Credit Union Risk Management… CUNA Mutual Benchmarking Team

Credit Union Risk Management… CUNA Mutual Benchmarking Team - 2007
United Kingdom 2007 Credit Union Risk Management… “Is the method of management we use to identify, measure, and control risks that might threaten the international credit union movement, its members, employees, and volunteers!” Presented by: CUNA Mutual Benchmarking Team RMLearningCenter.com

Very Good! Let’s Review! RMLearningCenter.com

Tips for public speaking:
Know your audience wants and interests. Control your topic & promotions It’s not only numbers that count Conference breakout vs. fireside chats? Learn from experience, teach by examples! Set the tone and expectations early… Read chapter IV… RMLearningCenter.com

Outline Benefits: Features tell and benefits sell…
Encourage audience participation, but Control it! Be honest and admit what you don’t know.. Focus on “best practices” it reinforces good behavior and avoids a focus on negatives that only foster defensive attitudes! Keep it simple and down-to-earth… RMLearningCenter.com

UK CU’s are Normal: They don’t think it will happen to them..
They’re prone to ½ life and cynical attitudes that ignore reality. They want to be liked.. They’re real focus is on family and personal survival.. They prefer to be heard and not told… RMLearningCenter.com

The benefits from this session are many! We’ll discuss…
Risk Management fundamentals, The status of RM projects in the UK, Fidelity bond risk’ controls recommended for UK credit unions (To safeguard against Burglaries, Robberies, Frauds, Forgeries, Embezzlements, Scams, Plastic Card Fraud, Liability, etc.) The latest criminal “Methods of Operation” (MOs) in the UK, and we’ll update your… RMLearningCenter.com

Creating controllable crime scenes, Creating defendable zones,
Session Benefits at a Glance – Continued.. We’ll help you update your RM Strategic Action Plans for… Creating controllable crime scenes, Creating defendable zones, Integrating security systems, and Adopting “Crime Prevention Through Environmental Design” principles into your facility management program, and… RMLearningCenter.com

Session Benefits at a Glance – Continued
Session Benefits at a Glance – Continued.. We’ll help you update your RM Strategic Action Plans for… Developing Best Practices’ RM training for employees, staff and volunteers, Developing public-to-private partnerships with law enforcement, fire fighters, emergency government’ and homeland security’ personnel, and we’ll introduce 2007 Strategic Action Plans for… RMLearningCenter.com

Deploying an “Incident Command and Control at the CU Chapter level,”
Session Benefits at a Glance – Continued.. We’ll introduce 2007 Strategic Action Plans for… Developing a “Credit Union’ Incident Command and Control System” in 2007, Deploying an “Incident Command and Control at the CU Chapter level,” Updating credit union’ housing-in-place and evacuation protocols! And, We’ll discuss any risk that threatens the UK credit union movement! RMLearningCenter.com

Is our credit union part of any “branch banking” network?
Session Benefits at a Glance – Continued.. “We’ll use case studies to highlight what the crooks are doing and what we need to do to catch them!” For example… Is our credit union and chapter ready for the next natural disaster, terrorist attack, or pandemic? Is our credit union part of any “branch banking” network? What changes should we have made in your contingency, business continuity, and management succession plans since ? RMLearningCenter.com

Session Benefits at a Glance – Continued
Session Benefits at a Glance – Continued.. “We’ll use case studies to highlight what the crooks are doing and what we need to do to catch them!” For example… We know crooks are learning to use the internet to recruit and train. Are we? You’ll learn how to “reverse trace” and authenticate transactions, and how to analyze a written statement or internet scam. You’ll learn how to manage concentrated risks and exposures to reduce looting, burglaries, robberies, and frauds during and after natural disasters, terrorist attacks, or a pandemic. RMLearningCenter.com

Evolution Of RM and CU Movement - continued
1960s Robbery and burglary 1970s Forgery and check fraud 1980s Embezzlement and disasters 1990s Violence in the workplace Armed robbery, bomb threats and disasters Electronic commerce 2001 – 2003 Violence in The Workplace! Bomb Threats & Extortion Terrorism, Anthrax Scares, Threat of Biological Warfare Internet Fraud, Scams, Money Laundering and “Criminal Integration” RMLearningCenter.com

“After there was a quantum shift from proactively management risks to proactive planning to respond to any large scale community or country crisis!” Rich Woldt September 11, 2001 … Terrorists attack the World Trade Center in New York City, NY USA! 2005… The world is racked with tsunamis, hurricanes, earthquakes, tornados, bombings, and daily threats of future terrorist attacks. Emergency governments around the world adopted the Incident Command and Control System (ICS) as a response standard and NIMS to standardize response terminology. RMLearningCenter.com

“After there was a quantum shift from proactively management risks to proactive planning to respond to any large scale community or country crisis!” Rich Woldt Emergency governments around the world adopted the Incident Command and Control System (ICS) as a response standard and the National Incident Management System to standardize response terminology. RMLearningCenter.com

