Reader Question #1: How do CUs comply with e-mail storage and archiving legislation? How important is compliance in this area? E-mail compliance seems to be a particular mystery.
John Schooler, President, USERS. Valley Forge, Penn.
We're certainly not the experts in this area, but we know that portions of Sarbanes-Oxley and other legislation infer the need for e-mail security. While perhaps not regulations, standard business practices require you to be able to provide several years' worth of business records and e-mail would fall under that category, since it's a primary means of communicating with staff and members along with paper-based methods. Ideally, you should be using an e-mail archiving and journaling system that can write e-mails to offline media, search the entire contents of the archive from a single location, and provide appropriate purging controls. Besides archiving, it's equally important to ensure the security of e-mail. Your processes and controls should ensure that the e-mail system is only accessible by approved parties; that if remote access is permitted, it remains secure; and that if sensitive information is transmitted via e-mail, it is properly encrypted or password protected. Since e-mail is not an inherently secure means of transmitting data, members should be discouraged from sending e-mails that contain account numbers and other confidential information. USERS is among various suppliers offering an alternative to member e-mail communication; our Secure Messaging product allows members to send secure, encrypted messages using a Web-based form they can access from the credit union's home banking or other Internet applications. These products typically also provide for the retention of such messages for client-specified times.
Gary Daniel,SVP & General Manager
Credit Union Group,
Open Solutions Inc., Glastonbury, Conn.
This question highlights an important area that credit unions should consider when making any technology decisions. This issue is one that makes strong intuitive sense, but in so many cases is overlooked in the excitement and process of a new technology purchase. We're talking about a very simple assessment that highlights that any new technology purchase is only as good as the weakest strategic link in the technology chain used to deliver a business strategy.
An example would be where a credit union that purchases a feature rich, intuitive, and user friendly CRM/Business Intelligence application, but fails to realize that their core system can only provide a very limited subset of information into the system on an intermittent basis. Regardless of the parsing tools, the analysis tools and the member interaction tools that the CRM application has, it will be severely limited by (in this case) the core application that should be delivering a majority of the information available about the member. Moreover, the credit union's attempt to compensate for the weakness of the core system's information and analytical capabilities turns into another investment into another disparate database and application.
Another example might be when a credit union attempts to purchase unique, best of breed solutions for each of their functionality requirements. Individually, these applications may be feature rich and address an individual silo's needs, but when viewed for use by the entire organization, integration and the streamlining of processes is imperative. The costs associated with these integration projects may be higher than the initial product purchase. And the time to delivery may be much longer than expected and may ultimately not meet the organizations expectations.
Often, a simple enterprise-wide diagram of the credit union's information and technology environment can help to better address (identify) the institution in identifying the weakest link, the other investments and, correspondingly, their business goals.
If a credit union's core system was just designed to process a share deposit or a loan, but not architected to capture information and meta-information in a way that is useful for decision-making, the value and success of any third party application purchase will be severely limited. While it will likely be an improvement over not having any such application, the credit union's success will always be limited by the weakest link in the delivery of information at the point of member contact.
The following are a few questions that should be helpful in making sure technology decisions meet your strategic goals:
1) How will this technology purchase accelerate achieving your overall business goals when taken as a whole?
2) Are you trying to overcome a problem of an application's inflexibility, or limitations of another application? If so, should you begin with the heart of the problem versus masking it with another "bolt-on" solution?
3) Can the technology tool be used/shared by the entire enterprise?
4) Does the application serve all channels consistently?
5) Does the technology application provide actionable activities and deliver them to the front-line employees and all channels?
6) Does purchasing the application require additional middleware just to access information?
7) Can functionality be integrated into the workflow and transaction systems without heavy proprietary interface efforts?
8) Have you been presented with a complete high-level diagram of the entire technology infrastructure that highlights the components that impact your targeted business strategy?
Hopefully, the questions listed above serve as a good starting point in helping your credit union in the decision making process on your technology purchases and provide an increased appreciation of your institution's weakest technology link.