Credit Union Mergers – Mitigate Technical Risk

March 18, 2009

From my point of view a credit union merger is a ‘non-trivial’ event, however I am excited about the opportunity that this provides both entities from a technology perspective. A small credit union can come out of a merger stronger, leaner, and more efficient than before. This is an opportunity to streamline, achieve economies of scale, and combine the best of each entity while discarding the unworkable elements. The following are a list of good questions to ponder with your teams. Here is a short list of what I would consider to be the ‘tough stuff’ from a voting and discussion perspective between teams.

Technical Systems Integration Planning Steps

  • What is the plan for the coexistence of two (separate) LAN and WAN networks and what is the end state goal?
    •  IP Scheme – bridged/ routed network
    • Are the Credit Unions using disparate core systems? Different Versions? Do they have conflicting IP Scheme requirement?
  • What are the deadlines that need to be hit so that they details can be coordinated?
    •   IP Scheme
    •  Printing (Sharing, Services, Drivers)
    • Bandwidth
    •  Routers
  • What is the plan for the convergence of credit union peripheral hardware convergence?
    • Signature pads
    • Receipt Printers
    • Scanners
    • Check printers 
  • How will imaging be merged, including the old that may need to be kept for 7 years? What is the plan for current and historical images? What is the final imaging goal?
  • How will old core system records be kept (Core historicals, etc.)?

Internal Questions

  • What is the end network design?
    • WAN Architecture
    • Integration
    • POP Diversity
    • Redundancy
    • Encryption
    • QoS – quality of services to protect VoIP integrity
  • Can the credit unions use each other for DR?
  • What services will be shared?
    • Active Directory
    • Email
    • Files
    • SQL Databases
    • Domain Controller Authority
    • Imaging
    • Domain Trust
      • Is Microsoft SBS involved? If yes, there are important trust planning considerations.
  • Will Microsoft licensing be audited to take advantage of consolidation? Use a merger to negotiate and consolidate licensing.
  • What is the plan for enterprise back-ups long term?
  • How will the phone system be consolidated and converged?

So here is the summary of my merger material. I have collaborated with a couple of team mates to put this 2 part series together for everyone. I hope you like it and that it was useful to you.  



Considering a Merger? Is the Time Finally Right?

March 5, 2009

With the economy shifting south, coupled with the NCUA assessment fee to bail out the Corporate Credit Unions, small credit unions can combine forces to compete better and provide more value to their membership. I am observing a trend toward small credit unions merging on a much more rapid scale than I have seen in the past. The merging of credit unions is not noteworthy in and of itself, however I do believe that mergers that combine to reach the $100 million plus range are going to increase.


When considering a merger, it is critical to establish relationships with experts you can turn to if you go forward. These experts should span all operations in the credit union, and be able to weigh in on questions such as:


· What are the best practices in merging a credit union?

· How do you merge IT departments without adding risk?

·  How to plan for and cut waste during a merger?

·  How can risk be mitigated?

·  What is the best way to leverage the opportunity to build in efficiencies?

· What functions can be strategically outsourced?

· What processes can be integrated?

· How should IT integration be handled?


Credit Union Merger Questionnaire – Information Technology

The following questionnaire pertains to the last point, and represents the starting point for planning and implementing effective IT integration for a credit union merger. These questions are intended to bring up important issues that must be planned for in the IT space, and to start discussions that will lead to effective decision making.


High Level Objectives/ Co-Existence Plan

  • Is the objective for the merger:  To attain one united front or identity with the leveraged strength of a partnership……
  • or is the goal of the merger to  maintain dual identities with the leveraged strength of a partnership?  
  • What is the plan for the existing domain names and the new domain name? Is there a timeline set for the sites to disappear and one to replace them, or will the old sites remain in place?
  • What is the plan for the email utility in the new entity? What is the timeline for implementation? Will there be coexistence of emails between domains?
  • How will home banking be presented to the members? What is the timeline for the change?
  • What SSL Certificates can be merged, deleted and/or re-used (web sites, ssl vpns, etc.)?
  • Is there a common encryption policy for sending information to third parties ( e.g. credit card processing via PGP, or does one of the entities have ZIx email encryption)?
  • What is the encryption goal? Are there any vendors that require specific encryption technology?
  • What is the end goal for the phone system and call center/ member services? Is there a timeline set for the convergence of the systems?

o        PRI analysis – what is the call routing plan?

o        Are you launching with core phone system functionality first and then integrating Call Center functionality after the merger?


  • What is the goal for integration and collapse of the networks (WAN – MPLS)? Applications  (like imaging, etc.)? Data bases? Other elements?

o        Has a cost analysis been completed for the infrastructure WAN collapse of the two entitities? Data, Voice (long distance/local)

o        What questions does one need to ask when integrating carriers – Sprint, ATT, Qwest, Verizon, and Paetech for example? (This blog link is an overview of questions to ask.