“After there was a quantum shift from proactively management risks to proactive planning to respond to any large scale community or country crisis!” Rich Woldt From all levels of government the order goes out to form effective first responder “Public – to – Private” partnerships. Critical industries are asked to set response protocols based on: A 72 hours stand-alone performance standard, Required housing-in-place performance standards, Required upgrade in high-rise evacuation standards, Demonstrated active community involvement in contingency planning with a focus on responding during a natural disaster, terrorist att RMLearningCenter.com

This is a “what if” exercise:
We use “what ifs” much like we use “worst case scenarios” and “reverse RM logic” So if… RMLearningCenter.com

This is a “what if” exercise:
We know the losses credit unions and the insurance industry experienced during Katrina, what if: All credit unions and members were identified by their zip or postal code? All victims had the following info stream on the left fore arm: (Zip code, name, age, medical disability, physical disability, destination land line number, personal cell phone #? RMLearningCenter.com

This is a “what if” exercise - continued
All CUNA Mutual bond/insurance files could be sorted by zip/postal code? All CUNA Mutual employees could be sorted by zip/postal code? All credit unions and CU chapters could be sorted by zip/postal code? All CU members could be sorted by zip/postal code? RMLearningCenter.com

Could we not than better…
Identify our bonded and insured exposures in harms way? Measure our potential claims based on exposure concentrations? Assemble and position response assets to include CUNA Mutual first responders? Track and indemnify victims, thereby reducing loss adjustment expenses (LAE) and CU extra expense? RMLearningCenter.com

Could we not than better…
Customize RM workshops, presentations, on-site analysis, etc. to regional and local area risks s RMLearningCenter.com

A Review of RM Fundamentals!
Let’s begin with… A Review of RM Fundamentals! RMLearningCenter.com

Risk Management fundamentals: Please define and explain the following:
The three RM steps? The two types of risk? The five RM controls? The two ways you measure risk? At least three “tools of transfer? RMLearningCenter.com

Risk Management “A Method Of Management”
“Our 2007’ goal is to speed up the process!” Identify Currency & cash items Measure Frequency & severity 3. Control RMLearningCenter.com

Two Types of Risks Pure Risks - only loss, never a gain
Robbery & burglary Embezzlement Other forms of dishonesty Fire and disasters Speculative Risks – You hope to gain, but you can suffer a loss New products, programs, services and laws RMLearningCenter.com

5 Risk Controls “Use them in the following order!”
Avoid Reduce Spread Assume and Effectively Transfer to Someone Else Insurance, Bonds, Hold Harmless Agreements RMLearningCenter.com

UL “fire resistant labels and/or equivalents, and
Risk Management fundamentals – continued.. Please define and explain the following: Underwriter Laboratory’s (UL) “burglary resistant” ratings and/or European equivalents, UL “fire resistant labels and/or equivalents, and How to rate an unlabeled container! RMLearningCenter.com

Money safes Currency vaults
The Evolution of Security Technology: Underwriter Laboratories Ratings – A Testing Standard Insurance Services Office ISO & The American Society of Industrial Security write “Construction Standards” It’s Burglary “Resistant” NOT Burglary “Proof!” Money safes TL-15 & “E” TL-30 TR-30 TRTL-30 TRTL-15x6 TRTL-30x6 Currency vaults 5R 6R 10R Type I, II, III Modular Class I, II, III RMLearningCenter.com

UL Records Vaults UL Record Safes
The Evolution of Security Technology: Underwriter Laboratories Ratings – A Testing Standard Insurance Services Office ISO & The American Society of Industrial Security write “Construction Standards” It’s fire “Resistant” NOT fire “Proof!” UL Records Vaults 2 hour 4 hour 6 hour Doors should equal the fire resistance walls, ceiling & floor! UL Record Safes Class A, B, C, D hour hour hour RMLearningCenter.com

ATMs & High Velocity Cash Dispensers
The Evolution of Security Technology: Automated Teller Machines “A Story of Evolution from the 1920s” Night Deposit Boxes Fish and trap resistant chute Dual locking container ATMs & High Velocity Cash Dispensers Business hour 24 hour level #1 24 hour level #2 RMLearningCenter.com

Door, lock, window, hinge-pin, security,
Risk Management fundamentals – continued.. Please define and explain the following: Door, lock, window, hinge-pin, security, Object, perimeter, and area alarm security, Internal and external alarm line security, and On-demand, CCTV, and digital surveillance systems! Discuss installation, testing, and maintenance standards for each of the above: RMLearningCenter.com

Embezzlement and “internal dishonesty,” Scams and “external fraud,”
Risk Management fundamentals – continued.. Please define and explain the following: Embezzlement and “internal dishonesty,” Scams and “external fraud,” Fictitious & unauthorized loans, Separation of duties, Reverse Tracing, Transaction authentication, Positive account verification, PIN & PAN controls RMLearningCenter.com

