Frequently Asked Questions

FAQs



Who is Sheltered Harbor?

Sheltered Harbor is a not-for-profit industry-led initiative founded by 34 financial institutions, clearing houses, core processors and industry associations, collectively representing a significant percentage of the retail banking and brokerage accounts in the U.S.

The people who make up Sheltered Harbor are mostly volunteers from our founding members, who share their expertise and work efforts. These volunteers provide their ideas and raw content to enhance the Sheltered Harbor Specification. A small, dedicated team of experienced leaders make up the central Sheltered Harbor organization.

Can I become a participant before I implement Sheltered Harbor?

We encourage institutions to join, receive the Sheltered Harbor Specification and then proceed with implementation.

When you have successfully implemented the Specification, and attested to the success, you will become “Sheltered Harbor Ready”.

How do I contact someone for more details about Sheltered Harbor

Why haven't I heard of Sheltered Harbor before?

Sheltered Harbor’s goal is to enhance the protection of the retail financial services industry. Until recently, we have been operating quietly to get our standards complete, and to get early adopters testing the process.

Is my financial institution required to join Sheltered Harbor

Sheltered Harbor protection is voluntary. While there are no current regulations that require the extra protection of consumer accounts, industry leaders have determined that it is prudent to do so. If your organization wants to use the Sheltered Harbor standards, then you should go to our Join section and start the process to become a Participant. (If you are a consumer, then you should contact your financial institution to discuss their consumer account protection offerings.)

Can Credit Unions participate in Sheltered Harbor

Yes.  The file formats were defined to extend the Sheltered Harbor protection scheme for Credit Unions as well as Banks.  Several of our Core Service Providers are preparing to offer Sheltered Harbor Archiving services for Credit Unions.

How is Sheltered Harbor structured?

Sheltered Harbor is a Limited Liability Company that is a subsidiary of FS-ISAC. It is governed by its own, independent Board of Directors.

What does it mean to be Sheltered Harbor Ready?

The Sheltered Harbor Specification provides participating institutions with detailed information required to be Sheltered Harbor compliant for retail banking and brokerage accounts. To be 'Sheltered Harbor Ready', a participating institution must confirm that it has completed their implementation of the Sheltered Harbor account protection (data vaulting) process in accordance with the specification, and regular data vault logging must be in place.  

Is it hard and expensive to implement the Sheltered Harbor spec?

It is not hard - the technologies required exist today, files formats match industry standards and operations fit into current best practices.

Early experience has demonstrated that the implementation expense is relatively low for most institutions, and operational expense minimal.

How much does it cost to participate?

Sheltered Harbor is a not-for-profit, industry-led effort.  Participation in Sheltered Harbor is open to US financial institutions, service providers and industry associations.  Fees will depend on the size and type of institution.  More details are available in the  Fees Page.

Is there a standard due diligence package that I can use to promote Sheltered Harbor internally?

There are several documents that could help you promote becoming a member of Sheltered Harbor.

These are available for download by using the links above.

If I use a Service Provider for core processing do I still have to join?

Yes, you must join to receive the full benefits of Sheltered Harbor protection and Sheltered Harbor certification. Most significant here is that your organization must prepare to address a Sheltered Harbor incident, similar to how you prepare for a fire or other disaster.  Your Service Provider cannot do this for you.  The Sheltered Harbor Specification and How-To Guides, which detail what you need to prepare and how to implement a quick restoration of services, are only available to Sheltered Harbor Participants.

Which Service Providers will be offering Sheltered Harbor services?

The following providers have announced their intention to provide Sheltered Harbor capabilities to their clients:

  • FIS 
  • Fiserv
  • Jack Henry
  • COCC
  • Broadridge
  • Talisys
  • Thomson Reuters - Wealth Management

If you do not see your provider, please contact them directly.  They may have joined Sheltered Harbor, but not yet made public announcements.

If your provider has not yet joined Sheltered Harbor, please send us a note to info@ShelteredHarbor.org with their contact information and we will reach out to them about joining this initiative.

Please note that in order to receive these services from your provider, you will need to join Sheltered Harbor.  More details may be found in the Join Us page.

How about if I license software from a service provider but do the core processing in-house?

You most likely will need to coordinate implementation with your software provider.

How do I get the Sheltered Harbor Specification?

The short answer is: Join Sheltered Harbor and you will be granted access to the Sheltered Harbor Content site.

The Sheltered Harbor Specification is only available to Sheltered Harbor Participants. All Participants have access to the Sheltered Harbor Content site, which contains the Sheltered Harbor Specification and Guides, as well as all of the working papers of the Sheltered Harbor Working Groups. There you can follow new developments, and collaborate with industry peers on how we are extending Sheltered Harbor standards to improve resilience for access to consumer account data.

How do I engage in Sheltered Harbor Working Groups?

Once you have joined, you are welcome to participate in our work groups. More information will be provided as part of the Participant on-boarding process.

Is there a list of preferred companies that will help us implement Sheltered Harbor?

