Agencies to Host Webinar on Cyber Security Notification Rule

The Federal Reserve, FDIC and OCC will host a joint “Ask the Regulators” webinar on Thursday, April 28 at 1 p.m. CDT on the recently finalized computer security notification rule, which has a compliance deadline of May 1.

Webinar participants can email questions in advance to [email protected], and questions submitted prior to April 20 will receive priority for responses by panelists. The webinar will also be made available for future viewing. Register for the webinar.

Four ways banks can successfully de-risk legacy application cloud migrations

Most retail banks have begun migrating applications to the cloud as part of a digital transformation journey, but when it comes to business-critical legacy applications, some have decided it’s too risky. But is doing nothing riskier than taking the plunge? At this point, the answer is yes.
Retail banks are facing a whole new generation of customers with new expectations and preferences. For these customers, it won’t be enough to digitize current applications. Instead, they must deliver new digital experiences that integrate financial activities seamlessly and are easy to use on mobile devices.

Banks that don’t deliver these types of experiences, or wait too long, risk losing ownership of their customers to progressive banks as well as a whole new generation of fintech companies that, like the young customers they serve, were born digital.

Big tech companies such as Amazon, Google, and Apple are also growing threats: They already provide seamless digital experiences to their customers and increasingly are adding financial services to their list of offerings. The stakes are high. If today’s banks that lose their customers to more agile, digitally savvy competitors—as McKinsey recently noted in its annual review of the banking industry—they will be relegated to the role of “balance-sheet operators.”

Still, banks’ “cloud hesitancy” is understandable. The typical retail bank has hundreds or even thousands of applications that have been running in on-premise data centers for decades. The analysts and developers who originally wrote the applications left the banks ages ago and there is little or no documentation to help banks understand the business logic, infrastructure and interdependencies of the applications—essential elements of successful cloud migrations. This lack of visibility and understanding make it difficult if not impossible to assess which applications can be moved safely as they are, which ones should be modernized before they are moved and which ones should not be moved at all.

While the risk of migrating legacy applications to the cloud can never be eliminated entirely, here are four steps banks can take to pave the way for smooth transitions:

1. Create a detailed plan
This is a statement of the obvious. But the key to successfully migrating legacy applications to the cloud is to create a detailed plan. The plan should include an evaluation of all legacy applications and their myriad dependencies, including data sources. A checklist that identifies all data sources, and which sources must be connected to each migrated application that depends on them, is essential.

It’s also important to set aside a time block during which on-premises and cloud versions of migrated applications run side by side, so, if anything goes wrong, a backup is still in active operation. An on-prem application should not be decommissioned until you can verify that the migrated application is running well in the cloud, based on a set of criteria developed in advance.

2. Know that most of your legacy applications will need to be modified for the cloud
Legacy applications that sit on legacy operating systems or proprietary hardware systems will need to be modified to run in the cloud. Examples include applications currently running on mainframes or engineered systems that can’t be rehosted and those that require a load balancer to distribute network or application traffic across a number of servers. These applications will need to be re-platformed before being moved to the cloud. With re-platforming, the applications remain essentially the same, but changes are made to ensure they can function well on the cloud platform.

In addition, the design of some applications or the infrastructure they depend on might prevent them from being able to comply with security policies and protocols in a cloud environment. These applications will need to be refactored or rebuilt before being moved. Refactoring involves making changes to applications that make them better suited for the cloud. Rebuilding might involve rebuilding the entire application.

3. Accept that some applications cannot be moved to the cloud
Applications that depend on high performance and low latencies to function well likely cannot be migrated to the cloud. They can perhaps be modernized, but they should remain in the on-prem data center or shifted out to the network edge.

4. Start small and simple
No matter how well planned a migration project is, things still can go wrong. Starting small and simple allows your staff to practice, learn, become battle-tested and build confidence before tackling the larger, more complex business-critical applications. At least two rounds of migrating relatively simple workloads are recommended. Examples of simple workloads include email, collaboration programs and applications where data has been decoupled from main servers.

Bottom line: The clock is ticking for retail banks to move to the cloud. And while the first steps of legacy application cloud migrations are the hardest to take, the good news is that none of the challenges are without solutions.

Chinmoy Banerjee is corporate vice president and global head of banking and business process services at Hexaware Technologies. Original story linked here.

Podcast: The economic realities underneath every ordinary decision

It’s National Financial Literacy Month, but on the latest episode of the ABA Banking Journal Podcast—sponsored by IntraFi Network—Matthew Hennessey digs into the literacy that undergirds financial literacy: the basics of economic decision-making, from prices and markets to preferences and specialization.

“The main lesson at the heart of economics is that life is about tradeoffs and that economics is about choice,” Hennessey says. “When we make a choice, it almost always means we’re giving something up that we value.” In the newly released book "Visible Hand," Hennessey—deputy op-ed editor at the Wall Street Journal—illuminates these concepts in a self-described “avuncular” style designed to help average Americans understand how they make economic decisions every day and to appreciate the free enterprise system that lays atop those decisions. Listen to the episode here.

