HEADLINE NEWS 

BSA Compliance: Most Frequent Violations
     Bank Secrecy Act (BSA) compliance is listed as one of NCUA’s regulatory examination hot topics in 2005. These exams will focus on adequate policies, procedures, and staff training; accurate, timely filing of Currency Transaction Reports (CTRs) and Suspicious Activity Reports (SARs); monetary instrument amounts between $3,000 and $10,000; aggregation tracking mechanisms; and member (customer) identification policies. The most common BSA violations often include:
§         No written or current board-approved policies covering all aspects of BSA regulations including member (customer) identification programs;
§         Inadequate training of employees (BSA compliance training is specifically mandated in Section 748 of NCUA Rules and Regulations.);***
§         BSA compliance officer not specified in policy;
§         Failure to file CTRs accurately and appropriately;
§         Inadequate recordkeeping on $3,000 to $10,000 monetary instruments;
§         Failure to access and respond to FinCEN 314(a) requests; and
§         Lack of independent BSA review (supervisory committee or outside auditor).
     NCUA’s assessment that a credit union has BSA violations may adversely affect the CAMEL component rating for management and possibly the overall CAMEL rating. In addition, NCUA can issue Letters of Understanding and Agreement because of repeat findings and unresponsive management. In extreme cases, NCUA also has the authority to assess civil money penalties.
     How can our credit union make sure that we are in compliance with the Bank Secrecy Act? The League continues to provide information and training that will help CUs comply with this act. Read on….

Bank Secrecy Act Classroom Training in August***
     The League is pleased to announce that we will be offering three training sessions in two locations in August. These sessions will supplement the monthly webinars that Verisure offers, which several of our CUs have utilized for training in the past months with good success (see “Educational Offerings” on page 4 of this issue).
     Kristen Tatlock, director of compliance and regulatory affairs with the Virginia/D.C. Credit Union Leagues, will offer a three-hour session suited for all CU staff on Monday, August 22, and again on Tuesday, August 23. She will be joined by NCUA examiners from Region II who will answer questions about your CU’s policies.
     Topics that will be covered during the session:
§         Anti-money laundering policies
§         Large currency transactions/reporting (CTRs)
§         Suspicious activity reporting (SARs)
§         Monetary instrument and wire transfer recordkeeping  
§         FinCEN Section 314(a) requests
§         USA Patriot Act – CIP/MIP
§         Penalties
     Sessions will be held at the following times and locations:
        1. Monday, August 22 – 4-7 p.m., Rm. 407A, Del Tech Conference Center, Dover
        2. Tuesday, August 23 – 9 a.m.-noon, League office, New Castle
        3. Tuesday, August 23 – 5:30-8:30 p.m., League office, New Castle (This session is designed for small CUs who cannot come during the day for training.)
     The cost of the session is $50 per person, which includes instruction, handouts, and a light meal. Certificates will be given to participants to reflect completion of this annual BSA training requirement. Registration deadline: August 8.

COMPLIANCE UPDATE

Children’s Online Privacy Protection Act
     The Federal Trade Commission has extended a temporary provision in the Children’s Online Privacy Protection Act (COPPA) that allows website operators to obtain parental consent by email when they collect information from children that is used only for internal purposes. The temporary provision has been extended until the FTC completes its required review of COPPA rules. For CUNA’s final rule analysis, go to:
www.cuna.org/reg_advocacy/member/analysis/ftc_050905.html

Disposing of Consumer Reports
     The humble shredder may turn out to be a hot item around the office in 2005. As of June 1, a new federal rule requires businesses and individuals “to take appropriate measures to dispose of sensitive information derived from consumer reports,” according to the Federal Trade Commission. Appropriate measures are defined as shredding or burning of paper documents and the erasing or similar destruction of digital materials. Improper disposal could carry fines of as much as $1,000 per violation. The new measures, which are designed to stem the growing occurrences of identity theft, are the result of the Fair and Accurate Credit Transaction Act of 2003. Consumer reports in the form of background and credit checks are used in a variety of businesses, especially banks/credit unions, mortgage brokers and car dealerships, to assess an individual’s financial fitness. (Daily Progress, Jun. 12) 

June Compliance Challenge Tackles ATM Issue
     What is a CU manager to do with a compliance headache created by a member’s own carelessness? CUNA’s June Compliance Challenge takes a look at this and other prickly issues that frequently confront CU managers.
     For instance, this month’s Challenge asks: If an unauthorized withdrawal from a member’s account occurs because that member pulls away from the drive-up ATM before declining another transaction, does the CU have to restore the funds to the member’s account? Read the June Compliance Challenge to find out – the League has mailed a copy to all CEOs/managers.