Yes,we have formed Strategic Alliances with several advisory firms.  Contact Information for our current advisors is here:

KPMG

     

   Vivek Mehta

Partner, Emerging Technology Risk

646-239-6088

  vivekmehta@kpmg.com

   Luke Nelson

Managing Director, Emerging Technology Risk

678-787-4618

  lnelson@kpmg.com

Promontory

 

 

 

   Seth Kulakow 

Director, Cyber Solutions Practice

303-947-7096

  skulakow@promontory.com

EY

     

   Carl Liebel

Executive Director, Financial Services Advisory

917-969-1802

  Carl.Liebel@ey.com

   Chris Mikucki

Senior Manager, Cyber Transformation

317-850-4400

  Chris.Mikucki@ey.com

PwC      
Ertem Osmanoglu Principal, Cybersecurity and Privacy 646-331-1595   ertem.osmanoglu@pwc.com
Jim Fox Partner, Cybersecurity and Privacy 703-927-7101   james.fox@pwc.com
Steven Zaki Director, Cybersecurity and Privacy 201-247-8710   steven.zaki@pwc.com
Eric Lantz Director, Cybersecurity and Privacy 315-368-4765   eric.w.lantz@pwc.com


We will continue to expand relationships with assurance and advisory firms throughout the year in an effort to support the market with a broad menu of options, so keep checking here for updates.

Where can I find a list of IT partners that provide Sheltered Harbor HW & SW?

The Sheltered Harbor Specification does not require specific vendors' hardware or software. Most companies should be able to use off the shelf solutions to meet the specification. The Sheltered Harbor Content Portal includes the Sheltered Harbor Specification, as well as reference implementations, which illustrate examples of how some early adopters have delivered against the spec.

Will Sheltered Harbor expand to other asset classes?

Yes. Asset class expansion is on our roadmap, although it's not an easy proposition. We are establishing new working groups for this purpose, and can always use more subject matter experts to work through the nitty gritty details. Working Groups are open to all participating institutions.


ABA Video - 1/15/2018

Join as Bank or Credit Union

For banks and credit unions, Participant fees are determined based on both Participants’ Total US Banking Assets and Participant’s Total US Deposit Accounts to more accurately reflect bank size. Below describes current fees applying at each level of Participant’s assets and accounts.

Annual Fee Assessment Schedule for Banks and Credit Unions

 Assets

 Accounts 

 Fee 

Join Sheltered Harbor
On-Line
Download 
 <$100MM  and   <10K  $250       007 monitor 1          OR        Download $250 Agreement
 <$1B  and    <500K  $500        007 monitor 1          OR       Download $500 Agreement
 >500K  $2,500       007 monitor 1          OR       Download $2500 Agreement
 $1B - $50B    and   <500K  $2,500       007 monitor 1          OR       Download $2500 Agreement
 >500K  $10,000       007 monitor 1          OR       Download $2500 Agreement
 >$50B  and  <1M  $10,000       007 monitor 1          OR       Download $2500 Agreement
 >1M  $25,000       007 monitor 1      OR       Download 25000 Agreement

If your operations include brokerage and/or asset management accounts, please check those fee schedules as well, because you will pay a single fee based on the larger of the banking or brokerage or asset managent fee calculation.

Join as Broker

For securities firms, Participant fees are determined based on both Client Assets* and the Number of Clearing Clients. The schedule below describes current fees applying at each level of Participant’s assets and accounts.

Annual Fee Assessment Schedule for Securities Firms

 Client
 Assets*

 Clearing
 Clients

 Fee 

Join Sheltered Harbor
 On-Line
Download 

 <$100MM

 and 

 <1 (self clearer)      

 $2,500

     007 monitor 1    

 OR 

      Download $2500 Agreement

 <$10B

 and  

 <50

 $5000 

     007 monitor 1    

 OR

      Download $5000 Agreement

 50 - 100

 $10,000 

     007 monitor 1    

 OR

      Download 10000 Agreement

 $10B - $200B  

 and 

 <20

 $10,000 

     007 monitor 1    

 OR

      Download 10000 Agreement

 >20

 $25,000 

     007 monitor 1    

 OR

      Download 25000 Agreement
 >$200B    or   >100  $25,000       007 monitor 1     OR       Download 25000 Agreement

* Including discretionary and non-discretionary assets

If your operations include banking and/or asset management accounts, please check those fee schedules as well, because you will pay a single fee based on the larger of the banking or brokerage or asset managent fee calculation.

Join as an Asset Manager

For Asset Managers, Transfer Agents and Recordkeepers,  Participant Fees are determined based on AUM or Plan Assets.  The schedule below describes current fees applying at each level of Participant's AUM or plan assets.

Annual Fee Schedule for Asset Managers, Transfer Agents, and Recordkeepers

AUM or Plan Assets    Fee   Join Sheltered Harbor 
On-Line Download
 <$20B  $2,500      007 monitor 1      OR        Download 2500 Agreement
 $20B - $50B  $5,000      007 monitor 1      OR       Download 5000 Agreement
 $50B - $200B  $15,000       007 monitor 1      OR       Download 15000 Agreement
 > $200B  $25,000       007 monitor 1      OR       Download 25000 Agreement

If your operations include banking and/or brokerage accounts, please check those fee schedules as well, because you will pay a single fee based on the larger of the banking or brokerage or asset managent fee calculation.

ICBA Video - 9/11/2018