The sky is not falling, but let any more legislation like this go through Congress and things just might get a little tight…

 During the last 3 months we have all been anxiously awaiting the Federal Reserve’s final interpretation of the Credit CARD Act. In the middle of January the third interpretation of the Act came through as a revision of the January 2009 proposed Regulation Z change. The proposed Unfair and Deceptive Practices Act has since been rescinded and NCUA’s version is expected to hit the skids as well in the near future. New interpretations of the regulation by compliance attorneys and subsequent advice pieces from the Federal Reserve appear on our radar almost daily.

Where does that leave us? With a new 1,155 page document to interpret, analyze, and turn into meaningful software specifications and a solid recommendation for credit unions to use in loan configurations. We have completed 100% of our review to date. We continue to receive new interpretations of the regulation such as the variable rate floor as well as allowing a grace period on partial payments.

As a resource for you, I would encourage all clients that use CU*BASE Online Credit Cards to:

• Review the changes and recommendations we published on January 29^th in a special announcement.
• Review the recorded one hour web conference from February 5^th that can be downloaded from the Audit Link Advisor site.
• Go to the Audit Link Advisor site, which allows you to send your strategies, concerns, and even policies so we can share with others in the network.

What did we do for the end of February?

• Statement changes (examples sent to all clients on February 22):
• New late payment warning with late fees
• All three minimum payment warnings
• Consumer counseling number
• Coordinating with Sage, CoWWW, and eDOC for graphical presentation
• Discussed the changes you should be making if you are printing up-front disclosures from the CU*BASE system.

 There are a couple of nuances of these changes that you should understand:

Late fees, if configured as a percentage, will always display as a calculated dollar amount, as outlined in the regulation. They are always rounded to the nearest full dollar. Remember these are estimates based on the balance at the time the statement is created.

Minimum payment warnings have amortization calculations in them that follow the guidelines of the regulation. Remember the only time your members will see both the length of time that it will take to pay off the balance and the amount of time it will take to pay off the balance is when amortizations are both in excess of 2.5 years. To fully understand all the rounding requirements we would encourage you to read the regulation as it is extensive and it is simply not possible to describe all the possible scenarios in this document.

What’s Coming Next?

Here is a list of the additional changes that we are working now:

• Addressing when payment dates fall on a day the credit union is closed expected to be in production by the end of April. (We had originally anticipated this being done for March statements but need a little more time to complete the required work, test, and coordinate with all print and e-statement vendors.)
• Altering the interest calculation to understand when there is a grace period on partial payments. This change will affect the interest your members pay during the next statement cycle. This change is expected to go into production at the end of March. 
• Although there are very few fees being charged on credit cards, the regulation does state that they must now be broken out by type and annual total. At this time we are evaluating all potential fees which clients have been charging and we will begin programming for that change including the statement changes. Also included in this change will be the addition of total year-to-date interest charges. This change is expected to be implemented for the end of March cycle. 

 Nuances of these changes that you should understand:

• When evaluating payment dates against dates on which your branches are closed, we will be looking at the standard Federal holidays and/or any holidays you have entered into your Non-Business Days configuration (MNCNFD #23). If you have not done so already, make sure you have reviewed and updated this configuration (see the instructions in the January 29^th announcement). Remember that when the due date falls on a day your branches are closed, the system treats the account as if the due date is instead the next date on which you are open.  This change will process interest calculations at the end of the month as if the payment was made on the due date.
• As another side note, we discovered loans that had a 5% repayment calculation, where the minimum payment was actually more than the required payment to pay off the loan in 36 months. Your staff must understand that the minimum payment amount each month decreases in accordance with the outstanding principal balance. However, the amount required to pay off the balance in three years is simply an amortized amount calculated as of the time the statement is generated.
• Grace period on partial payments is a whole different animal and it will impact the yield on your portfolio. The best way to explain the workings of this change is by example:

Mr. Member has paid his credit card purchase balance off every month. During the current cycle he makes a purchase of $600. On the next cycle he also pays off his purchases from the prior cycle. On the billing cycle in which his $600 is tested for a grace period he only pays $500. The regulation states that the excess amount over his minimum payment must be applied to the purchases and backed off the average daily balance calculation. 

