The Banking Buzz: Staying Audit-Ready: How Alogent’s ECM Suite Strengthens Compliance

Hello all and welcome to today's webinar. My name is Cara Telkut and I am the Marketing Communications Coordinator here at Allergan. I'll be your moderator for today's webinar. We'll be going over how to strengthen your compliance efforts and ensure that you're audit ready with Alligent's comprehensive ECM suite. We have two great speakers here with us today to share their insights. Jamie Biggs, our sales manager for AccuAccount and Cameron Marks, the director of product management for FastDocs. If any questions come up during the webinar, feel free to type them into the chat box. We'll have a designated Q and A segment at the end to answer any questions that may come up. And with that, I'll hand it over to our speakers to kick things off. Great. Thank you, Kara. So just reviewing our agenda for today, we'll talk a little bit about, who is Allergen and where do we play in the market and how, do we bring products to market that benefit our banks and credit unions? And for today, we'll talk about, audit and compliance and the relevance that our ECM products have in that space and and some of the obstacles that our financial institutions run into. And then we'll dig into a little bit of a feature showcase on our ECM products and how, potentially those help you solve problems in your in your organization around, audit and compliance. So at Allegiant, we we bring new approaches and technologies and solutions to market, really, with the goal of enabling efficiencies in the operations, areas of your financial institution. In automating the ecosystem, Really, Alligent excels in payments and deposit solutions, digital banking. And with today's focus on auto and compliance, we're really gonna center on our electronic content loan management solutions. Now each of these product areas at Alligent, they don't merely exist as product silos, but they serve to create a technical ecosystem, with common integration points and a cloud hosting capability, and and all of this under the umbrella of of data security as an overarching principle. And so beyond our solution platforms, we have a broad base of, banks and credit union customers on our platforms. And some of the challenges that that come with, with audit and compliance are are things that we'd like to dig into as they relate to our our content management solutions and help us at Allogene guide our investment in our solutions, as we add features to to our existing products. So at this point, I'm gonna hand over to Jamie to talk about, some of the current challenges with audit and compliance. Absolutely. Thank you, Kim. So we see several challenges come up very regularly with our financial institutions. So just a quick review here of what we see come up very often, challenges with managing logs. Who is responsible? Where are they gonna be stored? How are they organized? Are they on a schedule? How often do they need to be pulled? So there are several, challenges around managing logs. Also, paper audit files. They take hours and hours to prepare. So, you know, once you pull those paper files, verifying everything is there, finding lost files when, people have those files checked out and there's, you know, certain documents in people's desks and whatnot, and then the challenge of refiling everything after the audit is complete. So those paper audits take a very long time. We have exception tracking challenges as well, especially on commercial loans just because of so many documents that are reoccurring or expire within these files. And spreadsheets aren't always kept up to date. Employees forget to make updates to them. You have to manually add, update, or move items. So just struggling to stay up to date on reoccurring documents such as financials comes up very often. For document and account access, we're always looking at how are demographic how's demographic information managed, who has access to those, what about employee files, who has access to specific documents, and how do you restrict that access. So that that's a big challenge is coming up with ways to manage that information. And then retention. So also having to come up with ways to track retention on accounts and documents, how are documents that need to be kept permanently handled. So several challenges, around audits and compliance. So Cam is gonna go ahead and talk about some of the common findings that we experience as well. Yeah. Thanks, Jamie. So some of the common findings in an audit and compliance, particularly under an audit, findings around weak access controls, the loan and underwriting document issues, incomplete or missing documentation, or policy exceptions that weren't properly approved. And then also the segregation of duties, making sure that people, only have access to the data for which they they need to fulfill their job functions. So so some of these common, audit and compliance findings are related to the document and content management, that support that support banking activities, and they're they're in the areas of access controls for documents and content. So with recent clarifications to the Dodd Frank Act and Fair Lending Enforcement, it highlights the need for appropriate access controls, to borrower information collected during the loan application process. And then with respect to underwriting and documentation issues, findings reflected a need to accurately track documentation and exceptions, related to that lending process, as well as that proper documentation and approvals around those those policy exceptions where you deviated from a standard policy that needs to be, supplemented with with the proper approvals. And then implementation and enforcement of the that segregation of duties is a common finding and something that, really, we look to, a software solution to help us implement from a policy perspective. So now we'll talk a little bit about, the Allegiance solution. So in light of the the challenges that Jamie discussed and and some of the common audit finding findings that I related, we want to explore Algent's products and highlight some of the capabilities of our ECM solution. So Jamie will do a deeper dive into integrated exception tracking and the benefits and capabilities of of Algent, products associated with this part of your commercial lending process. And then from there, I'll explore, the impact of automated retention along with granular permissions and security at the document level. And then Jamie will wrap up showcasing, audit logging, reporting cape and the reporting capabilities, of the ECM Suite. So now I'll hand back to Jamie for some of this feature discussion. Absolutely. Thank you. So we're first gonna talk about the integrated exception tracking that is offered for our products. And a big part of this is tying when you're collecting these document images together with the exception tracking that you're going to see on your reports. So for the imaging, especially being commercial lending focused, we will have prebuilt document