Our infrastructure is the result of over 30 years experience managing the BOLI plans of highly sophisticated and discerning banks. If we’re better than others, it’s because our clients demand it. We track current and prospective regulations and continually upgrade our infrastructure to meet or exceed requirements.
Our COLI Administration and Reconciliation System (CARS™), independently reconciles every charge and transaction of your BOLI policy. We are the only BOLI/COLI administrator with a proprietary, automated reconciliation system that mimics the idiosyncrasies of the systems used by five major insurance companies – down to each certificate, Unit Value and Net Asset Value. CARS™ has reconciled more than 150 million transactions and reconciles over $20 billion of BOLI assets each month, and has identified hundreds of discrepancies which manual checks could not have detected.
We apply a robust set of physical and data security controls, subject to SOC 2 audits, throughout our facilities and networks including biometrics, key cards and closed circuit video surveillance. In today’s threatening environment, one can no longer rely on protecting only the perimeter. We implement encryption for data at rest as well as data in motion within our networks and facilities. We also implement secure email configurations with customers and carriers and data loss prevention tools to reduce risks of information disclosure to unauthorized parties. Our mandatory security awareness training ensures that our employees are regularly reminded of our strict data security requirements and informed of the latest threats and strategies of cyber criminals.
As a service organization, our operational and data security is of utmost importance. Our policies and procedures surrounding our physical security, data security environment and business continuity planning are subject to SOC 2 audits.
We are also subject to an annual SOC 1, Type 2 Audit. This audit covers our internal policies and procedures relative to the services performed, physical security, data security and business continuity planning and is provided to clients annually. This provides assurance that our controls were sufficiently designed and operating effectively, which helps fulfill our clients’ rigorous third party oversight requirements.
Being unavailable for a client or unable to deliver timely reporting by a deadline is simply unacceptable. We implement disaster recovery and continuity controls, subject to SOC 2 audits, in multiple layers. Within our primary environments, we identify and reduce single points of failure to allow for consistently reliable delivery of services. Some of these controls include redundant internet service providers and network equipment, implementation of failover clusters, fire detection and suppression equipment, and power generators. We have a highly-virtualized environment which allows for systems and data to be replicated to our disaster recovery site in near real-time and failover to disaster recovery equipment is tested semiannually.
Consistency, reliability and having a path to guide our company are extremely important. Having properly documented policies and procedures is key to achieving these goals. We maintain organizational policies covering countless aspects of our operations including IT and IT security, HR, business continuity, data breach response, subcontractor management, and access authorizations/entitlements. Various aspects of each of these policies are subject to SOC 2 audits.
Our proprietary Stable Value Protection (SVP) stress-testing software facilitates modeling scenarios consistent with regulatory stress-test requirements, including the Comprehensive Capital Analysis and Review (CCAR) exercise, internal budgeting forecasts, and structuring preemptive actions to avoid stable value agreement breaches and other risks. We’ve even used our SVP analytics to reverse an SVP provider’s refusal to approve a reallocation.