Also remember in the above example that if you have another bucket with a higher interest rate and it has a balance, the payment must be applied to that bucket first, and in this case no grace period would apply. The application of payments to the highest interest rate bucket supersedes this rule.

What’s Left?

What remains on the plate for our product development team is to make program changes that allow the transfer of funds from one bucket to another when the credit union has configured the product as a fixed rate (or variable rate with a floor). I would encourage you to read our January 29^th announcement to better understand the nuances of that change and when it is going into production. 

What Should You Be Doing Now?

Here are the things you should be evaluating in your configurations for online credit cards right now:

• Change your credit card category configurations to make sure that the bucket with the highest interest rate has the highest priority. Ninety percent of our clients have similar rates for all buckets but it is worth the time to review those configuration screens one more time.
• Delete your over-limit fee from the configuration. Even American Express has removed their over-limit fee. There is absolutely no way to monitor for these even if you got creative and sent out the opt-in notices.
• If you charge a penalty rate, set your default rate change date out far enough that you can get a 45-day advance notice that meets the minimum 60-day requirement. Utilize the delinquency notice configuration to update the verbiage on the notice to meet the requirements of the regulation. The exact verbiage is published in Appendix G of the regulation. Also remember that it is now required that you set the rate to be monitored. Set the flag on the configuration screen to verify if timely payments are made for six months that the rate should go back to the normal rate.
• If you have variable rates with floors and the rate is currently sitting at the floor, you now have a fixed rate card. You have a number of choices but every one requires a new disclosure moving forward. I would encourage you to speak to Lender*VP on your options and implications of your decisions as it relates to the configuration of the system.
• Update your agreements and disclosures. The format for your agreements has been outlined in the regulation as well. Use them, copy them, and then get them completed as soon as possible. Share them on the Audit Link Advisor site http://advisor.cuanswers.com/ so others in your peer group can compare notes.

Stay Tuned

With these apparently never-ending changes and the continuous flow opinions, we fully expect our programming efforts will not end in a few months. We would like you to continue to feed us what you are hearing and seeing on the street. Please send us your legal opinions, your comments from other partners, and any other details you gather. Our strategy moving forward will be to communicate these findings back into the network.

There continues to be a great deal of interpretation and reinterpretation going on and with final rules now published we will continue making enhancements to our tools. Over the next year we will all continue to look at best practices for evaluating and maximizing our credit card programs as a positive part of our credit union loan portfolio.

Contribute! 

Post your ideas and concerns on the
Advisor Credit CARD Act Open forum:

http://advisor.cuanswers.com/category/credit-card-act-open-forum/

 Also, the Q&A resulting from Navigating the Credit CARD Act webinar featuring Jim Vilker will be posted here. Please take advantage of this opportunity to contribute and gain knowledge of the Credit CARD Act of 2009.

Navigating the Credit CARD Act

The Truth-in-Savings regulatory changes, found in the update to the NCUA Regulation 707, seemed relatively easy to understand for this first round.  NCUA patterned their changes from the Federal Reserve in most respects, but not all.

A tip from Audit Link’s Jim Vilker:  Credit unions are required to follow those regulations as published by the NCUA and I would caution those who believe they must try and blend the Federal Reserves Regulation with the NCUA’s.  It almost never works.  Keep your compliance eye on our regulatory body only.   Blending these two will only lead to analysis for the sake of analysis.

Breaking It Down

There were two well-defined sections to the upcoming changes.  The first describes available balance requirements at points where a member may inquire on their accounts or where available balances are displayed, such as ATM terminals and online banking.

c) Disclosure of account balances. If a credit union discloses balance information to a member through an automated system, the balance may not include additional amounts that the credit union may provide to cover an item when there are insufficient or unavailable funds in the member’s account, whether under a service provided in its discretion, a service subject to part 226 of this title (Regulation Z), or a service to transfer funds from another member account.  The credit union may, at its option, disclose additional account balances that include such additional amounts, if the credit union prominently states that any such balance includes such additional amounts and, if applicable, that additional amounts are not available for all transactions.

The second section describes changes to the format of member periodic statements related to the fees charged for overdraft and NSF fees ONLY.

(a) Disclosure of total fees on periodic statements.

