South Atlantic Bank, a community bank in Myrtle Beach, SC with an asset size of 1.5 Billion and 170 employees, was grappling with a critical challenge: keeping up with regular security, permission, and authority reviews across their extensive network of banking systems. One of these systems was Jack Henry Silverlake, a core processor with over 3,500 permission options, adding additional complexity to the already cumbersome task. Kimberly West, the Information Security Officer at the bank, identified that the team often had to settle for minimum-effort reviews due to time constraints. She cited the limited hours in a workday as a significant hurdle to performing in-depth reviews, emphasizing that this compromise made them susceptible to human error and raised concerns about their adherence to FFIEC’s August 2021 guidance on authentication and other regulatory requirements.
“I was only doing the bare minimum reviews because they are time-consuming and there’s not enough hours in the day, and I was doing more frequent reviews but concerned about missing a change.”
- Time-Consuming Reviews: With 20+ high-risk systems, requiring regular scrutiny, along with the added complexity of the applications like the Jack Henry Silverlake 3,500+ permission options, the task was overwhelming.
- Risk of Human Error: The manual nature of these reviews and the complexity introduced by systems led to a high potential for mistakes.
- Compliance Concerns: Struggling to meet FFIEC’s authentication guidelines posed significant risks, including regulatory and legal repercussions.
- Cyber Insurance Risks: Inaccurate or incomplete reviews could jeopardize their cyber insurance coverage, and the ability to validate management of access to the principle of least privilege.
South Atlantic Bank adopted Finosec’s user access reporting solution, a system designed to automate the intricate process of tracking user permissions across a multitude of systems, including the complex core processing system.
“Finosec is the answer. There is a way to reduce the time AND have 100% accuracy. With Finosec, it is possible, efficient, and effective!”
Finosec’s focus on changes and privileged access streamlined the review process.
The solution was aligned with the FFIEC authentication guidelines, simplifying compliance maintenance.
With Finosec, the bank could more effectively prepare for future exams or audits.
Kimberly and her team experienced substantial time-saving benefits, allowing for more strategic work.
The risk of human error was drastically reduced thanks to automation.
Armed with detailed and precise reports, the bank felt more confident going into regulatory exams or internal audits.
The bank is now better poised to meet FFIEC guidelines, reducing its exposure to legal and regulatory action.
The accurate and comprehensive user access reports facilitated accurate completion of cyber insurance questionnaires, reducing the risk of claim denial.