The CU*Answers Due Diligence page is designed to assist our clients and prospective clients in fulfilling any obligation to conduct due diligence provided by our cooperative.  This “one stop shop” is to help simplify your needs when conducting vendor due diligence.  You can also request SSAE Reports and SSAE Bridge Letters from our Auditing Team.

SSAE Reports Request Form

The SSAE SOC 1 and SOC 2 Reports are our public housekeeping audits covering the primary controls we use to secure our systems. The current audit reporting period is for the CU*Answers Fiscal Year 2021 (October 1, 2020 through September 30, 2021). To request a copy of our most recent SSAE Report from our Audit Team, please complete the form below. Requests usually take 1-2 business days to complete.

SSAE Bridge Letter Request Form

If your auditors or examiners request a Bridge Letter for the period between our SSAE audits, you can use the attached form to receive a Bridge Letter from our Audit Team. Bridge Letters usually take from 1-2 days to complete.

ACH Audit

CU*Answers conducts an annual ACH Audit. Every other year we perform the audit internally by the AuditLink team, followed by an external audit the next year. In 2022, the ACH Audit was performed by AuditLink.

• 2022 ACH Audit
• 2021 ACH Audit
• 2020 ACH Audit
• 2019 ACH Audit
• 2018 ACH Audit
• 2017 ACH Audit
• 2016 ACH Audit

FedLine Security and Resiliency Assurance Program

CU*Answers conducts an annual assessment of the FedLine Solutions Security and Resiliency Assurance Program in accordance with the FRB Services requirements as described at: https://www.frbservices.org/resources/resource-centers/security-resiliency-assurance-program. Below is a link to the latest attestation letter referencing this assessment.

• 2022 FedLine Solutions Assessment Attestation Letter

CU*Answers Financial Statements

In light of the new third party due diligence requirements, we realize that more clients than just our owners need access to our financial statements. Listed below are our most recent published financial statements.

• 2022 Financial Audit
• 2021 Financial Audit
• Quarterly Financial Report
• 2020 Report to Owners

Insurance Declaration Sheet

CU*Answers’ insurance coverage renews every year on December 1.

• 2022-2023 Insurance Declaration Sheet

Software Escrow Certification

CU*Answers certifies the CU*BASE software has been deposited with the escrow agent upon the December release.

• 2022 Certification of Deposit of Software Source Code

Disaster Recovery/Business Resumption

CU*Answers has a very active Disaster Recovery and Business Resumption team. Documents from this team are produced on a regular basis. Both the most up-to-date reports and archives are available on this page.

Executive Leadership and Board of Directors

The most up-to-date information on the Executive Leadership Team and the Board of Directors can be found here:

• CU*Answers Executive Leadership Team
• CU*Answers Board of Directors

Business Plan and Strategic Technology Plan

CU*Answers to encourages our credit unions and CUSO to be inclusive of all owners when it comes to business plans and other business activities that owners might want to take an active part in. It is the difference in a cooperative; the community owns it and should be treated with the respect owners deserve.

To that end, our Business Plan Summary and Strategic Technology Plan are both available online.

Company Background

The most up-to-date background information on our cooperative can be found on our About page.

Policies

CU*Answers publishes policies on cyber security/information security, acceptable use, and other policies of interest to our clients and their examiners.

• Current Policy Manual
• Software Development Lifecycle Policy

Kevin Finneran
Software Development Lifecycle Testimonial
from the 2017 Boot Camps

Alayna Johnson
Software Development Lifecycle Testimonial
from the 2017 Boot Camps

SecuriKey

CU*Answers receives a large number of cybersecurity due diligence requests from our clients. Although we have a vast library of resources, accessing all of this information – especially if there is an examiner in the room – can be challenging for credit union staff. With the need to revise or publish a significant amount of cybersecurity due diligence information, CU*Answers is publishing SecuriKey, Your Key to Cybersecurity.

Each SecuriKey document will have the following features:

• Quick Reference Guide (intended to be something a client can provide to examiners)
• Summary of Features of the Service
• Detailed Risk Assessment Tools
• Ways for the credit union to engage with our teams (e.g. MOP has information for AuditLink for credit unions concerned with the Patriot Act)

SecuriKey Documents

• Its Me 247 Online and Mobile Banking
• MOP – Membership Opening Process
• MACO – Multi-Authentication Convenience Options
• idocVAULT – Core Image Processing

More Information

For more information, or if you have questions, please contact our CFO, Bob Frizzle at bfrizzle@cuanswers.com.

Learn more about Bob Frizzle.

Network Partner

Xtend Due Diligence