Embrace Your Inner Millennial

By: Hayley Haspeslagh, Product Marketing Manager, Geezeo

Some of you may have cringed at this title—after all, who wants to be associated with the Millennials? We know the stereotype of the generation born somewhere in the 80s and 90s who think they’re entitled to a specific way of life and want to change the world (Feel The Bern!), but let’s take a step back for a second and discuss what we know about Millennials and their relationship with financial institutions.

1. Millennials know little about credit unions.

I won’t lie, I’m a Millennial and had very little knowledge of what being a credit union member meant until I began working for Geezeo. Imagine the confusion of the rest of my peers when they hear they shouldn’t be banking with the Top 10. You won’t get our attention with an ad, but 30% of Millennials indicate they’d switch their banking relationship for one free year of banking, 21% for an enhanced digital experience, and 12% for free coffee (yes, please).

2. Millennials love technology.

We can’t live without it. We have most likely had our phones in our hand since our parents bought us our first around age 13. Your digital experience is key to obtain Millennial members and build lasting connections. In fact, 62% of Millennials link frustration with their bank with tech failure or the inability to carry out an online transaction.

3. Millennials are just like everyone else.

Millennials have expectations… and so do you! Banking can be a chore. When the mobile app is down, who wants to go to the branch? When you need cash, finding the right ATM can be a hassle. All members want a convenient experience using dependable technology to reduce friction. Aside from that? We want an advocate to help us save for each of our goals, pay down our debts and make of financial journey through life as smooth, and easy, as possible.

Millennials are not the only generation, nor do we want to be. A financial institution should build long-term connections with its members through its traditional and digital banking experience.
For a more comprehensive discussion, join Bryan Clagett, Geezeo’s CMO, at the NAFCU Annual Conference and Solutions Expo on Thursday, June 16 at 12:15pm for the session “Perhaps There’s a Millennial in All of Us.”

Geezeo is the NAFCU Services Preferred Partner for Personal Financial Management (PFM).

The 7 Most Expensive Vendor Management Mistakes

By: Patrick Goodwin, President of Strategic Resource Management, Inc. (SRM)

Financial institutions are full of smart professionals—straight shooters who know how to judge character and structure a deal. But even the wisest among them overlook savings opportunities when dealing with third-party vendors.

Pressed for time and facing salespeople determined to sell their services at a premium, these otherwise successful professionals can find themselves at a disadvantage and end up paying for it. From the insidious to the emotional to the downright dangerous, here are the most expensive mistakes credit unions make with their vendors—and how to prevent them.

It’s a headache and a hassle to bid out every contract—but it gives you the pricing, terms and market intelligence you need to negotiate a fair deal. Begin the bid process within 24 months of your current contract’s expiration to maximize leverage and never tell a vendor that you aren’t entertaining other options. You will lose every bit of leverage you have.

Don’t just collect RFPs—consider the possibility that another vendor might be a better fit. Credit union executives have a fiduciary duty to the board and shareholders to run operations as efficiently as possible. While most of our clients stay with their existing vendor, they take the time to ask if a new vendor might help them achieve their goals in a changing marketplace.

Are you asking the right questions of third- party vendors? My experience suggests you aren’t. This is the biggest mistake I see financial institutions make, and they have no idea they are doing it. The vast majority of institutions won’t get what they need to accurately compare pricing and terms because they are asking the wrong questions.

For example, don’t just ask vendors for pricing. Give them the pricing model nomenclature you want to use. Avoid surprises by making sure the RFP requires vendors to itemize what they will and won’t charge for.

It’s the most common mistake I see. A financial institution doesn’t have a contract management system in place or the person who first negotiated the contract loses track of deadlines and suddenly a contract is renewed for two or more years. I’ve even seen auto-renews for the full length of the original contract—as much as 7 years—if there isn’t 180 days’ notice. By the end of the renewed contract, the institution would have pricing that is 14 years old!

Avoid this problem by putting contract management policies and procedures in place, using software or by hiring a third party to stay on top of contract expiration dates. Contractually limit auto renews to 12 months and be sure to cap fee increases.