  • How are third parties (PSCU, FedLine, DI, etc. ) being addressed? Which third parties will remain? Are there redundancies? Which ones are going away? 


On my next post I will examine most technical questions that I have to ask myself when helping a credit union during a merger. 



Drive IT Costs Down with Server and Desktop Virtualization

February 13, 2009

The more I visit with my clients I see the effect that server virtualization is having with credit unions. 4 years ago when I started recommending virtualization strategies all I heard was crickets. Now the tide has changed and literally the only question to ask oneself is, “Why am I not virtualizing?” In today’s environment the reality is, that questions are being asked, “can I do more with less?” VMware and Microsoft Hyper V give credit unions this flexibility.  I have a few items that I list below which I believe need to be brought to the table prior to implementing virtualization. I am going to be writing more on this subject over the next few weeks. Virtualization is analogous to a carpenter buying a ¼ inch drill bit. A carpenter doesn’t want a ¼ inch drill bit; what he wants is a ¼ inch hole. No one wants virtualization. What people want the benefits of virtualization. Here are a few of them and some planning questions to ask.

  • What actual hard costs are you looking to save? For example, I have a client who was adamant about not doing virtualization until midway througha data center upgrade project shesaid to me, “how canIsave onsome rack space? I don’t want to buy another rack ifI don’tneed to.” I replied by pointing to 4 servers and saying, “those 4 servers can all be virtualized into one.” These were very old Microsoft 2000 and 2003 servers that she has no intention of upgrading on the short term. Walla – she saves on rack space, cooling costs, server hardware costs, etc.
  • Snapshot VMs – consider if this is one of your goals.
  • If HA (high availability) and snapshot’ing of VMs is important you will need to look at iSCSI SANs as a backend to the Virtual Servers in order to enable this functionality.
  • Consider HA with virtualization on your LAN. I have several credit unions that love this. They have long term goals of growing the environment to support FR needs,etc., but on the short term all they want to be able to do is server consolidation and have a more stable and reliable server infrastructure.
  • They want to be able to do server upgrades and patches and have instant recovery to application failures

I have worked with Joe Fletcher with Johns Hopkins Federal Credit Union for several years and I think one of the ways to review the value of a technology and a strategic path chosen is to see it in action. Joe is a strong IT credit union leader in the mid atlantic area and has experienced the following benefits from VMware virtualization and iSCSI SANs. Here is a listing of his successes:

  • Budget, he has been able to cut costs significantly because of the recent increase in web servers. His core processor is requiring the CU’s to provide more hardware for web based applications than ever before. My client has been able to virtualize all of these applications. He also upgraded many of his older servers to new version of Windows without the expense of buying physical hardware. Finally, he was able to build this environment in one budget cycle by adding the hardware costs for the core required web servers and reaching the same total as purchasing two LeftHand SAN’s, VMware enterprise licensing and HP Procurve Gig Switches.
  • He is thrilled with performance of the machines and the ease of setup, both on the VM and LeftHand side of the fence. VM to VM performance has been great; and he is upgrading core switching to increase the other performance. He has also been working with his core providers to virtualize other applications to improve performance.
  • Consolidation. With old core systems having to remain up for 6 years and a lack of space in general the ability to get rid of 15 servers has opened up the datacenter, making airflow better, making the DC cleaner and giving them room manage the servers without stepping over machines.
  • Disaster Recovery. This meets his overall goal of portability and recoverability. Eventually the branch office will have a replicated SAN and ESX hosts for recovery in the event of a disaster or more likely a small issue like power failure or hardware issues.

Drive IT Costs Down with Desktop Virtualization VDI

February 7, 2009

I almost forgot to mention that I have been excited about this concept of desktop virtualization for a long time. I have only 2 customers out of 40 credit unions who are fully deployed on thin clients using Citrix. The client side requirements for Citrix have usually made the technology a show stopper due to the raw horsepower needed from internal credit union IT staff and consultants to get all the mapped drives, printers, scanners, etc to work properly. Don’t get me wrong, I love Citrix. I have been a huge supporter of Citrix since back in the Winframe days. However, credit unions integration with Citrix has been definately flagged with a warning sign that says warning ‘jump dont dive’. 

The Vision has always been ooo sooo sweeet… have all clients cenrally managed like a Unix host. The concept of running a Credit Union on a Windows mainframe has always been appealing. Since most credit union have limited IT budgets and staffing possibilities; then the possibility of centrally managing workstation session has never ending appeal.

Recently I have personally witnessed the power of VDI – Microsoft Virtual Desktop Infrastructure with a CUSO client. I have had high hopes for VDI since I know that the ability to control client side devices is a world apart from Citrix and Terminal Services. This client of mine has integrated Symitar and VDI over a VPN connection to a remote office working multiple session and printing worked like a charm.