Dual-control procedures, Dual access controls, Key codes,
Risk Management fundamentals – continued.. Please define and explain the following: Dual-control procedures, Dual access controls, Key codes, Statement analysis Chip & Pin technology CVV & CVC CVV & CVC #2 Controlled Member Account Verification RMLearningCenter.com

Lapping and withholding deposits,
Risk Management fundamentals – continued.. Please define and explain the following: Cash flow analysis, Disaster recovery, vs. Contingency planning, vs. Continuity Management, vs. Event Management, Kiting, Lapping and withholding deposits, Cash letters & holders in due course, Mysterious disappearance, Spot-check verifications, etc… RMLearningCenter.com

How to do a back-ground investigation,
Risk Management fundamentals – continued.. Please define and explain the following: Phishing, PHarming, Skimming & refreshing, Identity Theft, How to do a back-ground investigation, How to use the internet to do RM research, How to do a credit check, How to trace transactions back to source documents! RMLearningCenter.com

A contract of “good faith,” Deductibles, Actual cash value,
Risk Management fundamentals – continued.. Please define and explain the following: A contract of “good faith,” Deductibles, Actual cash value, Replacement costs, Extra expense, Negotiable security, Barer instrument, Exclusions and endorsements, RMLearningCenter.com

The three most important points to make when writing an RMA report,
Risk Management fundamentals – continued.. Please define and explain the following: The three most important points to make when writing an RMA report, How to defend cash item storage recommendations, How to submit a “memo to file” or “incident report,” How to locate physical address for fire department and how to make emergency call, RMLearningCenter.com

How to take command and control of any life threatening incident!
Risk Management fundamentals – continued.. Please define and explain the following: The difference between a fire and a bomb threat evacuation, How to respond to an earthquake, tornado, anthrax scare, and bomb threat, How to handle an embezzlement suspect, and How to take command and control of any life threatening incident! RMLearningCenter.com

Duties of an “Underwriter,” Duties of a “Claims Adjuster,”
Risk Management fundamentals – continued.. Please define and explain the following: Duties of an “Underwriter,” Duties of a “Claims Adjuster,” Duties of an “Actuary,” Duties of an “Account Representative,” What do all the above have in common? Hint; They are all Risk M s! RMLearningCenter.com

Typical Bond Experience
Forgery 12% Employee Dishonesty 45% Robbery, Burglary, Theft, Fraud 20% Faith. Perf. 21% Miscellaneous 2% RMLearningCenter.com

Typical Bond Experience
Misc. 5% Robbery, Burglary, Theft, Fraud 40% Employee Dishonesty 13% Faithful Performance 3% Forgery 39% RMLearningCenter.com

Profile of the Credit Union Embezzler
Suspicious life style Can’t leave or relinquish control Tale wags the dog Overly religious Easily excited Works late and alone RMLearningCenter.com

Full of Rationale & Justifications I’m only borrowing, Others are doing it, I’m underpaid and overworked, That’s all I did, I’ll never do it again, Always has a need & looks for an opportunity. Knows he can escape or blame others. You didn’t tell me I was doing wrong, Has a “character disorder.” RMLearningCenter.com

Character disorder? We all have them, Can’t tell right from wrong, Seldom admit they’re a thief. Who can your trust? Grandma – grew her CU with bogus accounts Reverend - sold CDs to family and farmers, Uncle - stole member’s money, home and wife – “The dismembered member” Are you guarding your inactive and dormant accounts? RMLearningCenter.com

Embezzlers are all On A Path Prison!
Most starts small - Open cash drawer Common funds Withhold currency Lap deposits Kit using multiple accounts Manipulate family member accounts RMLearningCenter.com

Embezzlers are all On A Path Prison!
Use dormant & inactive accounts Transfer funds to accounts they control Use expense accounts Hide funds in GL clearing accounts Collection department fraud Most find their way to your loan files Unauthorized loans Fictitious loans RMLearningCenter.com

Internal Controls “Cash handling procedures”
Audit trails Dual verification Signed receipts, computer entries, etc. Pre numbered cash receipt vouchers Individually “locked” containers Combination and key controls Spare key controls RMLearningCenter.com

Internal Controls “Safeguard Your Reputation”
Dual controls Night depository Lost and found Smart safes & combinations Rotate and separate duties Require extended vacations Never post to your own account! RMLearningCenter.com

Internal Controls “Safeguard Your Reputation”
Passwords No one but you should know or have access to your passwords! Change it every 90 days! Train all Staff first day on the job! Supervisory override controls! Use and audit override printouts! RMLearningCenter.com

Forgery – Frauds – Scams & Your “run of the mill con-artist!”
Forgery controls when “face to face” Beware of bogus ID Require signed, pictured ID and verify details Teach signature verification procedures Fraud controls over landlines and Cell Phones Caller ID systems Ask open ended questions Call back procedures Fax security procedures Good luck Call Backs RMLearningCenter.com