You’re focused on joining up with a new vendor, not thinking about the day the relationship ends. Yet some day you may want to leave your vendor. If the cost is left up in the air, the charges will be at the discretion of a potentially punitive vendor.
Address this head on by talking to your vendor about deconversion costs during contract discussions. Vendors are very open to negotiating this fee at the beginning of a relationship and are often willing to cap it at a fixed amount since it won’t cost them anything up front.

Sales representatives do an incredible job building relationships. They take you and your staff to lunch or the golf course. They remember your birthday.  When it comes time to renegotiate your contract, many financial institutions are uncomfortable putting the contract out to bid because they don’t want to hurt the rep’s feelings or worry that they won’t get the same level of service.

That’s exactly what your vendors want you to think. Vendors don’t want you to go through the bidding process because they don’t want you to have competitive market intelligence—but they’ll easily forgive you. That’s because vendors want to retain you as a client. They aren’t going to dump you just because you considered other options.Avoid the drama and perceived hurt feelings by setting policies and procedures regarding what gifts employees can receive from vendors. Set policies requiring that major vendor contracts are put out to bid so staff can blame the policy for the RFPs. Let someone who can keep emotions out of the decision handle negotiations.

Too often financial institutions negotiate long-term contracts without taking the time to forecast where the institution will be in three, five or seven years—or they misjudge how much the institution will grow. If a contract is designed around incorrect assumptions, it can blow the budget or prevent the institution from reaching its goals. I often see clients outgrow contracts in just three years.Contracts should be designed with growth parameters that give an institution the flexibility to accommodate growth. If you’re not sure how much flexibility you can push for, find someone with the experience to know.

Contracts should be designed with growth parameters that give an institution the flexibility to accommodate growth. If you’re not sure how much flexibility you can push for, find someone with the experience to know.

These are just seven of the most expensive third-party vendor management mistakes, but there are many other ways to get tripped up. Make sure you have the right policies, procedures and knowledge in place to ensure you’re getting the best value and terms for your institution.

Strategic Resource Management is the NAFCU Services Preferred Partner for Vendor Cost Benchmarking and Negotiation Services.

Data Breach Response Planning Best Practices

By: Ann Davidson, VP of Risk Consulting at Allied Solutions

There is a high likelihood another large data breach will occur in 2016, so it is essential your financial institution is armed with a written data breach action plan that includes steps to prepare for, respond to, and recover from an attack. Provided below are best practices your credit union can take to help mitigate the financial and reputational impact of a potential data breach on your financial institution and members:


  • Establish a formal data breach response plan
    • Name your team
    • Review plan annually
    • Submit to Board of Directors (GLBA)
  • Conduct annual trainings with employees on data breach awareness and response
  • Run tabletop exercises and/or mock data breach drills annually
  • Create a security fund for unpredictable external and internal breach costs


  • Develop an internal breach action plan
  • Designate resources to draft notification letters, employee scripts, FAQs, press releases, etc.
  • Adopt fraud investigation and credit monitoring services
  • Give away entitlement to services up front to create more value and offset cost at breach


  • Consider outsourcing with a qualified organization for the following professional services:
    • Fraud counseling service to take calls, provide guidance, place fraud alerts, etc.
    • Call center service to provide multilingual enrollment assistance
    • Identity advocate service to provide identity theft investigation and recovery

Read the Data Breach Preparedness Checklist produced by NXG Strategies or watch the recording of our webinar to learn more about how to build a strong data breach response plan.

Allied Solutions is the NAFCU Preferred Partner for Insurance—Bond, Creditor Placed (CPI), Guaranteed Asset Protection (GAP), and Mechanical Breakdown Protection (MBP); and rateGenius. Learn more at www.nafcu.org/allied.

Top 3 Cybersecurity Metrics To Begin Tracking

By: Melissa Stevens, Senior Digital Marketing Manager, BitSight

Creating a vendor risk management program is of utmost importance in today’s threat landscape. So if you don’t have a program in place already, you may be wondering where—and how—you should get started. One of the building blocks for any security program is the creation of actionable cybersecurity metrics. These will help you go beyond “yes” and “no” answers in your own organization (and your vendors’) and see exactly how well-prepared your company is to protect against cyberthreats.