In addition to desktop virtualization mentioned above I have another client who is running Citrix servers in a full virtual server environment! This is exciting as well because most people will snuff at this idea. It is real and they are running 150 users in this environment on virtual Citrix servers with a LeftHand iSCSCI SAN.

The Myth of Managed Services (Full MSP vs Partial)

January 15, 2009

I talk a lot about Managed Services for credit unions. This should be no surprise. I want to be clear about what I mean when I talk about Managed Services. 

Sometimes I can hear people say, “Oh, I use Managed Services for security. …..Someone manages my firewalls and someone does my pen testing……… Someone does this and someone does that……..” 

I am not referring to this type of service at all. 

I am not suggesting that these services aren’t appropriate or warranted. In fact these services are critical as a part of one’s information security program. These are services are Partial MSPs and not Full.

With Full MSPs, I am referring to providers who are actually accountable for the security of your credit union. I am referring to an MSP that is responsible for the day to day operations of IT in addition to the compliance needs of the credit union. These are MSPs that actually can ‘stand in’ on behalf of the CU and answer questions for the auditors.

I hope this clarifies my meaning, and that if you have not been thinking of Managed Services in the context now you can.

Device-Focused MSPs Fail to Deliver Comprehensive IT Solutions to Credit Unions

January 1, 2009

I have had it with big companies attempting to monitor and manage small to medium business. Dell, HP, Ingram, and the list goes on, are now offering programs that only local businesses can deliver in a quality manner. And now Sonicwall has rolled out a managed security service. 

I am disheartened to see big vendors getting into Managed Services Programs (MSP). Big companies that stand up NOCs (somewhere) and try to deliver quality MSP services are not the route to success for a credit union. 

Credit Unions need to consider the following when selecting a good MSP:                                                                                     

  • How is third party due diligence  (covering insurance coverage, hiring, security controls, financials, etc.) handled? If your hard working IT manager has to rattle around to his vendors for this information then you have the wrong vendor.
  • What is the Disaster Recovery plan of the MSP? How can they help you?
  • How do they cover compliance and infrastructure?
  • Who owns them? Are they absent or involved?
  • Are they focused on growth for growth’s sake? Is there a reason for growing? What are their plans to handle growth?
  • Is the MSP focused on device management or is the MSP focused on being a trusted partner that will support the credit union from Architecture and Design all the way to Tier 1,2,3 IT operations support? 

I own a local MSP business that supports credit unions, and I strongly believe a credit union must partner with an MSP provider who has a vested local interest in the industry, the market, compliance needs, and all the other details and complexities that tend to escape large companies attempting to shoehorn “one size fits all” into the market. 

In my humble opinion, manufacturers of IT products like HP, Dell, Ingram and Sonicwall, should focus on building great products and less on delivering Managed Services.

Managed Services for Credit Unions: The Difference between Surviving and Thriving

December 15, 2008
When I search the internet, I see virtually no mention of managed services in the credit union space. This surprises me. 

I hear too many credit union CEOs wonder how to survive. I offer an alternative vision for what is possible for your credit union: Thriving. 

And I assert that any credit union from $20 million to $200 million in assets must be using a Managed Services Provider in order to thrive.  

Think this is a bold statement? Perhaps it is. Let’s look at the facts before you decide. 

Small to small/mid credit unions are faced with managing a level of IT complexity that no other business of the same size must manage (other than, perhaps, health care). The complexity is created because of five requirements: 

  1. Compliance
  2. Security
  3. Third party relationships (e.g., ATMs, Shared Branching, Home Banking, Core Processing, Fedline)
  4. Disaster Recovery
  5. Infrastructure Operations 

No small to small/mid credit union can effectively manage IT through in-house staff alone.  Staying focused on driving member value is critical. Diverting the IT department to review  and maintain “plumbing systems” when they could be reviewing, implementing, and evaluating systems that enhance the value of the credit union in the eyes of the members–that is where IT has to be focused. Resource coverage in the areas mentioned above is too challenging, and too risky to try with only in-house staff. 

In the IT space, a step that supports thriving is outsourcing your IT operations. Hire a Managed Service Provider (MSP) who can handle all the blocking and tackling of the five items I listed above. 

I have noticed that a credit union that has reached over $100 million in assets typically has one person on the IT staff who is smart and capable. Without an MSP in place, this person invariably ends up trying to do everything. Rather than tying up this valuable resource on housekeeping chores, have your MSP report monthly to this person. Require that the reporting be compliance based in nature and not all technical; if this is not required then you are still saddling your key IT Manager with the burden of producing the proof needed each month. 

I can’t stress this point enough: Shift your key manager’s focus to member-facing projects and have the MSP deliver the rest. This will put the company on the road to thriving and, from a professional growth perspective, it places your “shining star” IT employee in a position of managing the plumbing versus doing the plumbing, which should be a welcome step up for any bright, ambitious manager.