(1) General. A credit union must separately disclose on each periodic statement, as applicable:

(i) The total dollar amount for all fees or charges imposed on the account for paying checks or other items when there are insufficient or unavailable funds and the account becomes overdrawn; and

(ii) The total dollar amount for all fees or charges imposed on the account for returning items unpaid.

(2) Totals required. The disclosures required by paragraph (a)(1) of this section must be provided for the statement period and for the calendar year-to-date.

(3) Format requirements. The aggregate fee disclosures required by paragraph (a) of this section must be disclosed in close proximity to fees identified under § 707.6(a)(3), using a format substantially similar to Sample Form B–10 in appendix B.

Let’s take this on one section at a time and try to clear the fog a bit.

Clearing the Fog: Account Balance Disclosures

CU*Answers has already sent an announcement concerning the amendments to Regulation DD on 12/11/09.  You can be assured that It’s Me 247 and CU*TALK supported by our CU*Network Partners are already in compliance.  Balances displayed on these systems are based on available balances only.

Now, let’s talk about ATM switches.  The provisions of Regulation DD require that balances provided to cardholders through automated systems (including ATMs) exclude any additional funds available through overdraft protection programs. Or, if the balances provided do include amounts through overdraft protection programs, they must be disclosed as such. Because there is no assurance that all ATM terminals provide this disclosure, you want to understand what balances are submitted to your ATM vendor and how they are using those balances. This will require a conversation with your vendor and an understanding of how your interface works (online versus batch, PBF formats, etc.)

When you have completed your checklists of how balances are displayed at ATM machines (whether through an online platform or through a batch processing positive balance file or PBF), the next step is to make sure your statement disclosures are set up.

Clearing the Fog: Fee Disclosures On Periodic Statements

CU*BASE has supported the NSF and Non-Return Fee disclosure on periodic statements since 2006. Until now, they were only required based on the way credit unions marketed their Overdraft Privilege offerings. Beginning January 1, 2010, it will be required for all credit unions who offer overdraft programs.

There are two steps to print the fee disclosure on your member statements:

1.  Choose Which Activity is Tracked
Modify your NSF Configuration (MNCNFA #9, then #1) to indicate which origin codes will be counted in the fee totals.

2. Change Statement Print Configuration
Contact a Client Service Representative and request the statement print flag be turned on (we need your request in writing). Self Processors can activate this flag using the Member Statement Config. feature via OPER #10, then #5.

So will there be a box around the fees?  The regulation does not say we must; it simply states the disclosure should be “substantially similar” to the one proposed.  The regulation does not even speak to the intent of the box or gridlines.  Is the intent to draw attention to the data?  Is the intent to make it clear from a member’s reading perspective?

Our first inclination is to forget the box altogether and trust we have all invested in displaying the data according to the intent of the regulation.  However, this is not the final say, as you will see in the separate “Boxes, boxes…” sidebar in this issue of the Advisor.

Remember there are multiple ways a member can view a statement, including a printed format as well as e-Statements.  In some cases credit unions may be printing their own statements or using third party statement providers who are not familiar with the upcoming changes.  There is also the additional complexity of the new statement flat file format versus the “old” print format that is still used by many third-party print vendors.

Changing print formats might seem simple but it is definitely not.  Any change we make to the way a statement appears must be made individually to each and every one of the output formats and delivery channels and viewing applications.  So we are reviewing our options and will declare our direction in separate communications during the month of January.  

The Truth-in-Savings regulatory changes, found in the update to the NCUA Regulation 707, seemed relatively easy to understand for this first round.  NCUA patterned their changes from the Federal Reserve in most respects, but not all.

A tip from Audit Link’s Jim Vilker:  Credit unions are required to follow those regulations as published by the NCUA and I would caution those who believe they must try and blend the Federal Reserves Regulation with the NCUA’s.  It almost never works.  Keep your compliance eye on our regulatory body only.   Blending these two will only lead to analysis for the sake of analysis.

Boxes, boxes…who has the boxes?

Based on inquiries from several credit unions after a recent CUNA press release, we are currently analyzing the process of modifying all of the different statement formats that would be affected by a change such as putting border lines around the existing fee disclosure table.  Remember that as with any change to statements, some credit unions may incur custom programming fees to a third-party vendor in order to also incorporate a similar change. 