Plastic Cards Fraud controls and technology
Card mailing procedures Card Activation programs PIN & PAN controls with member education “Personal identification number and personal account number” CVV & CVC “set to decline” Visa’s Card Verification Value (CVV) M/C’s Card Validation Code (CVC) All on-board - “neural networks” RMLearningCenter.com

Audit Controls “These should be Required”
Supervisory Committee Surprise cash counts 100% Member account verifications New account verifications Board of Directors Rotation & separation of duties Cross training to catch a thief Independent auditors report to the Board Fraud policy – Use it – Review it – Sign it RMLearningCenter.com

The Fraud Policy Honesty & Accountability
Sets tone from the top, Provides meeting of the minds, Defines what’s not permitted, Gives grounds for discipline or dismissal, Saves legal costs, Protects reputations, Review it, update it and Sign it annually! RMLearningCenter.com

To Catch a Thief! “These Should Be Required”
Credit Committee Separation of duties Loan officer minute controls New loan verification procedures Loan Audits Finger audits Collection audits RMLearningCenter.com

Fidelity Self Analysis “It’s Purpose and Evolution”
Deters and detects embezzlers. Start with canceled checks. Follow transactions back to source documents. Use forgery detection skills. Leads to a more detailed audits. Driven by logic and fraud indicators. Focus on quickly finding fraud indicators Have written action plans in case you find fraud! RMLearningCenter.com

Your Crime Fighter’ Goal? “Hold People Accountable for Their Actions”
Audit and Internal Controls protect -- Strong employees from fraud opportunities, Weak employees from temptation, & Innocent employees from suspicion! RMLearningCenter.com

How Do You Handle Suspects? “With Care and Compassion”
Never call them a crook! Notify Supervisory Committee! Focus on the facts! Consult authorities on how to proceed! Notify Bonding Company! Dealing with suspects: When, where and how! RMLearningCenter.com

Everyone wants your money! Common scams to get it:
Phishing Plastic Card Credit & debit cards ATM cards Lotteries & Sweepstakes Internet Auctions / e-Bay Telemarketing Nigerian Scams RMLearningCenter.com

Phishing IT slang .. But it really does mean fishing for information.
Account numbers at banks and credit unions Social security numbers Credit card account and security numbers Passwords Personal information; i.e. birthdates, parent’s names, affiliations, etc. “Spam” or pop-up messages & hyperlinks Appears to be from a legitimate business, online service or government agency. Links to genuine websites with legitimate pages; such as privacy policies or product information. 85% of all sent is SPAM – subsequently receive endless repetition of worthless text or pop-ups. RMLearningCenter.com

Phishing What to look for - How to protect yourself - Email Methods
Deceptive subject lines Forged sender’s address Genuine looking content Disguised hyperlinks Methods Deceptive subject lines Forged sender’s address Genuine looking content Disguised hyperlinks Steps to protection NEVER provide ANY financial or personal information NEVER click on hyperlinks with s Use Anti-virus software Keep software updated (automatic upgrades) Don’t open ‘strange’ Look for “https” and padlock on the site Clean up Spyware & Adware Learn about Internet fraud Check you credit report Ask for help Steps to protection NEVER provide ANY financial or personal information NEVER click on hyperlinks with s Use Anti-virus software Keep software updated (automatic upgrades) Don’t open ‘strange’ Look for “https” and padlock on the site Clean up Spyware & Adware Learn about Internet fraud Check you credit report Ask for help Web Site Methods Genuine looking content URL appears genuine Collection of information & use of forms Incorrect URL (not disguised) Pop up windows Trojans / worms / spyware Web Site Methods Genuine looking content URL appears genuine Collection of information & use of forms Incorrect URL (not disguised) Pop up windows Trojans / worms / spyware RMLearningCenter.com

Phishing Phishing e-Mail Spoofed fraudulent website Legitimate website
RMLearningCenter.com

Plastic Cards Do NOT give anyone your CARD Number
or 3-digit Security (CVV2) Code Credit & debit cards ATM cards CVV2 Security Code Be aware of your surroundings at ATMs Card not present transactions Verified by VISA Check the machine for unusual / suspicious things Shield the area when entering your PIN Be sure it’s well lit at night Do NOT give anyone your CARD Number or 3-digit Security (CVV2) Code Memorize your PIN – Do NOT keep it with your card Do NOT keep it in you wallet or purse Do NOT give it to ANYONE – not even your family members RMLearningCenter.com

Lotteries & Sweepstakes
(Advance Fee Scheme) Occurs when the victim pays money to someone in anticipation of receiving something of greater value. (“Something too good to be true!!!) Lotteries Sweepstakes “Found money” Work at home How it happens: notification with instructions on your “next step” USPS mail, often accompanying a check or money order with instructions Send money for validation of prize Deposit check, then wire funds for “taxes” or other redemption costs RMLearningCenter.com