NCUA Urges CUs to Manage Risk With Growth
     As the nation’s economy charts a “robust course” in creating more jobs and increasing productivity, NCUA’s board chairman JoAnn Johnson urges CUs to prepare to closely manage the related risks of growth – including rising interest rates. NCUA has identified four economic fundamentals that CUs should consider:
    1)      Increasing interest rates can negatively impact CUs’ interest margins, liquidity, and credit quality of their members, potentially creating an earnings squeeze. They could also negatively impact mortgage demand, changing the composition of CUs’ loan portfolios. With both short- and long-term interest rates expected to increase this year, NCUA examiners are paying special attention to the position of CU balance sheets.
    2)      Inflation is on the rise. A potential increase in inflation could also lead to more of an increase in interest rates.
    3)      Consumer spending is another indicator that NCUA is watching.
    4)      Employment growth has been improving and will be very important going forward as the economy will need jobs and income growth to support consumer spending.  

Have You Identified Your Dormant Accounts?
     This is the time of year when CUs should be reviewing their accounts to identify those dormant accounts that will need to be turned over to the State Escheat office. A preliminary report of unclaimed property must be filed with the State of Delaware Bureau of Abandoned Property by August 1, 2005, for unclaimed property in the CU’s possession on June 30, 2005, which has had no activity (except interest) for five years. Right now is a good time to send out a special letter to such accounts. The notice should include the steps necessary for the member to avoid losing his/her money to the state, such as 1) a deposit to the account; 2) a withdrawal of funds from the account; or 3) correspondence in writing to the credit union as an acknowledgement of the account – which must be dated or signed by the member and retained. The League will be sending out more information about Escheat Reporting.

RISK MANAGEMENT ALERTS

MasterCard Data Breach Exposes 40 Million Cards
     The Credit Union National Association (CUNA) and CUNA Mutual Group began assessing how many credit unions could be affected after MasterCard International reported on June 17 that it had discovered a breach of payment card data at a third-party processor that potentially exposes more than 40 million cards of all brands to fraud. Both debit and credit cards are affected, as are cards under the MasterCard, Visa, Discover, and American Express brands. Of those, 13.9 million are MasterCard-branded cards.
     MasterCard reported that its security experts identified a breach at CardSystems Solutions Inc., a third-party processor of payment card data. An unauthorized individual infiltrated CardSystem's network and obtained access to cardholder data. MasterCard and Visa are notifying their member financial institutions of specific card accounts that may have been compromised.
     Banks and credit unions, upon receiving notice from MasterCard or Visa, should take appropriate steps to protect cardholders from potential fraud. “Credit unions should react immediately by working with their neural network providers to engage a rule that would minimize and block testing of card numbers by thieves,” said Ann Davidson, payment systems risk manager with CUNA Mutual’s CU protection division.

Phish Targeting NCUA Again
     A phishing email targeting the website of the National Credit Union Administration is making the rounds again, using the NCUA logo and graphics from the NCUA website to attempt to get information that could be used in future identity thefts. The fraudulent email, subject line “WARNING: Security Issues,” purports to be from NCUA’s “Account Review Department” and says that “as a part of our security measures, we regularly screen activity in Federal Credit Unions’ network.” There is no such network. The email asks the recipient to log onto a link to “update your account.” Those who receive such emails should delete the email and not click on the link. In the past six months, several rounds of phishing emails have purported to come from NCUA or CUNA, causing the agencies to send out fraud alerts.

Mid-Atlantic Corporate Alert: New Check Fraud Scheme
     Mid-Atlantic Corporate FCU has issued an alert to their members regarding a new type of check fraud scheme. Recently, corporate credit unions have begun encountering a scheme in which counterfeit drafts appear to have been created with an online check service called Qchex. The Qchex service allows a user to create share drafts/checks, which are drawn on a valid financial institution with account numbers chosen by the user. Mid-Atlantic Corporate reported that it had received several of these fraudulent items recently.
     These items were presented to the corporate in its in-clearing cash letters as corporate share drafts with Mid-Atlantic’s routing and transit number and various account numbers. Some of these numbers are valid Mid-Atlantic member account numbers, while others are clearly false numbers. Fortunately, all of the items were rejected in the normal processing due to the routines run in Mid-Atlantic’s sort patterns, which identify invalid formats and account information inconsistencies. All items were detected in a timely manner, and no losses were incurred.
     A recently published report (http://www.msnbc.msn.com/id/7914159/) indicated that perpetrators are creating fraudulent demand drafts (drafts which do not require a signature) using valid financial institution routing numbers and account numbers that they are not authorized to use.  
     As a precautionary measure, credit unions may wish to inform their staff of this activity and the format of a suspicious Qchex item. You also may want to review your internal procedures for handling this type of draft and consider changes, such as requiring a longer hold period or contacting the financial institution on which the item is drawn.
      This is another example of increasingly sophisticated techniques used to create fraudulent checks. Criminals are using personal computers, laser printers, scanners, and other technology to create counterfeit checks, according to a June 2004 CUNA Mutual Group release. Shortened check-hold periods, competition, organized crime, employee turnover, and a lack of employee training also have contributed to this growing problem, the release states.

