Due Diligence Response

Purpose

This document is intended to provide information relevant to customers of The Bankers Bank (the Bank), particularly those who use the Bank’s iWeb system. Given the nature of services provided by the Bank, certain documents cannot be released due to their sensitivity and the risk associated with releasing them outside our organization. Accordingly, we will respectfully decline requests for materials such as network diagrams, firewall configurations, and disaster recovery procedures. Items that may be of interest for due diligence purposes are included in the Documents section. To streamline the process, the narrative that follows contains links to the referenced documents.

Financial Information

The Bank is owned by Bankers Bancorp of Oklahoma, Inc. (Bancorp). Bancorp’s financial statements are audited annually by an independent public accounting firm. Audited financial data is contained in annual reports located on the Bank’s public website. As regulated entities, Bancorp and the Bank file financial reports publicly available through the FFIEC. Refer to Annual Reports and Summary Financial Data.

System and Organization Controls (SOC) Report

The Bank contracts with an independent accounting firm to examine its description of the iWeb system and the suitability of the design and operating effectiveness of controls to achieve related objectives contained in the description. The SOC report contains descriptions of the Bank’s control environment and the iWeb system, including authentication, workflow, disaster recovery, physical and network security. User control considerations are included and should be specifically reviewed and incorporated into control processes at the user’s organization.

Audit Program

In addition to the internal audit and control programs described in the SOC, the Bank contracts for regular audits of its information technology environment. Other external audits dealing with social engineering and network security are also conducted. Results are provided to the Audit/Risk Management (ARM) Committee, a board committee. Any required follow-up is monitored through a management committee and reported to the ARM Committee.

Regulatory Examinations

As a regulated financial institution, the Bank is subject to examinations by State and Federal regulators. Examination results are confidential and may not be shared with outside parties. The Bank was previously designated a Technology Service Provider (TSP) subject to the FFIEC’s examination program for TSPs. The TSP report of examination is available to customers upon request from their federal regulator. Effective December 2015, the Federal Reserve excluded the Bank from the TSP program. As a result, the August 2013 exam report is the last report available to client institutions.

Information Security

The Bank maintains an information security policy and program, which is approved annually by the board of directors. The program contains requirements for: development of a risk assessment; physical and logical access controls; security of data transmissions; dual control procedures; and, monitoring systems. The program also calls for employee training related to information security and acceptable use policies. Tests are performed based on the risk assessment. Incident response plans are incorporated into the program.

The Bank has developed and implemented an identity theft prevention program designed to detect, prevent, and mitigate identity theft in connection with the opening of or access to covered accounts. If the Bank detects red flags associated with a customer’s covered accounts, we will notify the customer as soon as possible.

Disaster Recovery

We have a formalized business continuity management (BCM) program, written as a guide to ensure the safety of bank personnel, the Bank’s assets, and all customer information. The BCM program includes, among other components, risk assessment, business impact analysis, strategy and plans for management succession and response to pandemic threats. The program is updated as necessary to incorporate lessons learned from exercises and events. Our business continuity plan is approved by the board of directors, reviewed by auditors and examiners, and tested. Refer to the Business Continuity/Disaster Recovery Tests which contains a description of tests conducted during the last calendar year.

Following a disaster, our goal is to continue offering essential services for our customers while assuring the safe and sound operation of our bank. In the event of a disaster or other significant event, we will keep our customers informed by posting updates on iWeb and/or our public website. Refer to Business Continuity and Security Summaries and Emergency Procedures for more information.

Privacy / Information Security

The Bank will not share customer information with outside companies or agencies unless it is necessary to process transactions, respond to a request initiated by the customer or we are required to do so by law or court order. Summary information concerning protection of customer data is contained in Customer Information Safeguards.

Insurance

The Bank maintains appropriate liability insurance, including financial institution bond.  Refer to Certificate Of Insurance for more information.

Other Documents

Other items located on the Bank’s website that are relevant to vendor management include ACH Audit Letters (annual) and iWeb User Information. Please note that Regulation F information is contained in the quarterly Summary Financial Data report.

Print Friendly, PDF & Email

 

You are now leaving The Bankers Bank

The Bankers Bank has no control over information at any site hyperlinked to or from this site. The Bankers Bank makes no representation concerning and is not responsible for the quality, content, nature, or reliability of any hyperlinked site and is providing this hyperlink to you only as a convenience. The inclusion of any hyperlink does not imply any endorsement, investigation, verification, or monitoring by The Bankers Bank of any information in any hyperlinked site. In no event shall The Bankers Bank be responsible for your use of a hyperlinked site.

You will be redirected to

Click the link above to continue or CANCEL