Your credit union account
Lotteries & Sweepstakes (Advance Fee Scheme) Your credit union account Beginning balance: And now you owe the credit union $12,945.00 and the thief got $10,000 $ Deposit $15,000 $ 15,055.00 Withdrawal $13,000 $ 2,055.00 Returned $15,000 check - $12,945.00 2. Deposit it into your credit union account a. CU places a 7-day “hold” on the funds 1. Receive check in the mail for $15,000 4. One month later, the check is returned to the credit union as counterfeit 3. 7 days pass and you withdraw $13,000 a. $10, is sent via Western Union to the instructed person and bank number b. $3, is spent by you on bills RMLearningCenter.com

Another Lottery Winner!!!
Lotteries & Sweepstakes Super Complete Another Lottery Winner!!! New twist: Rather than requiring tax payments in the , the recipient is referred to an “attorney” who may assess a fee before a certificate can be issued. RMLearningCenter.com

(How to avoid the scheme)
Lotteries & Sweepstakes (How to avoid the scheme) Do NOT respond to them!!!! If it’s too good to be true …. It’s too good to be true!! Ask yourself: “did I enter a lottery?” “did I sign up for a sweepstakes?” especially in a foreign country !!! DON’T Play – Foreign lotteries are ILLEGAL! Legitimate sweepstakes do not request money from you for processing or taxes. Are there rules? If so, are they easily understood? Do they ask for your bank account number, SSAN or credit card number? RMLearningCenter.com

Internet Auctions / e-Bay
Both buyers and sellers have been scammed through the use of e-Bay or other on line auctions. Buyers - Sellers - Non – delivery of items purchased. Contact from buyers outside US. Misrepresentation of value. Counterfeit checks, money orders Fee stacking. Check overpayments Black-market / counterfeit goods. 3rd party agents Shill bidding. Use of Escrow accounts Second chance offers Demanding /contacts Use of Escrow accounts Offers to pay for shipment “Act now” pressure Disappearing item RMLearningCenter.com

Internet Auctions / e-Bay
- Avoiding Fraud - Understand as much about how the auction works as possible. Find out the actions the website/company takes if a problem occurs. Carefully examine the feedback of the buyer or seller. Evaluate the shipping requests. Arrange for payments – be careful of escrow accounts. Know your legal obligations. Protect your identity and your funds. Do not give out your SSAN or DL to the seller. Protect your credit card security numbers. RMLearningCenter.com

Counterfeit Checks RMLearningCenter.com

Counterfeit Money Orders Counterfeit Checks

HANG UP Telemarketing - Red Flags - If the caller tells you that ……
“You must act ‘now’ or the offer won’t be good.” “You’ve won a ‘free’ gift, vacation or prize, but you have to pay for postage and handling.” “You must send money, give a credit card or credit union account number .. Or have a check be picked up by a ‘courier’.” “Keep this confidential. There’s no need to discuss this with your family or your family attorney or accountant.” “You can’t afford to miss out on this opportunity.” RMLearningCenter.com

Telemarketing - Avoiding Fraud -
Buy only from known, or familiar, companies. Get the sales person’s name, business, phone #, address, and business license number BEFORE you purchase. Do NOT pay for services in advance. Don’t pay anything for a “free” gift or prize. Federal law prohibits payments for taxes. When giving to a charity, always find out the percentage is paid for commissions & administration expenses; and how much goes to the actual charity. Never give personal or financial information over the phone. Don’t be afraid to demand answers. Uncomfortable? … Just hang up! RMLearningCenter.com

Nigerian Scams Similar to an ‘advance fee’ scheme; Nigerian letter fraud also includes: Impersonation, or false identification of sender. Offers opportunities to share in a percentage of millions of dollars. Self proclaimed government official, wealthy exiled family or business exec. Difficulty in transferring funds from their country to the US. Request to contact them for interest. You may be encouraged to travel overseas to complete the transaction. Requests for “plain letterhead”, credit union account information and phone/fax numbers. Subsequent requests for “up-front” money. Often accompanied by fraudulent documents bearing Nigerian letterhead and officials’ signatures. RMLearningCenter.com

Nigerian 419 Scams RMLearningCenter.com

5 Rules for doing Business with Nigeria
Nigerian Scams 5 Rules for doing Business with Nigeria NEVER pay anything up front for ANY reason. NEVER extend credit for ANY reason. NEVER do ANYTHING until their check clears. NEVER expect ANY help from Nigeria. NEVER rely on US to bail you out! PLUS – one question …. Why would ANYONE in Nigeria (or anywhere else in the world for that matter) contact YOU for assistance to transfer their money into the US? RMLearningCenter.com

Some Statistics Top 5 Fraud Complaints for Wisconsin Consumers
Source: Federal Trade Commission RMLearningCenter.com

