Why am I unable to access the demo site from the invitation email I received?
This typically happens when the email goes to your spam folder and you are trying to access the link within it. First move the email to your inbox where it will be seen as a trusted email. You will then be able to click on the link within the email to access the demo site.
Can a customer go backwards while doing their assessment?
Because the diagnostic interviews are dynamic, meaning that the questions you see depend on how you did and/or did not answer prior questions, the system won’t let you go backwards. The customer has various options: cancel and restart an Assessment before completing it; finish the Assessment and indicate Remediation for any relevant issue (this will update both the information and scoring that the Bank sees); or simply re-do the Assessment. We have rarely seen any Customer complain about having made mistakes, and in the couple of times it did happen, it related to an earlier section. When it has happened, we recommend bank staff tell the Customer that any mistakes will be noted and encourage them to use the Remediation feature to update information, and then make a note on the Customer’s page for that Diagnostic in the Dashboard.
Where do the questions for the RDC Assessment come from?
The questions are all derived from regulatory exam manuals and guidance, reflecting regulator expectations.
Here is a list of the authoritative sources used by LexAlign.
| Item | Source |
|---|---|
| A | Federal Financial Institutions Examination Council (FFIEC) Bank Secrecy Act (BSA) /Anti-Money Laundering (AML) Examination Manual (2020) (Link) |
| B | Federal Deposit Insurance Corporation (FDIC) Supervisory Insights: “Remote Deposit Capture: A Primer,” Last updated June 29, 2009 (Link) |
| C | FDIC FIL–4–2009, “Risk Management of Remote Deposit Capture,” January 14, 2009 (Link) (attaching FFIEC guidance: Link) |
| D | FFIEC Supplement to Authentication in an Internet Banking Environment, June 2011 (Link) |
| E | FFIEC Authentication in an Internet Banking Environment, October 2005 (Link) |
| F | Board of Governors of the Federal Reserve System: “Availability of Funds and Collection of Checks,” Summary & Final Rule amending Reg CC, 12 CFR Part 229, Federal Register, 82 FR 27552ff (June 15, 2017) (Link) |
| G | Federal Trade Commission Guidance: “FTC Safeguards Rule: What Your Business Needs to Know” (May 2022) under the Gramm-Leach-Bliley (GLB) Act and related regulations in 16 CFR Part 314 (“Standards for Safeguarding Customer Information”) (Link) |
What is the LexAlign diagnostic assessment?
LexAlign automates the onsite audit function using a sophisticated diagnostic assessment. LexAlign replaces the manual questionnaire process most widely used today.
The LexAlign diagnostic assessment derives directly and transparently from regulatory guidance (in the form of exam manuals, institution letters, bulletins, supervisory highlights, summaries to rule changes, etc.), so that what is measured (and risk rated) are customer operational deviations from those official expectations. In effect, LexAlign makes expert guidance accessible in a targeted way to the persons actually conducting the activities.
When a customer completes the LexAlign diagnostic assessment, they have immediate access to an audit report with gap analysis and action plan that explains their risk factors and how to remediate them. This empowers the customer to manage their own operational risks.
Can a bank ONLY purchase the RDC module?
The LexAlign solution is sold as a bundle and includes all LexAlign modules.
The LexAlign Security module was created as a standalone module for these reasons:
- It applies to all treasury customers, not just RDC.
- The person completing the Security Assessment is typically different than the person completing the RDC Assessment.
- The Security Assessment is also considered to be ACH Part 1, the natural starting point for ACH operational risk management.
In what order should banks launch the LexAlign Diagnostics?
If the bank is primarily focused on RDC, they should launch the LexAlign Diagnostic for RDC first. We suggest launching the LexAlign Diagnostic for Security for each Cohort a minimum of 6 weeks after RDC.
If the bank is primarily focused on ACH Originators, they would launch the LexAlign Diagnostic for Security first (we call it ACH Part 1: Security).
How does LexAlign reduce the labor burden of managing customer compliance associated with high-risk highly regulated activities like remote check deposits and ACH?
We do this by automating the onsite audit function for customer compliance which reduces the time it takes to manage commercial customers by up to 90 percent.
How does the LexAlign Security Module fit in Nacha’s call for a New Risk Management framework in the Era of Credit-Push Fraud?
Fraudsters are exploiting security gaps in banks’ operations to access their deposit accounts. It’s called “Credit-Push Fraud” and it’s exploding.
LexAlign is designed to recruit bank customers to be the front layer in their layered security approach against fraud. After all, as Jane Larimer, President and CEO of Nacha said:
“All participants in the payment system, whether the ACH Network or elsewhere, have roles to play in working together to combat fraud.”
We recently met with Nacha’s senior network risk officer to discuss the scope of our forthcoming ACH Diagnostic and demoed our Security Diagnostic as it’s directly on point and responsive to Nacha’s call for A New Risk Management Framework for the Era of Credit-Push Fraud, which they say is now the greatest source of fraud loss across payment channels.
The LexAlign Security Diagnostic meets that call.
Credit-Push fraud works with startling success because customers have unaddressed vulnerabilities that make them susceptible to business email compromise and account takeover. LexAlign sensitizes them to the risks and responsibilities, alerts them to their particular vulnerabilities, and equips them in a uniquely effective way to improve their security and staff awareness, while automatically providing the bank with records demonstrating superior oversight and support in alignment with regulators’ stated expectations.
