Frequently Asked Questions

FAQs



Who is Sheltered Harbor?

Sheltered Harbor is a not-for-profit industry-led initiative founded by 34 financial institutions, clearing houses, core processors and industry associations, collectively representing a significant percentage of the retail banking and brokerage accounts in the U.S.

The people who make up Sheltered Harbor are mostly volunteers from our founding members, who share their expertise and work efforts. These volunteers provide their ideas and raw content to enhance the Sheltered Harbor Specification. A small, dedicated team of experienced leaders make up the central Sheltered Harbor organization.

How do I contact someone for more details about Sheltered Harbor

Why haven't I heard of Sheltered Harbor before?

Sheltered Harbor’s goal is to enhance the protection of the retail financial services industry. Until recently, we have been operating quietly to get our standards complete, and to get early adopters testing the process.

Is my financial institution required to join Sheltered Harbor

Sheltered Harbor protection is voluntary. While there are no current regulations that require the extra protection of consumer accounts, industry leaders have determined that it is prudent to do so. If your organization wants to use the Sheltered Harbor standards, then you should go to our Join section and start the process to become a Participant. (If you are a consumer, then you should contact your financial institution to discuss their consumer account protection offerings.)

Can Credit Unions participate in Sheltered Harbor

Yes.  The file formats were defined to extend the Sheltered Harbor protection scheme for Credit Unions as well as Banks.  Several of our Core Service Providers are preparing to offer Sheltered Harbor Archiving services for Credit Unions.

How is Sheltered Harbor structured?

Sheltered Harbor is a Limited Liability Company that is a subsidiary of FS-ISAC. It is governed by its own, independent Board of Directors.

What does it mean to be Sheltered Harbor Ready?

The Sheltered Harbor Specification provides participating institutions with detailed information required to be Sheltered Harbor compliant for retail banking and brokerage accounts. To be 'Sheltered Harbor Ready', a participating institution must confirm that it has completed their implementation of the Sheltered Harbor account protection (data vaulting) process in accordance with the specification, and regular data vault logging must be in place.  

Is it hard and expensive to implement the Sheltered Harbor spec?

It is not hard - the technologies required exist today, files formats match industry standards and operations fit into current best practices.

Early experience has demonstrated that the implementation expense is relatively low for most institutions, and operational expense minimal.

How much does it cost to participate?

Sheltered Harbor is a not-for-profit, industry-led effort.  Participation in Sheltered Harbor is open to US financial institutions, service providers and industry associations.  Fees will depend on the size and type of institution.  More details are available in the  Fees Page.

Is there a standard due diligence package that I can use to promote Sheltered Harbor internally?

There are several documents that could help you promote becoming a member of Sheltered Harbor.

These are available for download by using the links above.

If I use a Service Provider for core processing do I still have to join?

Yes, you must join to receive the full benefits of Sheltered Harbor protection and Sheltered Harbor certification. Most significant here is that your organization must prepare to address a Sheltered Harbor incident, similar to how you prepare for a fire or other disaster.  Your Service Provider cannot do this for you.  The Sheltered Harbor Specification and How-To Guides, which detail what you need to prepare and how to implement a quick restoration of services, are only available to Sheltered Harbor Participants.

Which Service Providers will be offering Sheltered Harbor services?

The following providers have announced their intention to provide Sheltered Harbor capabilities to their clients:

  • FIS 
  • Fiserv
  • Jack Henry
  • COCC
  • Broadridge
  • Talisys
  • Thomson Reuters - Wealth Management

If you do not see your provider, please contact them directly.  They may have joined Sheltered Harbor, but not yet made public announcements.

If your provider has not yet joined Sheltered Harbor, please send us a note to info@ShelteredHarbor.org with their contact information and we will reach out to them about joining this initiative.

Please note that in order to receive these services from your provider, you will need to join Sheltered Harbor.  More details may be found in the Join Us page.

How about if I license software from a service provider but do the core processing in-house?

You most likely will need to coordinate implementation with your software provider.

How do I get the Sheltered Harbor Specification?

The short answer is: Join Sheltered Harbor and you will be granted access to the Sheltered Harbor Content site.

The Sheltered Harbor Specification is only available to Sheltered Harbor Participants. All Participants have access to the Sheltered Harbor Content site, which contains the Sheltered Harbor Specification, as well as all of the working papers of the Sheltered Harbor Working Groups. There you can follow new developments, and collaborate with industry peers on how we are extending Sheltered Harbor standards to improve resilience for access to consumer account data.

How do I engage in Sheltered Harbor Working Groups?

Once you have joined, you are welcome to participate in our work groups. More information will be provided as part of the Participant on-boarding process.

Is there a list of preferred companies that will help us implement Sheltered Harbor?

Not now. However, our plans are that several companies will offer these services. Please check back here for an update.

Where can I find a list of IT partners that provide Sheltered Harbor HW & SW?

The Sheltered Harbor Specification does not require specific vendors' hardware or software. Most companies should be able to use off the shelf solutions to meet the specification. The Sheltered Harbor Content Portal includes the Sheltered Harbor Specification, as well as reference implementations, which illustrate examples of how some early adopters have delivered against the spec.

Will Sheltered Harbor expand to other asset classes?

Yes. Asset class expansion is on our roadmap, although it's not an easy proposition. We are establishing new working groups for this purpose, and can always use more subject matter experts to work through the nitty gritty details. Working Groups are open to all participating institutions.