Who to Contact U.S. Secret Service (www.secretservice.gov)
Financial Crimes Division 950 H Street, N.W. Washington, D.C (202) U.S. Postal Inspection Service ( POSTAL INSPECTION SERVICE 433 W HARRISON ST FL 6 CHICAGO IL Phone : Fax : RMLearningCenter.com

Who to Contact U.S. Treasury Dept (www.ustreas.gov)
Bureau of Engraving and Printing th & C Streets, SW Washington, DC (202) Office of the Comptroller of the Currency ( Customer Assistance Group McKinney Street Suite Houston, TX FAX: RMLearningCenter.com

Who to Contact Federal Bureau of Investigation ( J. Edgar Hoover Building 935 Pennsylvania Avenue, NW Washington, D.C (202) Federal Trade Commission ( Consumer Response Center 600 Pennsylvania Ave., NW, H-130 Washington, D.C RMLearningCenter.com

Who to Contact Major Credit Bureaus: web request copy fraud unit
Experian experian.com (800) (888) Equifax equifax.cm (800) (800) TransUnion transunion.com (800) (800) RMLearningCenter.com

Thank You Rich Woldt Risk Management 007 RMLearningCenter.com

Physical security first Alarm security Surveillance & Access Controls
Risk Management fundamentals – continued.. Please define and explain the following: Physical security first Doors, locks, safes, and vaults Alarm security Object, area, perimeter - Line security Surveillance & Access Controls Discussion of installations, maintenance, and testing standards for 2007! RMLearningCenter.com

Risk Management Security Technology Evolving with the Movement!
“Credit Unions are driven to safeguard life, liberty and the pursuit of economic freedom.” As member services evolved so have regulations, security management methods and subsequent security technology: NCUA Regulation #748 – Minimum Security Devices and Procedures NCUA Regulation #749 Off-site Record Reconstruction Program RMLearningCenter.com

Risk Management Methods New, more effective crime fighting methods!
Facility Security Analysis: Crime Prevention Through Environmental Design (CPTED) Defendable Zones Security Integration Proprietary, Community, County, State & Federal, Chapters, Leagues, National Associations, etc. Controllable Crime Scenes, a trap that works! Casing puts you out in front! RMLearningCenter.com

Casing – Staying ahead of the crooks
Casing – Staying ahead of the crooks! “Walk-the-walk and you’ll Talk-the-talk” Crooks case targets to increase their probability of success. We case targets to solve crimes, correct security concerns, safeguard against the next crime, and increase the probability crooks will be caught, prosecuted, convicted, and sent to prison for a long, long time! RMLearningCenter.com

Hi-tech alarms and warning systems Digital surveillance
Combating terrorism, armed robbery & the fear of violence in the workplace! Defendable zones Hi-tech alarms and warning systems Digital surveillance Security system integration Best practices training GPS & Cellular Technology RMLearningCenter.com RMLearningCenter.com

2004 – There is a shift to – Proactive Risk Management The Evolution of International RM Projects
Accountability and Ownership Training Alternatives Self assessments, case studies and best practices! Casing your own crime scenes! Creating controllable crime scenes! Expanding to Community, County, Country and International Protocols! Pursuit through capture, prosecution, conviction and sentencing! RMLearningCenter.com RMLearningCenter.com

Revised Risk Management Principles, Current Methods and Updated Protocols 2004 and Beyond
CPTED - Crime Prevention through Environmental Design Security Integration Security Application & Technology Before, during and after disasters Community Response and Recovery Emergency Response Protocols Law Enforcement – Blue Team Fire, EMT, Hospitals – Credit Unions & Corporate America – Red Team FEMA, Red Cross, Salvation Army, HAZMAT, etc. – Orange Team Professional Associations and Support Groups ASIS, FCI, ACFEI, RMLC, chapters, Leagues, Associations, etc. Yellow Team RMLearningCenter.com

A “Zoned” response works best during a recovery operation
A “Zoned” response works best during a recovery operation. It’s easier to inventory and protect recovery resources, and position personnel to support either a strike or mission based operation. Traffic flows in one end of the site and out the other to minimize congestion, accommodate supply lines, decontaminate personnel and assist victims through triage, tracking them through hospitals and full recovery. Before Food Flows Out! After biological attack food and supplies flow in to critical incident command centers! Recovery personnel and resources flow in one end of the site and out the other! RMLearningCenter.com

Proactive Risk Management Methods, Strategies and Accountabilities
“Our goal is to harden criminal targets against criminal acts” And creating controllable crime scenes to reduce internal and external losses! RMLearningCenter.com

Violence In The Work Place “Credit Unions Combat Intimidation”
Policy & plans Tone from the top Communicated to all Set “no tolerance zone” Report & document Follow-up & document Train a response team All department managers Offers third party intervention RMLearningCenter.com

Threat Assessment Teams Document - Document - Document - Document - Document
Listen to co-workers Encourage reporting Keep confidential & demonstrate action Investigate immediately Review the records Document events and action taken Report to the “entire” crisis management team Follow-up! RMLearningCenter.com

