Do you support single sign-on?
Today, LexAlign is a stand-alone application. LexAlign would be happy to integrate with the FIS applications that provide banks with a central location for accessing various products. Banks should make that request to FIS.
Why should banks start with the LexAlign Security Module?
Bank deposits aren’t secure unless your bank customers are secure.
We’ve spoken to a number of banks who are interested in the ability to automate ACH audits for their commercial customers.
Security is crucial for all commercial customers but especially those doing RDC, ACH, and Wires.
This is why it’s important to get started with the LexAlign Security Diagnostic, also known as ACH Part 1:
- LexAlign makes the expertise contained in regulatory guidance easily accessible and actionable for commercial customers.
- LexAlign shows them precisely where their operations deviate from what regulators require or recommend for online banking.
- LexAlign empowers commercial customers with actionable information and tailored resources to be the fortified frontline against fraud while automatically demonstrating proactive and effective risk management by the bank.
- LexAlign provides commercial customers with a security policy that regulators expect them to have.
What did Nacha say about the LexAlign Security Module?
In our Nacha conversations, we heard that assessing the customer for IT and information security is a required part of the annual audit. This is not trivial, as it’s gaps in your customers’ security that fraudsters are exploiting in the extraordinary explosion of credit-push fraud, which Nacha has called the now dominant form of ACH fraud.
But here’s the good news: we also heard that the LexAlign Security Diagnostic would satisfy this requirement.
The LexAlign Security Diagnostic enables customers to do a self-assessment against what the Federal Trade Commission recommends as appropriate and prudent practices. Financial regulators defer to the FTC for guidance on business security to address the extraordinary risk of fraud that targets them.
The LexAlign Security Diagnostic was designed to satisfy Part 1 of the ACH audit and addresses Nacha’s call for A New Risk Management Framework for the Era of Credit-Push Fraud by recruiting, sensitizing and empowering the customer as the front layer in the layered approach to security that regulators expect.
How does the LexAlign solution reduce costs?
The LexAlign solution reduces costs by automating the onsite audit function for security and compliance, directly based on the regulators’ stated expectations. This reduces the time it takes to manage customer compliance for commercial customers by up to 90 percent.
How has the adoption of the LexAlign assessment been with commercial customers?
Over the standard six-week automated notification period, we’ve seen banks achieve more than a 70% assessment completion rate from their commercial customers without any manual effort.
Can we tailor the assessment questions to our bank?
The LexAlign solution was developed using regulatory exam manuals and guidance and should be viewed as a standard that applies to all financial institutions. Since LexAlign Assessments are diagnostic interviews, rather than questionnaires, there isn’t a defined set of questions that every customer sees. It’s dynamic in the sense that the system delves into issues based on prior answers. However, there are topics we cover that for the most part are standard, though a small subset are reserved for larger organizations. We scour the regulatory sources and consult with experts to determine the issues the regulators are focused on, and we believe our Assessments are far more comprehensive and granular than questionnaires that banks have historically used. We don’t ask simple high-level questions like “Is your banking computer secure?” because we don’t think they’re meaningful, in part because they presume a level of subject area expertise that we don’t think many, if not most customers have. Instead, we ask factual questions about practices that our system then uses to determine compliance and risk.
Are there any privacy or regulatory concerns with the LexAlign solution?
The LexAlign solution does not collect any PII (personally identifiable information), nor does it contain or use any transactional information, account numbers, or credentials. The information we collect can not be used to create financial transactions. The information we collect is only about customer operations.
How long is the implementation process for the LexAlign solution?
The typical implementation process for the first LexAlign Diagnostic is 6-8 weeks. The actual length can vary greatly depending on how quickly the bank can complete the prerequisites. Each LexAlign Diagnostic has its own implementation process. LexAlign Diagnostics are typically staggered so that there are at least two to three months between Diagnostics.
How are the 5 levels for the LEXA rating defined?
Each group designates the level of risk a customer poses, based on exhibiting operational gaps or other factors that (in each case) regulators discuss in RDC, AML, or fraud risk management. The gaps are risk weighted according to their prominence in the regulatory guidance or examination manuals, prudential considerations, expert input, and industry feedback. Most customers end up between 2 and 3, then 4.
- Group 1: Minimal to low risk
- Group 2: Low to moderate risk
- Group 3: Moderate risk
- Group 4: Higher risk
- Group 5: Warrants prompt attention, possibly including disabling the service
What have banks been saying about the LexAlign Security Module?
It’s still early days but the response so far from users, test users, and other institutions has been positive. One of our test users (a bank customer) said in connection with an earlier version of our current Security Diagnostic, “Just going through the questions is opening my eyes to things we need to think about.” A business owner said, “This is great. It’s going to save me money because I don’t need to hire an IT security expert to do an assessment.” An IT manager said, “I’ve been trying to get management to focus on security, and the audit report helps me do that.”
Nacha also said that our Security Diagnostic would satisfy the security audit requirements for the annual ACH audits, so it satisfies two sets of requirements. In general, the LexAlign Security Diagnostic enables customers to do a self-assessment against what the Federal Trade Commission recommends as appropriate and prudent practices. Financial regulators defer to the FTC for guidance on business security to address the extraordinary risk of fraud that targets them. By using the Security Diagnostic you’re helping customers align their operations with the FTC’s authoritative guidance.