• Current e-Statements through CoWWW (until the transition to CU*SPY  through eDOC is complete), which are presented via multiple formats:
  • XML format
  • PDF format
  • HTML/text format
• Printed statements via the existing print file format (still used by many third-party print vendors as well as self processors who still print their own statements)
• Printed statements via the new flat file format (used by Sage Direct)
• New e-Statements through eDOC (which will also include multiple formats similar to current e-Statements through CoWWW)
• CU*CD (archived e-Statements on CD-ROM)

As you can see, it is impractical to make a blanket statement that “statements” will be changed—each of these delivery channels and formats must be evaluated separately and a decision made as to which formats will change and which will not.  We are contacting all of the involved vendors now, including CoWWW, eDOC, and Sage Direct, to determine options.

The end result might even be a call for an early end to support for the old print file format, forcing all credit unions and their print vendors to move to the flat file processing with all the resulting coordination, timelines, and change fees. 

Stay tuned for more updates after the first of the year!

 Barb Cooper
VP Professional Services
CU*Answers

To comply with Red Flag requirements to monitor things like address changes, a new Red Flag monitoring feature has been added to CU*BASE. This tool provides alerts to both the credit union and the member when changes are made to a member’s personal information to provide an extra layer of security against fraudulent activity.
When changes are made to a member’s name, email address, home phone or mailing address, CU*BASE records these changes for a rolling 30 days. If configured, warning messages are presented to both the member and the credit union employee. Before credit union employees enter selected screens (such as Teller, Inquiry, and Phone Operator), they will receive a warning message nothing how many changes have been made to these items in the last 30 days (this number is configurable based upon credit union preference). Members will also receive notification of the change in the form of a secure home banking message in It’s Me 247. If the change is to a member’s email address, the member will also receive an email notification to both the new and old email address, unless the old address was marked as a wrong address.
Each time a change is made to the member personal information, a Tracker entry is made on the Audit Tracker that records the old and new values. The Member Tracker system in CU*BASE is a helpful and easy-to-use tool to help credit union staff keep on top of important requests and issues. Tracker records can contain reminders to contact a member, follow-up on payments due, schedule and appointment and more. These records remain attached to a member’s account until manually purged; therefore serve as excellent documentation about an issue for future reference. For this reason, Trackers are used to document member activity related to compliance. Each time a compliance related event such as an OFAC scan, FIDM scan occurs, the CU*BASE system automatically adds a conversation to the member’s audit tracker – these ongoing conversations are recorded, and at a later date can be reviewed as a record of activity on the account.
The addition of this tool is one of many that CU*Answers, the CUSO providing CU*BASE, has implemented in the last year to enable credit unions to remain compliant with increasing regulations.

For more information contact:
Scott Page, EVP
800-327-3478 x103
spage@cuanswers.com

“Our goal at CU*Answers is to provide the tools necessary for our credit unions to succeed. In 2008 we made a promise to our credit unions that by utilizing CU*BASE, they will have the lowest cost of compliance in the industry,” says Jim Vilker –VP of Professional Services, and Manager of Audit Link. “As a 100% credit union-owned CUSO we are naturally tuned in to the wants and needs of our clients, because ultimately, their success is our success. This commitment is evident, and proves that it pays to partner with a data processor owned by its users.”

About CU*Answers
CU*Answers was founded over 35 years ago and is a 100% Credit Union owned CUSO located in Grand Rapids, Michigan. CU*Answers offers a wide variety of services for credit unions including its flagship CU*BASE Processing System in both an Online (ASP) and In-house environment, Internet Development Services featuring the It’s Me 247 Online Banking product, Member Check Processing and Direct Deposit processing services. CU*Answers provides combined services to 165 credit unions nationally representing nearly 1.5 million members and $10 billion in credit union assets. For more information about how “We Make Credit Unions Go” please visit CU*Answers at www.cuanswers.com.
XXX

Posted: 29 Oct 2009 11:08 PM PDT – NAFCU Compliance

Update by Anthony Demangone 7:55 p.m., Thursday evening

I just received an email from our lobbying dynamo, Brad Thaler.   Just minutes ago, the U.S. Senate passed H.R. 3606 by unanimous consent. This bill would make a technical correction to the Credit CARD Act to limit the 21-day requirements to credit cards, instead of all open-end lending.  The legislation now goes to President Obama’s desk.  He is expected to sign it within days.