Locate: Lockdown & Link
Family & Contingency planning – keeping in touch! Attackers divide and concur – Don’t let them! Locate: Tested contact numbers and verified schedules Tested answering machine procedures Sealed envelopes and updated itineraries School contact numbers and class schedules Neighbor names and contact numbers Lockdown & Link Private security, law enforcement and 3rd party intervention “Secured” landlines, fax machines, internet addresses, etc. EOC and Red Cross Tracking and intervention. RMLearningCenter.com

Experience has taught --- “Knowing what to expect will put you in control”
Smart criminals offer little time! Buy time & they’ll lose! They’ll be prepared to provide “Proof of life” Demand Proof the hostage is unhurt and alive. Take control! Tell them -- I must notify our auditor! He’ll call the police! I must involve others! I can’t control what they’ll do! I have people in my office. What should I do? How? Our policy requires me to tell my manager! What should I tell him? Ask open ended questions and take notes: Who, what, where, why and when RMLearningCenter.com

Continued: Hostage Survival – Take care of the family!
Assign one person as their advocate. Keep the family “fully” informed. Contact their physicians, if health is a concern! Protect family members from the media and unwelcome visitors. Use media effectively. RMLearningCenter.com

Hostage Survival Steps in the right direction!
Have a written extortion policy. Have a violence in the workplace team. Notify Others - according to policy and plan. Never go it alone. Contact Police and FBI! Request a Detective and trained Hostage Negotiator. Per plan, attempt to verify the person in fact has been kidnapped. Don’t over-reacting (Bogus busy signals, a change in plans, etc.) Do not be pressured to leave the building with money. You might be dealing with someone who just wants to commit an armed robbery. You’re the only witness. Prepare for a callback to see if the police have been called. Give your name to the dispatcher. RMLearningCenter.com

Continued: Hostage Survival – Make sure you following your plan!
Limit knowledge to your critical incident management team! Need to Know. Gossip will endanger the hostage Beware of an accomplice in the office. Beware of Media leaks Arrange protection and care for victim’s immediate family. Determine payment guidelines for authorities. The family decides to pay or not The credit union should have a board approved extortion policy (kept confidential). RMLearningCenter.com

Use professional negotiators (another voice).
Continued: Hostage Survival – “Whether you’re the hostage or part of the recovery team –” Take care of yourself! Rest when possible. Use professional negotiators (another voice). Avoid coffee & drink water! Exercise to keep alert. Accept – “You’ve done your best!” Remember family and call them. “This is a time to come together and stick together” Time to build a “Sense of Being in Control” RMLearningCenter.com

Forensic Investigation – Give me the facts - only the facts “You’re still in control when you get the call or receive the letter” Expect him to say -- We’re observing you! Ask how? You only have a short time! Ask how much? We’ll harm you and your family! We’re holding someone you care about! Ask who and where? You bring the money! Ask what if I can’t and ask for detailed instructions I want half a million dollars, now! Ask how can I get that much? RMLearningCenter.com

Forensic Investigations: Assemble “Pertinent” Information!
Current photographs in differing attire. Travel itineraries for past 30 days (Envelopes) Landline, cellular & pager numbers Health Records: Condition, required medications, allergies, distinguishing characteristics (tattoos, piercing, scars, etc.) Other contacts (family, friends, business Associates, recent visitors, tenants, landlord, neighbors, etc. Assess information hostage might provide: Financial & Other RMLearningCenter.com

Extortion Is your credit union ready?
Extortion policy and plan Involve law enforcement Notify board of directors All upper management and board Envelopes - bigger every year Cellular phone - technology integration Locate, lock-down, and link Defensive driving, walking, and alert living RMLearningCenter.com

Executive’ Protection Safety, security and survival is a 24 hour effort!
Identify and prioritize targets: Kidnap, Extortion, Robbery, Stalking and Terrorist Identify and prioritize “Motives” Attackers are driven by “motive” Money, currency, greenbacks and more money Confidential, top secret and proprietary information Anger, revenge, sexual attractions, opportunists Family & Contingency planning “keep in touch” Do you know where your family is? Do they know how to contact you? RMLearningCenter.com

Executive’ Protection Continued – Target Assessment When -Where & Why
Are you running like a railroad? Vary routes, times, persons and patterns Be inconspicuous and unpredictable Have you been lured from your zone? False alarms and home invasions Is your backup in place and ready to roll? Callback procedures and action plans Have family’ contingency plans been rehearsed? RMLearningCenter.com

Executive Protection “Getting Back On-board – Self Defense”
Learn to evaluate your surrounding and potential threats, “early.” “People waiting for the bus watch one direction.” Drive with windows up, doors locked, keep your space, and know a bailout route. Stop so you can see their back tires. Drive 5-MPH faster than they can run. Rear-end a squad car. RMLearningCenter.com