exception structures that drive your requirements either by customer or member or your loan and collateral types. That's really gonna drive what documentation is going to be required and what you see tracking on your reports. We have several ways that we can get documents into the system. We have integrations that can be set up to bring in documents, if you're doing an LOS or an esign product, if you're using another third party, we can bring in those documents automatically. We offer different options for paper files. So desktop scanning, barcode scanning, batch scanning, using your multifunction devices, several different ways that you can get those documents into the system. We also offer traditional upload of, electronic files and drag and drop features. So that's really nice when you get a document emailed to you that you can take that attachment from your email and drag it right into the software. You don't have to save it. It's a very quick process for getting those documents into the system. So around all of this, we have, restrictions, based on the Dodd Frank app tying into the document security when you're adding these items into the system. So this will restrict access to these document images for specific users that you specify. So you have complete control over what documents are going to be visible, for different items that need document security. That could also be on employee files. So when we're collecting those document images, that ties into our integrated exception management. So we have several types of exceptions that can be tracked in the system. We have missing exceptions. So what's nice about this is once document structures are prebuilt for a specific customer or member type and then your loan types, collateral types, we will go you're gonna track anytime a document is missing. So we will truly look at if an image is or is not there. If it is not there, it's going to track a missing exception on your reports and on your dashboards. Once you image that document, it automatically clears that item right then and there. So you're only having to manage the document images in order to track exceptions. You never have to go in and do separate work on your exceptions. And the second item you see here is for expiring documents. So these are gonna be actual documents that truly do expire in your system, such as an insurance an insurance document. So when that file gets imaged, you'll enter the expiration date of that document, and we're going to track an exception based on that information. So once the document expires, that's going to start tracking on your dashboard and on your reports automatically. You can also set up a lead time on those. So if you want something to track ten days before, thirty days before, maybe it's a UCC you wanna track a hundred and eighty days before. You have full control over those lead times, and those will start showing up on your reports that far in advance. Once you collect the new item and you update the expiration date, that automatically clears the exception. So once again, you're only updating the document information, and all the exception tracking happens behind the scenes automatically so you don't have to do anything manually. We also offer task exceptions, which are truly that. They're a free formulae that you can track something in the system on your reports or on your dashboards. So this could be as simple as you need to call the customer, you need to do an annual review, you're you're missing something, you wanna take the customer out to a to lunch. I mean, it really can be whatever you want to track, and it's a nice way that you can add something custom and build reports around that information. We do automated reporting for any type of exception that tracks within your system. And what this means is you can set up unlimited subscriptions to these reports to be emailed out on a regular basis. So if your officers need to get their exception report every Monday morning, your branch manager needs to get it monthly, your regional needs to get it quarterly. You can set up all these different subscriptions on any schedule that you would like so that the exceptions can be worked right from that email report. They don't technically ever have to get into the software. We also tie notices to all the exceptions that are tracking. So you can go in and define when you want a notice to be generated out to your your member or your customer, or it can be sent to a third party to collect that information. And it will also combine multiple exceptions onto one letter for anything that's tracking for that member or customer's page. We do keep a history of those notices that get generated, and we are just now releasing a new feature where you can do staged notice letters that'll let you build a first, second, and third notice to be generated out to your member or to your customer. So that's a high level on the exception management, and Cam is now gonna jump in and talk about retention. Great. Thanks, Jamie. So with respect to to retention, it's, it's a key component to, your document, document management policy. Can be regulatory and compliance mandated, and certainly would need to fulfill your internal policy. So by identifying and implementing your institution's retention policy as part of your ECM implementation, this enables you to use the solution to enforce your policy. And so by doing this, it takes the human error element out of the equation and applies your policy uniformly and enables document document management, or account specific, permanent, or per even permanent retention decisions. And all of those decisions are made to match your policy and and regulatory requirements. Additionally, this can be viewed directly in the user interface, specifically in your my recent documents. Documents that you've recently interacted with, you can see specific retention and expiration assignments for documents that you've re you've recently viewed. And then additionally for you know, ideally, this is implemented, as part of your, your implementation process, and you've reviewed your policy and worked with Alligent staff to to deploy that as part of your your document templates. For existing customers that need to modify, those retention or storage, assignments, we have, a tool called our storage class maintenance tool, and this can be used to adjust retention rules, for existing documents within the system. Now, from there, we'll talk a little bit about security. So taking a multifaceted approach, to document security, that serves to ensure the segregation of duties that we talked about earlier. And, this can be implemented within your organization. Document access can be controlled, based on the document type along with metadata on the document and controlled through in also controlled in the document itself through redactions. So an employee designation, can also be applied for in entities within the solution, and this serves as an additional layer of of security. And then document security is mediated by, user and role