DELAWARE NOTES

Three staff members are attending CUNA schools. DOVER FCU’s Carole Langiu attended the Marketing Management Update and Karen Beers attended Part II in Madison, Wisconsin, June 5-10. Melba Saxton of CHESTNUT RUN FCU will attend CUNA Management School in Madison on July 10-22.  

Maurice Dawkins and the management staff of AMERICAN SPIRIT FCU hosted six members of the Sparrow Run 4-H Club and their leaders for a CU tour on June 14. This event was arranged through a cooperative partnership between the Cooperative Extension Service and the League.

In Credit Union Journal’s June 6 and 13 issues, two Delaware CUs were ranked nationally as “Peak-Performing CUs” in their asset category for the first quarter of 2005. LOUVIERS FCU ranked #10 in the country in the “return to saver” category for CUs with assets between $100-$250 million. PIPEFITTERS FCU ranked #9 in the “member service usage” category for CUs between $5-10 million in assets.  

DELAWARE FCU will hold the grand opening of its newly relocated branch in the Georgetown Plaza Shopping Center on July 15. The branch is now located at the intersection of Route 113 and County Seat Highway in Georgetown.

 

Job opportunity to be a trainer at Dover Federal Credit Union. Minimum of associate’s degree in business, education, or personnel relations or three years related experience is required. Must have advanced computer skills in all Microsoft programs and be able to use online training programs and webinars. Credit union background and knowledge of XP system desirable. Must have valid, unrestricted driver’s license. Email resumes to: searchcommittee@doverfcu.com

EDUCATION OPPORTUNITIES

Board of Directors Workshop: Recruiting CU Volunteers – Wednesday, July 20, 5:30-8:30 p.m., Del Tech, Dover. Dr. Michael Hudson will lead this discussion on how to recruit, develop, and retain CU volunteers. Fee: $35 per person (5^th+ attendees from one CU – free). Regis. deadline: 7/6.

League Council Meetings in July/August
7/13      Financial Mgmt. Council: Bank Secrecy Act and Internal Audits – 10 a.m.-2 p.m.
7/21      Human Resource Council – 10 a.m.-1 p.m.
7/27      Cards Council: Emerging Plastic Risks – 10 a.m.-1 p.m.
8/17      Mortgage Council: Compliance and Interest-Only Loans – 10 a.m.-1 p.m.
No fee for council members; $65 for non-council members. Enroll with Ruth at the League no later than two weeks before each session. 

July QuickBites Teleconferences
7/7        Cross-selling – 11 a.m.-noon
7/12      Minors’ Accounts – 11 a.m.-noon
7/14      Indirect Lending: Friend or Foe – 11 a.m.-1 p.m.
7/19      Introduction to CUs – 11 a.m.-noon
7/20      Call Center Member Service – 11 a.m.-noon
7/26      Reg B Discrimination: ECOA, FACT Act – 11 a.m.-1 p.m.
7/28      Indirect Lending vs. Auto Recapture – 11 a.m.-noon
The fee for each one-hour session is $99; the two-hour session is $169. Unlimited staff participation at each CU site. Deadline for registration is one week prior to the conference call. Call Bernadette to enroll. July special: Target gift card for registering!

One-Hour BSA Compliance Webinars
§     Thurs., July 14, at 10 a.m. – Bank Secrecy Act
§     Thurs., July 14, at 2 p.m. – USA Patriot Act and OFAC
§     Tues., July 19, at 10 a.m. – CTR and SAR Form Filing Details
§     Tues., July 19, at 2 p.m. – OFAC, CTR, and FinCEN Exemption Form Filing Details
The fee for each session is $100. For more information or to enroll, phone Don Baumann of the co-sponsor Verisure at 315-638-4334.

Regional Training Events
§         NCUA/Delaware League “Knock Out Predatory Lending and Improve Your Bottom Line” PALS Conference. Thursday, July 7, from 10 a.m.-3:30 p.m., at the Hyatt Regency in Baltimore. No charge. Call Bernadette at the League if you would like to carpool.
§         Penn State Judge/Bradley CU School. August 7-11, at the Penn State Conference Center Hotel in State       College, PA. This leadership development program is designed to meet the educational needs of CU       management staff. Fee: $645. Regis. deadline: July 22.
§         2005 CU Directors’ Institute. August 12-13, at the Nittany Lion Inn and Conference Center, State College,       PA. Designed for CU directors and volunteers. Fee: $350. Regis. deadline: July 10.
§         2005 North Law Firm Bankruptcy Conference for CUs. This conference, co-sponsored by the Delaware       League, is being offered in two locations in 2005: St. Pete’s Beach, Florida, on August 8-12, and Las Vegas,       Nevada, on December 5-9. With bankruptcy reform on the way, CU professionals must rethink how they analyze and fight bankruptcy cases. This in-depth program will provide practical information and training to help your CU handle consumer bankruptcy cases. Fee: $750 until July 8; $825 after July 8. Register online at       www.nlfbkconference.com or call Alice Smith at the League for a brochure.