Executive Protection “The Art of Self Defense”
Martial arts: Learn from aficionados. Learn how to use your fingers, elbows, legs, arms, teeth, and body weight as a weapon. Invite a black belt to speak at your staff meetings. RMLearningCenter.com

Military Training Do you remember?
Staggering troops during search and rescues? “Move out alpha – Cover me bravo!” Using the vertical & horizontal butt strokes? Your basic “rear-strangle” take down hold? Following through to submission? RMLearningCenter.com

Executive Protection “Getting Back On-board”
Limit carry-on to what will fit under your feet. Select an aisle seat if you plan to fight, a window seat if you plan to hide. Select a seat near the cockpit if you plan to defend, and a seat near the back if you don’t. RMLearningCenter.com

Executive Protection “Getting Back On-board”
Identify your shield: Computer, briefcase, backpack, jackets, blankets, pillows and cushions. Identify your weapons: Hot coffee, anything you can throw, sharp objects, keys, your body is a weapon. Don’t hesitate. ACT and REACT until you’re in control. RMLearningCenter.com

Contingency Planning Disaster Recovery (1940s - 1970s)
Has evolved from Disaster Recovery to Business Resumption to today’s “Contingency Planning!” Disaster Recovery (1940s s) (Influenced Civil Defense Programs) 1970s NCUA #749 & off-site storage of vital CU records” Business Resumption (1980s – 1990s) Earthquakes & The New Madred Fault warning, Planning to survive a credit union disaster World trade center bombing 1993 Oklahoma city bombing 1995 RMLearningCenter.com

Has been driven by worse case scenarios!
Contingency Planning Has been driven by worse case scenarios! 2000 – Y2K Contingency Planning 9/11/01 – terrorist strike the word trade center The 9/11 impact on Contingency Planning RMLearningCenter.com

Set the “tone from the top”
Contingency Planning - Fundamentals: Building the solid foundation for your future! Set the “tone from the top” Or you’ll be pushing a rope uphill! Select appropriate plan writers and alternates, Or you’ll miss important details! Designate and train “Recovery” Teams: Damage Assessment Team (DAT) Disaster Recovery Team (DRT) Focus on “Your Worst Case Scenarios” Write plans that will help you survive, recover and grow! RMLC faculty recommend the “Parking Lot” Approach RMLearningCenter.com

Protect: Physical property from fire, vandalism, the elements, etc.
Contingency Planning – Four (4) “key” functions: “Recovery often depends on your focus, immediate action and plans that outline proven response protocols!” Life safety: First aid, evacuation, & tracking victims through recovery. Protect: Physical property from fire, vandalism, the elements, etc. Transportation: From danger to shelter, food, telephones and entertainment. Communications: Notifying friends, family and fellow employees. Includes proactively handling the media. It’s your shift to “Critical Incident Management” RMLearningCenter.com

Continued - Shifts to proactive Risk Management “A 3-Day program for stepping up to the plate!”
Day one – Shift from your “Standard Management” to “Critical Incident Management” mode! Immediately: Provide victim assistance, activate recovery teams, declare the disaster, establish communication links, set up EOC, ICC and staging areas and focus on taking control. Day two – Regroup, reevaluate, assemble facts and communicate facts via plan-approved channels. Begin the formal recovery process. Day three – Focus on getting back to work, and back to normal! Reach out to extended victims and set up a program to monitor the victim recovery process. RMLearningCenter.com

Chapter & Community Responses to Biological Attacks!
Before Food Flows Out! After biological attack food and supplies flow in to critical incident command centers! RMLearningCenter.com

Adopt a common methodology for all locations,
Contingency Planning – The “ Parking Lot” Approach! How to build the solid foundation your future depends on! Adopt a common methodology for all locations, It helps cross training and rotating staff, and Ensures a focus on critical services! Keep it simple, flexible, realistic and fun! Include and request input form all employees Use Bergee’s ABC & 1-2-3 Keep it confidential & secure! Schedule tests, updates, and Board approvals. RMLearningCenter.com

Questions Please Rich Woldt CPP, CFE Rich@RMLearningCenter.com
CEO- The Risk Management Learning Center ACFEI – Level III Certified Homeland Security Instructor Licensed Private Detective RMLearningCenter.com

Thank You! Rich Woldt CPP, CFE Rich@RMLearningCenter.com 608-712-7880
CEO- The Risk Management Learning Center ACFEI – Level III Certified Homeland Security Instructor Licensed Private Detective RMLearningCenter.com

Credit Union Risk Management… CUNA Mutual Benchmarking Team

Similar presentations

Presentation on theme: "Credit Union Risk Management… CUNA Mutual Benchmarking Team"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Credit Union Risk Management… CUNA Mutual Benchmarking Team

Similar presentations

Presentation on theme: "Credit Union Risk Management… CUNA Mutual Benchmarking Team"— Presentation transcript:

Similar presentations

About project

Feedback