer compliance for commercial customers by up to 90 percent.

In our Nacha conversations, we heard that assessing the customer for IT and information security is a required part of the annual audit.  This is not trivial, as it’s gaps in your customers’ security that fraudsters are exploiting in the extraordinary explosion of credit-push fraud, which Nacha has called the now dominant form of ACH fraud.

But here’s the good news:  we also heard that the LexAlign Security Diagnostic would satisfy this requirement. 

The LexAlign Security Diagnostic enables customers to do a self-assessment against what the Federal Trade Commission recommends as appropriate and prudent practices.  Financial regulators defer to the FTC for guidance on business security to address the extraordinary risk of fraud that targets them.

The LexAlign Security Diagnostic was designed to satisfy Part 1 of the ACH audit and addresses Nacha’s call for A New Risk Management Framework for the Era of Credit-Push Fraud by recruiting, sensitizing and empowering the customer as the front layer in the layered approach to security that regulators expect.

Bank deposits aren’t secure unless your bank customers are secure.

We’ve spoken to a number of banks who are interested in the ability to automate ACH audits for their commercial customers. 

Security is crucial for all commercial customers but especially those doing RDC, ACH, and Wires.

This is why it’s important to get started with the LexAlign Security Diagnostic, also known as ACH Part 1:

• LexAlign makes the expertise contained in regulatory guidance easily accessible and actionable for commercial customers.
• LexAlign shows them precisely where their operations deviate from what regulators require or recommend for online banking.
• LexAlign empowers commercial customers with actionable information and tailored resources to be the fortified frontline against fraud while automatically demonstrating proactive and effective risk management by the bank.
• LexAlign provides commercial customers with a security policy that regulators expect them to have.

Fraudsters are exploiting security gaps in banks’ operations to access their deposit accounts.  It’s called “credit-push fraud” and it’s exploding.

LexAlign is designed to recruit bank customers to be the front layer in their layered security approach against fraud.  After all, as Jane Larimer, President and CEO of Nacha said:

“All participants in the payment system, whether the ACH Network or elsewhere, have roles to play in working together to combat fraud.”

We recently met with Nacha’s senior network risk officer to discuss the scope of our forthcoming ACH Diagnostic and demoed our Security Diagnostic as it’s directly on point and responsive to Nacha’s call for A New Risk Management Framework for the Era of Credit-Push Fraud, which they say is now the greatest source of fraud loss across payment channels.

The LexAlign Security Diagnostic meets that call.

Credit-push fraud works with startling success because customers have unaddressed vulnerabilities that make them susceptible to business email compromise and account takeover.  LexAlign sensitizes them to the risks and responsibilities, alerts them to their particular vulnerabilities, and equips them in a uniquely effective way to improve their security and staff awareness, while automatically providing the bank with records demonstrating superior oversight and support in alignment with regulators’ stated expectations.

Today, LexAlign is a stand-alone application. LexAlign would be happy to integrate with the FIS applications that provide banks with a central location for accessing various products. Banks should make that request to FIS.

LexAlign was created from the realization that the expertise business customers need to understand the rules, risks, and responsibilities that apply to their activities is locked up in the bank and not accessible to the customer, leaving them open to mistakes and fraudsters.

Part 2 of the annual ACH audit assesses and helps the customer with adherence to the Rules on, among other things, the appropriate use of SEC (Standard Entry Class) codes, transaction accuracy, and third-party notices, authorizations, and cancellations.   

Start with Security

We recommend starting with Part 1 to help customers defend against credit-push fraud.  In addition to helping the customers identify and remediate gaps, the LexAlign Security Module also furnishes the customer with a customized Security Policy as required under the Rules in case they don’t have one. 

LexAlign solves remote operations risk management.  We automate and enhance the process most treasury groups go through for their annual customer compliance audit.  Using legacy methods, if you are growing your commercial customer base, it is only a matter of time before you are cited for inadequate risk management. 

To address an explosion in payments fraud and heightened regulatory focus, our solution revolutionizes your customer compliance audits to meet regulator expectations.  Our solution automatically creates the records that demonstrate risk management as well as empower your commercial customers to identify and mitigate their operational risks with remote check deposits, ACH, and Wires.  We fortify the frontline against fraud.