Many thanks to all of you for your help in getting this legislation to this point. We’ll update you on any developments.

*****

Recently this headline on a popular security site grabbed my attention.  “US banking security could be set for major changes following a court ruling where fraud victims alleged their bank was to blame”.   Imagine the significance of a judge ruling in favor of plaintiffs who are suing their bank for being irresponsible.  While there is substantially more to the story, the allegations are clear.  The plaintiffs claim that their bank failed to institute new technology which would require two-factor authentication to access their accounts.  They are seeking $26 thousand dollars as settlement from the bank because their account was compromised.  The article goes on state that a US Judge refused to grant summary judgment on behalf of the bank, and cleared the path for this case to go to trial.

Reading this article was timely.  That same week I received a call from a client asking for assistance in setting up Personal Internet Branch (PIB) and implementing secondary authentication.  Having recently completed a CUMIS audit, this client was acting on infractions they were cited for during their examination.  At that time their members could access online banking and audio banking using the same four digit password.  The only requirement to log in was an account number and password.  At the client’s request the CU*BASE screens were reviewed and changes made in less than one hour.  As a result the CUMIS requirements are now satisfied.

Another circumstance that prompted this newsletter is the fact that the CU*Answers CUSO is experiencing an examination this week by the NCUA and OFIR.  These organizations are examining our products and determining the manner in which they can be configured by our clients.  They ask that we require our credit unions to use secondary authentication through PIB and further, make it mandatory through the software to use the “complex password” feature of the system.   Our motto has always been “We make the tools not the rules”.  However, the point of this article is to turn your focus to what you can expect coming down the pipe.  I believe your auditors, examiners, and bonding agent will require both secondary authentication and complex passwords in the future.   

CU*Answers created PIB for our clients as a means for them to mitigate risks associated with their members’ use of online banking.  PIB is our solution to the secondary authentication (multi-factor) requirements pushed by the NCUA, FFIEC, and the FDIC.   Each of these organizations has published numerous letters and risk assessment requirements on this specific delivery channel over the last three to four years.   This influx of information is evidence that regulatory bodies are very serious about security and the onus to institute attentive compliance practices falls on your credit union during the examination process.  

Secondary authentication utilizing PIB is not rocket science, and to some degree is a matter of interpretation.  Some credit unions have activated all PIB features, including the “complex password” requirement.  This also means their members are enabled to completely configure their online banking experience.  One factor of secondary authentication requires the member to configure security questions on the system as an added level of validation for online banking.  Secondary authentication is achieved when the PIB settings are set to require the member to answer one of those configured questions each time they log in to online banking; not just when they forget their password.  

Requiring complex passwords is strongly recommended and is not part of secondary authentication. Instead the use of complex passwords is viewed as a necessity by regulators, and is not a feature subject to interpretation for online banking applications. There are good reasons behind this requirement.  Hacking into an account is vastly more difficult when a complex password is in place.  Implementing a secondary authentication factor increases the level of account protection even more. 

This quote from the Microsoft Technet website will help you understand the implications of complex passwords:

Given enough encrypted data, time, and computing power, attackers can compromise almost any cryptographic system. You can prevent such attackers from succeeding by making the task of cracking the password as difficult as possible. Two key strategies to accomplish this are to require users to set complex passwords and to require users to change their passwords periodically, so that attackers do not have sufficient time to crack the complex encryption code.

Complex Passwords

You should set password policy to require complex passwords, which contain a combination of uppercase and lowercase letters, numbers, and symbols, and are typically a minimum of seven characters long or more for all accounts……………

So why is it that so many of our clients are reluctant to require complex passwords or implement PIB?  My belief is that they are concerned about their members rejecting the imposed change or worse yet, they would simply stop using online banking due to its complicated log in process.  If that’s the case, toughen up.  Read the article referenced in the first sentence of this newsletter.  Dan Raywood, of SC Magazine clearly points out that financial institutions will be challenged when accountholders feel they have been victims of inadequately protected systems.  We’ve attached the complete article, not to be used as a weapon, but as a point of common interest and advisement to reevaluate your decision on mandating complex passwords and implementing the PIB application.  At the present time our industry has NCUA, FFIEC, state regulatory bodies, bonding companies, and even the legal system dictating a strategy that requires a much higher level of authentication.  