based, authorization. So when practical implementation is part of, a document template, a default security group can be defined for each document type, And then this metadata is accessible in the document content viewer, as shown here in the security group assignment for documents coming into the system. And furthermore, should documents document information, need to be redacted from a document, that redaction, can apply an elevated security authorization. And the impact that this has is that it implements your your your compliance policy ensuring that only authorized individuals have access, to information, and and that in that access is defined by their job functions, required to perform their duties. So with that, I'm gonna hand back over, to Jamie to talk about our audit module. Perfect. Thanks, Cam. So the audit module is a great feature. We talked about how long managing paper files can take when you're building out these audits. So really using an automated system when you are imaging your documents, takes preparing for audits from days to just a couple hours or less. If it is something a little bit smaller, it can even take minutes to build these audits because you're just going in and searching for the files that you want to be included, and then you can give your auditors that specific information without allowing them into your imaging system whatsoever. You can build out these audit files based on your customer or member information, the loan collateral or account information. You can even narrow down specific documents that get included in these audit bills. So there are options for exporting this data, viewing it. If your auditors are on-site, they can be given the URL directly to this information without having access into your imaging system whatsoever. These audits can also be put on a disk, a jump drive. They can be up uploaded to, a secure FTP site. So there's a lot of different options for getting this audit information over to your auditors or examiners without allowing them access into your system. So it really does restrict what they can see, so they're only getting their requested information. And, again, the bigger part of that is just how much time it's going to save you building out these audit files. Then jumping into reporting. So we have several reporting options that are available. Any of the reports can be pulled on demand or they can be set up on a subscription schedule, as I had mentioned earlier. Some of the, different reporting options that we see available, we have the user access report. So this allows you to see exactly what your users are getting in and accessing, what when they're getting into the system, what permissions they have. So there's a lot of different reports built around that user access. We also have document access reports where you can track what documents are being viewed or what documents are being edited in the system. So you can see everything being done within your imaging system. We have exception reports, which are probably our most popular reports that are used to track all of your missing and expired items. You can set up aging reports. You can go in and track how long the items have been outstanding, the automated reporting again to send those those, reports out in an email on a regular basis. And you can create your own reports as you see here. We have a report that gets created, and you can build what columns you want, how it's sorted, do different filtering options. You can move around your columns. You can do anything you'd like in these reports to generate exactly what you're wanting to see. So these can be exception reports. These could be data reports if you wanted to see, you know, all loans that are booked in the last ten days. You have your audit log reports, audit trailing reports for documents. And then again, these could be emailed. You can share them with other users. You can export the the data and so on. So you really have a lot of flexibility with what you can do on these reports to help manage what information is being accessed and organize that that data so that you're getting it on a regular basis. So we're gonna go ahead and wrap up now, by looking at, any questions that you have, and I'll turn this back over to Cara. Thank you so much, Jamie. Looks like we had a couple that started coming in. First off, are there guidelines or best practices for document retention that you can share with us? Yeah, Carol. I'll take this one. Yeah, there are absolutely some guidelines that we can share with with our with our customers. Really, this centers around, using the software to implement your policy and taking a look at the types of documents stored within the system, the regulatory requirements around the retention of those documents, and your internal policy, and incorporating all of those, factors into, the assignment of a retention period for documents. Thank you. Let's see. Another one. For the security to restrict access on document with demographic information, is that sitewide, or is that or can that be set up per user? I'll go ahead and take this one. So you can restrict it sitewide. You can go into the specific documents that, you are imaging to and tracking within your system to mark it as a document that has demographic information. You can then go in per user and say which, which users can and cannot view that information. So it's kind of a two part process, but it gives you a lot more control over who can and cannot see those documents. Thank you. Let's see. Do auditors need to be on-site to access the audit files that are created? I'll take this one as well. They absolutely do not, which is the beautiful thing about this is you can take these audit files when they are created out of the system and give them to an auditor or an examiner, in in, some kind of an external drive or on an FTP site. So however they want to access that data, they can still get it. And, of course, they can view that information if they're on-site as well without accessing your imaging system. Thank you, and it looks like we have just one more in the chat. Can the employee designation be used to restrict document access to just supervisors or managers? Yeah. I'll take this one, Cara. So the employee designation is is an an important one in your institution. Having that designation applied for, members or customers that for for whom you are storing and retaining documents, is critical because it allows you to set a specific, security restriction and only allow, supervisors or managers or designated group, to have access to their coworkers' documents. And, really, that's an important an important thing for not only your, your customer member privacy, but also your employee privacy. Thank you. Looks like that's it. So thank you everybody for joining us today. If you have any additional questions, please reach out to marketing at alligent dot com or through the website. And make sure to check out our events page for all future webinars. Your we appreciate your time with us this afternoon and have a great day.