The LexAlign solution automates the onsite audit function for banks’ commercial customers that use treasury products like remote check deposits, ACH, and Wires.

Sounds simple but what does this mean? 

As Tracey Jackson, SVP Treasury Services Manager at Southern Bank & Trust said “Last year, when I had 680 RDC customers, my auditor told me that I had 680 bank branches.  We gave up trying to do on-site compliance audits years ago—it’s just not possible given the staff time it takes.  Now we have 750 RDC customers and I need a better solution.”

Regulators hold the bank responsible for ensuring their customers comply with regulatory guidelines covering security, RDC, ACH, and Wire processes.  If your client hasn’t yet been cited, it could happen at the next audit, as FFIEC expectations are rising to confront exploding fraud.

Performing audits at customer sites is just not feasible at scale given the related costs.  There is growing recognition that using one-size-fits-all questionnaires is also incredibly laborious and largely ineffective. Why is this?

The bank customer sees no value in returning the questionnaire as there is nothing in it for them.  So, while their banking agreement requires the completion of annual audits, they have little motivation, and almost no jeopardy when they don’t do them.

Why is this important?

Despite the efforts of the bank:

• Fraud continues to rise exponentially as fraudsters target the gaps in customer operations and sophistication.
• Fraudsters no longer need to break into the bank, they just manipulate the customer to get access to their deposit accounts.
• The bank is left with the dismal choice of reimbursing their customers’ fraud losses or risking lawsuits and serious reputational harm.

So, how does LexAlign help?

By automating the on-site audit function and providing immediate value for the bank customer, the LexAlign solution is able to attain a greater than 70% assessment completion rate.  The LexAlign assessment is a great online experience for the customer.   Not only is it an intuitive user interface but the customer gets real value by completing the assessments.

Banks get access to a dashboard that gives them visibility into the activities of their customers while providing the records that demonstrate risk management—exactly what the regulators are looking for.  By using the LexAlign solution, banks can lower their costs, improve their operational efficiency ratios, and provide the records regulators expect.

About the FIS/LexAlign Partnership

FIS has a reseller agreement with LexAlign.  FIS sells, implements & supports the LexAlign solution.  FIS gets top line revenue.  We have reference clients including HRZ client Provident Bank ($14B) and we are in the process of implementing the first client sold on FIS paper, IBS client Forbright Bank ($6B).  Core agnostic, available for all FIS clients, and no integration is required.  Adding LexAlign is just a two page addendum to the client’s existing FIS agreement.  Your go-to FIS person about the LexAlign relationship is Bob Turner.

Early Adopter Program

The purpose of the Early Adopter Program is to allow FIS clients to lock-in great savings on the LexAlign solution without requiring immediate implementation, giving them time to add it to their 2024 budget.

• Clients are offered a significant discount.
• Contract must be signed by 12/31/2023.
• Implementation does not have to occur until as late as 9/30/2024.
• Billing does not start until the first diagnostic is implemented or 10/1/2024, whichever comes first.

LexAlign Bank Targets

• Auditor/Regulator Finding:  The bank has had regulatory or audit findings for inadequate remote operations risk management (in particular, relating to RDC, ACH or Wires, or related fraud) and needs to respond quickly.
• Rapid Growth in their Treasury Account Base:  Banks facing a merger or other rapid growth in their treasury account base.  Such banks confront the non-scalability of legacy manual processes most acutely.  A LexAlign client contending with a threefold increase in RDC customer count due to a merger recently said “it would have been a nightmare without LexAlign.”
• Banks Facing Heightened Regulatory Oversight:  Banks can face growing regulatory oversight for a number of reasons.
  • Banks at or nearing the $10B in assets threshold.
  • Banks engaged in BaaS or other perceived high-risk activities.
  • Community banks growing into Regional banks.
  • Banks moving from a State to a Federal charter.

Here’s some of what we’ve heard at the 2023 FIS Emerald conference:

• “We can see the value of LexAlign because the regulators are expecting more.  We like the intuitive nature of the assessment questions.” —COO, large community bank in Indiana.
• “This captures everything.  It shows a due diligence paper trail and covers us from a regulatory standpoint.” —SVP Treasury Services, large community bank in North Carolina.
• “I like that it will reduce staffing.” —Director of Treasury Services, large community bank in Texas.