Below, BitSight has outlined three of the most important metrics your credit union should start monitoring right away.

1) Number of botnet infections per device over a period of time.

This is, without a doubt, the number one cybersecurity metric that every credit union must monitor. By examining how many botnet infections have taken place on your network—and what types of botnets you’ve dealt with—you can better prepare for (and protect yourself against) these types of attacks.

For example, if your organization is able to successfully track this metric, you may be able to shorten the detection deficit. Let me explain. The quicker you can identify a security breach or incident and fix it, the less likely you are to have something catastrophic happen to your organization. In other words, the greater the speed at which you can identify that something is happening on your corporate network and appropriately respond to it, the greater the likelihood of preventing the hacker from getting a foothold in your organization. If you’re able to keep that amount of time as close to zero as possible, you’ll be in far greater shape.

The problem is, many organizations don’t just have a gap of minutes between the intrusion and the solution—sometimes it takes them hours, days, weeks, or even months to identify and fix a security breach (this is where the term “detection deficit” comes in). By closely monitoring the number of botnet infections that take place on your corporate network—and the time it takes you to remediate those infections—you’ll be taking important steps toward reducing this deficit.

2) Percentage of employees with super-user access who are monitored.

Whether through an insider that has decided to go rogue or an external attacker who is trying to take advantage of someone’s super-user privileges, gaining control to “the key to the kingdom” gives a hacker everything they need to take control of a corporate infrastructure and wreak significant material damage. Knowing who has super-user access and monitoring those individuals closely for internal or external issues is a very important metric for this reason. Also, this will provide you with enough insight to determine whether you’re providing too many individuals with unlimited network access, so you can reduce privileges to those individuals who actually need it.

3) Percentage of critical vendors whose cybersecurity effectiveness is continuously monitored.

Traditional vendor risk management practices only offer you a snapshot in time. Even if you perform audits, penetration tests, and vulnerability scans, you still won’t know what’s going on with your vendors’ security on a day-to-day basis. But continuous risk monitoring changes this. It allows you to look at the third parties you’ve deemed as critical—usually those who have access to sensitive data or direct corporate network connections—and determine in real-time how they’re performing in regard to cybersecurity. This will allow you to make data-driven decisions about those vendors that are best for your organization.

BitSight is the NAFCU Services Preferred Partner for Cybersecurity Rating. Learn more at www.nafcu.org/bitsight.

An Underestimated Issue: Disability Insurance Awareness Month

Approximately every 7 seconds, a working-age American suffers a disabling injury or illness that will last for at least one month.1 If this happened to your members, would they be able to make their loan payments or pay bill their bills?

May is Disability Insurance Awareness Month. It is a great opportunity to share the importance of protecting what matters against the unexpected with your members.

Consider the Facts

“According to industry studies, more than 20% of workers under 40 say they are more likely to win the big lottery jackpot than become unable to work due to illness or injury2,” says Ryan Frantzen, National Sales Director of Securian’s Financial Institution Group.

“There is a major disconnect between what people think may happen and what actually may happen. We feel it’s important to help financial institutions inform their customers and help them plan to be smart, not lucky.”

Take Action

You can take action and help reduce your member’s financial burden in the event of an unexpected disability with mortgage disability programs designed to provide for payment of monthly mortgage loan payments.

Talk to your members to see if they would be prepared or able to pay their bills or mortgage without a paycheck.  Securian’s programs may help them cover these payments for a certain time frame and protect what matters.

While we highlight the importance of disability insurance awareness during the month of May, it’s imperative to share this information with your members throughout the entire year.

For more information, please contact Ryan Frantzen at 651.665.1497 or ryan.frantzen@securian.com.


Securian Logo

Securian is the NAFCU Services Preferred Partner for credit insurance and debt protection solutions for credit unions. For additional information and educational resources from Securian, visit www.nafcu.org/securian.



1 DisabilityCounter.org, America’s Disability Counter, (data is updated periodically)

2 Council for Disability Awareness, 2014 Disability Awareness, 2014 (page 3)