 What should you do now if you have not activated PIB?   Prepare for change.  Get your staff on board through education and knowledge exchange.  Help them communicate to your members what to expect throughout the new service rollout.  In the coming weeks CU*Answers will be assisting our credit unions who are not using PIB at this time.  Our goal is to have 100% participation with PIB activated for all clients.  Through this major initiative we will all have a deeper understanding of the PIB product itself, and benefit from the experience of a higher degree of security overall.  Included in this push will be:

Contact every credit union which has not yet activated PIB and the secondary authentication features.

1. CU*”Answers’ Marketing Department, in concert with Xtend will develop a marketing and member communication tool set.  Included in the package will be member e-mail and online banking scripts and routines as well as sample newsletter articles.
2. Scheduling laboratory style CU*Answers University web conferences to assist you in configuring the screens and making necessary decisions through the process.
3. Producing a plug-and-play simple project plan that you can use to implement the process and communicate the why and how to your Board of Directors.

What should you do if you already have PIB turned on?   Congratulate yourself! Then schedule an annual review of the configuration screens. Be sure to document your reasons for configuring as you have this year.  This will be a serviceable document when reviewing features and enhancements in the future.  What other features of PIB would you would like to activate?  Watch for a future edition of the Audit Link Advisor where the merits of PIB will be discussed.  Plan to attend and be a contributing participant of PIB focus groups which will assemble in 2010.  Knowledge gained then can be applied immediately, setting your direction for altering the PIB service and online banking going forward.  While reviewing the configurations complete your review of the risk assessment of this delivery channel.   Remember CU*Answers has a template for completing your home banking risk assessment at http://cuanswers.com/security/ .  When it comes to your member’s online banking experience, you want it to be secure and increasingly build their confidence in your credit union and self-service systems.

Article

SC Magazine, September 21, 2009, Dan Raywood

The banking sector could face a major shake-up after a court in the US ruled that a bank failed to protect a user’s account against fraudulent access.

In a recent case, a US judge allowed Marsha and Michael Shames-Yeakel to bring a case against Citizens Financial Bank, who alleged that the bank failed to implement state-of-the-art security technology, as they were the victims of fraud perpetrated through their online bank account to the tune of $26,500.

The US District Judge refused to grant summary judgment in favour of the financial institution, clearing the way for the court case to take place. In her judgment, Rebecca Pallmeyer stated: “In light of citizens’ apparent delay in complying with FFIEC security standards, a reasonable finder of fact could conclude that the bank breached its duty to protect Plaintiffs’ account against fraudulent access.”

Rik Ferguson, senior security advisor at Trend Micro, claimed that the case could have important ramifications across the US. He highlighted a 2005 FFIEC report entitled ‘Authentication in an internet banking environment’, that stated: “The agencies consider single-factor authentication, as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties.”

Ferguson said: “The sheer volume of personal banking data and the ease with which it can be accessed is staggering. Don’t for a moment think that cost or lack of skill is a barrier to entry into the shady world of ‘carding’ and online financial fraud.

“Logon details for online banking are usually sold priced as a percentage of the available balance on the account. Today, bank accounts are available online for as little as three per cent including personal, business and offshore accounts.”

He claimed that online banking in the US still tends to rely on simple username and password combinations, and in the rare cases where a confirmation number is required, this is often sent to the customer’s email account, which is also easy for a criminal to compromise.

The US has used single factor authentication, based purely on something you know, in this case, your password, while in Europe, two-factor authentication has been common for years involving a username and password, the something you know and an additional piece of information, often based on something you have.

Ferguson said: “The deployment of these kinds of technologies in Europe, along with the language issues, means that the US is considered ‘low-hanging fruit’ for online banking fraud, and until financial institutions invest in the necessary deterrent technology, it will remain so.

“That being said though, two-factor authentication technology may not be familiar to even some European banking customers, because (as was the case with chip and PIN cards) certain European countries have also been guilty of tardiness in deploying security technologies for online banking. So, if your bank doesn’t require this additional security, you can bet that cybercriminals know this and that your bank and your account will be targets.”

He further claimed that it is worth remembering that you should not always rely on the goodwill of your financial institution to reimburse you for losses to cybercrime.