CISA Tip of the Week: Social Engineering & Physical Security

The following tip was provided by our friend, Jim Edman, CISA Cybersecurity Advisor for South Dakota.

We spend a majority of time talking about the software and hardware vulnerabilities and related aspects of cybersecurity. It’s important that we remember the physical aspects also. Though we are a small state and considered by some to be somewhat geographically isolated, a critical aspect of cybersecurity continues to be the physical aspects. Reports surfaced this week of Russian nationals attempting to gain access to critical infrastructure facilities across the country. Recommendations for in-person and voice I/T support include:

a. Anybody can create a badge and a logo – don’t believe an identification on its’ own; Ask for multiple forms of identification (business cards, driver’s licenses, company contacts, etc.). Always ask for credentials to identify the individual and company they represent;

b. Find a phone number on their web site to call for confirmation.

c. Who made the call for I/T Support? Somebody from your organization would have to have made a request;

d. What is the specific problem? The more they talk, the more likely that their ‘story’ gets weaker;

e. Ask for the individuals Manager & phone number (during IRS audits at state government, I routinely asked for badges & supervisor’s phone numbers. I would then call the auditor’s supervisor for verification). If doing a security audit – shouldn’t we practice what we are promoting? Don’t feel bad about getting additional confirmation.

We once contracted for a physical audit/social engineering exercise. The contractor was able to get carte blanche access to the facility because of the attacker’s gender, she had a badge and she talked the business. Sometimes our ‘customer service’ nature overrides our security concerns. I/T support staff will respect the additional safeguards your organization does to practice good cyber hygiene!

Last Call: IRA Forms & Reporting Webinar - April 19

The IRA Forms and reporting and builds on the attendees’ knowledge of IRA basics to address some of the more complex IRA issues their financial organizations may handle. This course includes how to set up inherited IRAs, reporting in the year of death, RMDs and death distributions, we will also discuss complex case studies. This is a specialty session; some previous IRA knowledge is assumed. The instructor uses real-world exercises to help participants apply information to job-related situations.

The webinar will be held on Tuesday, April 19 at 10 a.m. CDT and will last about 90 minutes. Cost is $75.00. The Zoom link will be emailed to registrants on Friday, April 15. Click here to register.

Last Call: This is How We Roll - Pierre Meeting - April 21

No, seriously...there really IS such a thing as a FREE LUNCH, and it's hosted by the SDBA! Join us in Pierre next Thursday, April 21 from 11 a.m. to 3 p.m. CDT at Richie Z's Brickhouse BBQ & Grill. We're chatting all-things-SDBA...really honing in on the value of engagement in the SDBA. Member engagement proved invaluable this past legislative session as we battled bad proposed policy in SB 182 and HB 1314. When SDBA President, Karl Adam, called on bankers to contact their legislators to strongly oppose these policies, the response was enormous and helped influence the needle of change in our favor. Continued engagement from our members will help continue positive influence in our industry, but we need your help. Join us for lunch, stay for and update and be entered for a summer-necessary prize! Click here to register! Other meeting dates and locations are below:

• Click here to register for Sioux Falls – April 27
• Click here to register for Aberdeen – April 28
• Click here to register for Rapid City – May 4

Order Service Awards ahead of Annual Convention!

The SDBA will honor and recognize those bankers with 40 or 50 years of service in banking during its Annual Business Meeting on Wednesday, June 15, 2022, at the Annual Convention in Bismarck, ND. Years of service awards can also be awarded at the bank. To request an award for someone who has been in banking for 40 or 50 years, please complete the form. The deadline is submit an award to be presented at the 2022 Annual Convention is May 13, 2022. Contact the SDBA at [email protected] or 605.224.1653 if you have any questions.

SDBA to Host Crypto Webinar - May 9-10

Bitcoin, Crypto, Blockchain, NFTs… In the last few years, these words and concepts went from discussions had on the fringe to common, everyday conversations. Join us, in partnership with the ABA, NDBA and Wyoming Bankers Association, on May 9th and 10th as we turn to our distinguished panel of experts to help demystify the latest information surrounding the future of money and help financial services professionals navigate this new reality. To register and review the full schedule, click here.

Compliance Alliance logo

Compliance Alliance offers a comprehensive suite of compliance management solutions. To learn how to put them to work for your bank, call 888.353.3933 or email and ask for our Membership Team.

For timely compliance updates, subscribe to Bankers Alliance’s email newsletters.

SDBA eNews Archive
View past issues of the SDBA eNews

Advertising Opportunity
Learn more about sponsoring the SDBA eNews.

Questions/Comments
Contact Natalie Likness, SDBA, at 605.224.1653 or via email.