7/18/08:  We are hard at work engaging vendors and finalizing the VMA application.  We have had great support from vendors and many of the industry’s largest CU’s.  Beta testing will begin August 1st with a select group of contributors.  Offical launch will occur following a post beta comments session.  We appreciate everyone’s patience and look forward to VMA’s formal launch.  As always, we are interested in everyone’s input. Please do not hesitate to contact us with any questions (vmalliance@cuispa.org)

PRESS RELEASE CONTACT:
Merry Pateuk
Director, Public Relations
800-932-7728

St. Petersburg, FL, May XX – PSCU Financial Services announced it has taken an early lead in  supporting the newly organized VMAlliance, an innovative vendor risk management resource sponsored by the Credit Union Information Security Professionals Association (CUISPA). This industry-wide information-sharing consortium, located at www.vmalliance.org, is scheduled to go live in the second quarter of 2008.
VMAlliance provides valuable resources and online tools to help credit unions efficiently manage requirements for vendor due diligence, risk assessment, monitoring, and regulatory compliance. This organization addresses the risks associated with not performing vendor management or regulatory compliance issues.
VMAlliance brings financial institutions together with solution providers and the NCUA in a consortium that establishes a standard methods for addressing the challenge of managing risk within independent company’s domains. The VMAlliance will define industry acceptable practices, provide due diligence, and eliminate the redundancy and lack of consistency currently associated with vendor management solutions. It evaluates vendors and helps ensure compliance with NCUA requirements.
Credit unions benefit from centralized vendor management, a compliance advisory network, industry standardized evaluation criteria, peer communication and ways to measure, monitor and control risk. Credit union vendors gain recognition for maintaining high standards and benefit from a centralized customer inquiry management system, consensus-based industry defined requirements, and overall reduction of unnecessary and costly assessments.

“This consortium delivers advantages for both credit unions and the organizations that service them,” said David J. Serlo, President and CEO, PSCU Financial Services. “VMAlliance leverages the industry’s cooperative characteristics to deliver a forum that helps vendors consolidate requests and meet industry-defined requirements, while simplifying credit unions evaluation and selection of vendors.”
Ray Murphy, Information Security Program Manager for Navy Federal Credit Union, adds, “VMAlliance is a great step forward in filling a void that has existed for years. Credit unions and service providers will benefit from the information made available through VMAlliance.”
Credit unions of all sizes can use the consortium to manage vendor relations, track contract details, contact information, set alerts, generate reports, manage risk inquiries, and communicate with peers. Credit unions can use VMAlliance to evaluate new vendors, review vendor specifics and gain input from other credit unions about a vendor.

About PSCU Financial Services
Based in St. Petersburg, Florida, PSCU Financial Services is the nation’s largest credit union service organization (CUSO) and serves more than 1,100 financial institutions nationwide. Established in 1977, the company provides a broad array of cost-effective, high quality financial services that include credit, debit, ATM, prepaid, bill payment and contact center solutions. It also provides full function ATM terminal driving services. For more information, visit the company’s Web site at www.pscufs.com.

AUSTIN, Tx., February 4- The Credit Union Information Security Professionals Association (CUISPA) is taking an industry-wide approach to Vendor Risk Management with the recent formation of the credit union Vendor Management Alliance (VMAlliance).

Announced February 3rd, at the CUISPA2008 IT Risk Management Summit in Austin, Texas, the VMAlliance has been established to bring credit unions, vendors, and regulators together to cooperatively shape risk management requirements, and bring clarity, efficiencies, and cost reductions to the due diligence process, for both credit unions and their vendors.

Details of the VMAlliance were shared with more than 120 of the industry’s top IT security officers at the recent CUISPA2008 Summit in Austin, Texas. Session panelists included Kelly Dowell, Executive Director of CUISPA, Robert Miles, ISO for PSCU Financial Services, Ray Murphy, Information Security Program Manager for Navy FCU, Joyce Crawshaw, representative for the BITS Shared Assessment Program, Joe Visconti, former NCUA executive of Visconti Consulting, and Andrew Taylor, of Jwaala, Inc.

“In an industry that relies heavily on third party vendors, this is an area that is in need of improvement and one that can benefit enormously through collaboration,” explains Joe Visconti, former NCUA executive and CUISPA Board Member. “The objective is to develop oversight processes that are effective and that can be shared, reducing duplicity. Duplicate efforts are expensive and non-productive. We are creating a program that includes cooperation from the vendor and the financial institution community that will define standards and provide due diligence in a more consistent and comprehensive manner.”

Dowell adds, “The goal of the VMAlliance is to centralize information and communication to define standardized practices and provide credit unions and the vendor community with a valuable resource to manage their relationships and the associated risk. We believe we are developing a solution where we can provide value to all stakeholders.”

The VMAlliance is under development with an anticipated launch date in Q2/2008. CUISPA is actively seeking input throughout the development process. For additional information logon to www.vmalliance.com

Source: Credit Union National Association

ALEXANDRIA, Va.(12/28/07)—On a number of occasions during 2007, the National Credit Union Administration (NCUA) has identified credit union due diligence for third-party relationships as a topic of key interest. The agency has wrapped up the year by posting examiner guidance on the subject.

The supervisory letter, “Evaluating Third Party Relationships,” is a summation of guidance on the use of third-party vendors to leverage their ability to provide services to members or customers.

Although posted to the NCUA website in late December as Letter to Credit Unions No. 07-CU-13, the guidance to the agency field staff was distributed in October. That is the same month that the agency said an increase of seven full-time equivalent employees would be necessary in 2008, in part, because of plans to increase monitoring of credit union practices that raise potential for safety and soundness issues—including third-party relationships and outsourcing.

The NCUA letter recognizes that credit unions use third parties for many types of services, including lending programs, regulatory compliance and electronic delivery. The agency endorsed the value of such relationships, and stated that it does not intend to stifle innovative use of the arrangements to meet members’ needs.

“NCUA’s goal is to ensure credit unions clearly understand risks they are undertaking and balance and control those risks considering the credit union’s safety and members’ best interest,” wrote David Marquis, director of the NCUA’s office of examination and supervision.

However, the guidance also states that even with proper due diligence procedures, a credit union can only mitigate, rarely eliminate, risks associated with outsourcing. It states that when examiners evaluate third-party arrangements, they should ensure a credit union has addressed the following areas in a way that is commensurate with their size, complexity and risk profile:

• Risk assessment and planning;
• Due diligence; and
• Risk management, monitoring and control.

The letter expands upon the agency’s expectation of the steps to be taken in each of these areas, and also includes a list of the numerous previous letters NCUA has issued on the importance of risk assessment and due diligence.The Credit Union National Association is studying all guidance on third-party relationships and soon will issue an analysis for credit unions.