“An argument I have heard time and again from friends and acquaintances is ‘Why should I worry when the bank always reimburse any losses?’ If the losses to cybercrime ever become too much for UK banks for example, they can fall back on the provisions of their Banking Code which states ‘If you act without reasonable care, and this causes losses, you may be responsible for them’,” said Ferguson.

• Mortgage loan fraud
• Trends and benefits of BSA E-Filing system
• Analysis of SAR inquiries
• Law enforcement cases
• Suggestions for filing a SAR
• What’s new for auditing the AML program

This issue’s Law Enforcement section focuses on SARs filed due to structured transactions. These structures were not completed by the members one may typically scrutinize. Doctors, lawyers and business owners are some of the top professionals performing these transactions. They deal with large amounts of money on a regular basis and they also have the knowledge of the government financial requirements. It is sometimes hard to train our minds to expect impropriety from a respected individual such as a doctor, but that is how our front line staff needs to think. We need to train our staff to flag these accounts as high risk and monitor them accordingly.

Read Issue 16 to learn more about the BSA Advisory Group’s findings.

http://www.fincen.gov/news_room/rp/files/sar_tti_16.pdf

According to the CUSO, the service has far exceeded original expectations of contracting for 20 credit unions in its first two years. Now 25 credit unions strong, it is expected that Audit Link will be providing audit and compliance services to 30 credit union partners within the next 6 months. The CUSO states that it has continually been improving and streamlining its processes, enabling it to address individual credit union needs. It has begun to address larger credit union needs by assisting internal staff in specific areas of auditing including employee review, dormancy monitoring, and file maintenance logs.

According to Jim Vilker, VP of Professional Services for CU*Answers, “Though not unexpected, we have been pleasantly surprised by the reaction of our credit union owners/clients and their willingness to embrace this and other managed services provided by a partnership between CU*Answers and Xtend. We have designed these collaborative ad hoc services to be not only affordable, but to enable credit unions to increase the level of service they provide to their members and gain a competitive advantage.”

Download Press Release

CU*Answers plans to automate the collection of data for the Call Report as much as possible for your credit union.  The software has ‘auto-pop routines’ that automatically populate CU*BASE data to your Call Report.  Several automation routines are currently available (G/L balances, Security, and Purpose Codes) and we continue to evaluate ideas for future automation routines.   Do you have any ideas?   Please send them to CallReport@cuanswers.com.

Your credit union has the flexibility to configure exactly which G/L accounts, Security Codes, or Purpose Codes to use for populating NCUA Account Codes depending on how your data is organized in CU*BASE.  Once defined in the software, the credit union configurations are saved for future Call Reports.

On July 7, 2009 we held our first 5300 software web conference training and since then over 50 credit unions are using the software!   We have actually had credit unions commenting that completing the Call Report in CU*BASE was exciting and sort of fun!   How often do you use those words when referring to the Call Report?

If you weren’t able to attend this webinar, it can be viewed at:
http://ondemand.cuanswers.com

 3^rd Quarter Report—What to Expect

The NCUA has many changes coming for the September ’09 Call Report.  One major change is a new web-based system for submitting and reviewing the Call Report information.  Your credit union will maintain profile information (info that infrequently changes) separately from other Call Report data. 

Also for the September Call Report, the NCUA has added 95 new Account Codes for delinquency monitoring.  In addition to the delinquent loan dollar amounts, the NCUA now requires the number of delinquent loans in each of the loan categories.  CU*Answers is diligently working on enhancements to the MNCOLL Loan Delinquency Analysis Report that will help our credit unions obtain this information.

CU*Answers is preparing for the NCUA changes and is currently working on the upload of CU*BASE data to the NCUA.   We will have this process ready as quickly as we can.  But, don’t wait to start using the CU*BASE software!   You can begin to accumulate comparison data for future reports and use the available automation routines to calculate some of the Account Codes for you.  By entering your Call Report data now, you can verify auto-pop calculations and have much of the data in place for future reports.

To learn more about the CU*BASE Call Report software, check out the 5300 Call Report & CU*BASE Tools booklet.  You can find the latest 5300 project information and documentation by accessing the kitchen page at:
http://www.cuanswers.com/kitchen/5300.php.

Remember that this is a work in progress and we need your input!  If you have questions or comments, please contact  CallReport@cuanswers.com.