AuditLink and TrustExchange Co-Sponsoring Vendor Management Conferences

Jim Vilker, NCCO

AuditLink, the auditing and compliance division of CU*Answers, and TrustExchange, a firm which helps financial institutions automate their vendor compliance monitoring, recently presented their first in a series of four web conferences designed to review the latest regulatory requirements, guidelines and best practices for vendor compliance management.

“Due to recent regulatory changes, vendor management has become an urgent focus for credit unions and CUSOs,” said Jim Vilker, VP of Professional Services for AuditLink. “This first web conference concentrated on the fundamentals of a sound vendor management program that meets those changing requirements in a way that scales very well.”

Ed Sullivan, CEO of TrustExchange added: “The expectation is that these relationships are monitored through their entire lifecycle from initial vendor selection, implementation, operations and contract renewal. It’s a complex problem that’s compounded by the inherent risk of the services offered and the number of vendors engaged. TrustExchange solves the problem by providing a platform for both vendors and credit unions to share this key information as it changes over time.”

The first session was designed for credit union and CUSO leaders to establish a top down understanding of the process and present solutions to overcome the burden. “Our goal is to present insight from the top down in an organization,” concluded Vilker. Future sessions will be designed for those directly responsible for the vendor management and dive deeper into the components of the criticality assessment phase. For more information, visit

AuditLink Holds Grand Opening Web Conference for Vendor Management Service

Jim Vilker, NCCO

CU*Answers, a 100% credit union-owned core data processor, recently held a grand opening web conference on the increasing challenges of developing a comprehensive vendor management program. AuditLink and Trust Exchange, formerly G2Link, have partnered together to create unique vendor management tools and processes to cater to the high regulatory expectations and high industry standards.

This event was hosted by Trust Exchange’s Ed Sullivan and AuditLink’s Jim Vilker, who demonstrated a deep understating on what a risk based vendor management program should contain. Credit unions were walked through the steps including the thought process, management, and continued due diligence that every vendor management program should have.

AuditLink Adds Seven New Daily Log Management Clients

Jim Vilker, NCCO

AuditLink, the auditing and compliance division of cooperative CUSO CU*Answers, announced in June at the CU*Answers Leadership Conference that they were giving back to their loyal Daily Log Management clients by giving them three free months of service. In addition to providing existing clients this free service, they also extended the offer any new credit unions that signed a two year contract by the end of 2016.

“We have had a great response to this promotion so far,” said Marsha Sapino, Assistant Manager of AuditLink. “Since the announcement, we have signed seven new clients; three of which were this month.”

The daily log management service includes BSA, suspicious activity, OFAC scan, employee accounts, wire transfer, dormancy, teller transaction, and file maintenance reviews. AuditLink also offers à la carte services like concentration risk analysis, ACH reviews, BSA review, duration analysis, and employee security reviews. Earlier in 2016, AuditLink announced that it had partnered with G2Link to provide vendor management services to credit unions. For more information, visit

Your Ultimate MLA Guide

Jim Vilker, NCCO

NEW! MLA Workflow Document for Lenders

We are proud to present a new document that will assist your lending staff in processing loans that must adhere to the guidelines of the Military Lending Act. This must-read document was created in cooperation with a number of credit unions who provided valuable input to help loan staff understand the process in booking MLA loans. This invaluable booklet describes the MLA workflow, including which loans are covered and which are not, an oral disclosure when booking a MLA loan, as well as instructions to use CU*BASE to work with MAPR and credit insurance on these specialty type loans. Get Your Copy Today

MLA Compliance Webinar

Join us for a free webinar on Tuesday, November 22 from 2:30 – 3:30 PM ET to learn how to process loans that fall under the Military Lending Act. This webinar will include knowledge from both the Lender*VP and AuditLink teams – you don’t want to miss this! No need to register, simply join the webinar a few minutes before it begins. Join the Webinar

MLA Champions, We Need You!

For the next 90 days, we need your feedback! How often are you serving a member of the military? Do you have programs focused on serving this community? Are your examiners asking about your awareness and execution? What can we do better to help you utilize your options? Your input will help us decide how to invest in future enhancements, and how we can best serve these communities with the next phase of development. What should be next on our plate as it relates to MLA? We welcome any and all comments! Give Feedback!

NAFCU Blog on BSA Reporting Myths

Marsha Sapino AAP

Happy Friday!  If you don’t already get the NAFCU blog emails every day, I highly encourage you to sign up.  Today they wrote a great post on BSA reporting myths that I wanted to share.

Have a great weekend!

Same Day ACH Q & A

Marsha Sapino AAP

Same Day ACH is here!  CU*Answers has compiled a list of answers to common questions asked by our clients as it relates to Same Day ACH.  Please contact a CU*Answers representative if you have additional questions.




We will only have to post Same Day Credits this year, correct?

    • Correct, only credits will be coming as same date transactions right now. Debits only need to be posted once per day at the time slot your credit union selects.


Where do I find the settlement date on the ACH report?

    • PACXTB shows this information in the company header line SETT xxx is the Julian date format


What is the “Allow early post/effective date override for specific Company IDs” check box at the bottom of the ACH Posting Controls screen (General Configuration 1 menu MNCNFC)? 

    • This is to activate the ability to override the posting date, by ACH company. You must then use the Update Company feature in ACH Distribution Maintenance (from the ACH/Payroll Processing menu MNACHP) to mark a specific company to actually use this override. If any individual company is overridden, its transactions will post at the first opportunity and not wait until the settlement date (credits only).


How many times a day will we have exceptions to work?

    • You could have exceptions up to three times a day (depending on your configurations): once for each posting time. But you can still work them next day as you do now.


Will exceptions be in the Work Daily ACH Exceptions feature on the ACH/Payroll Processing menu (MNACHP #4)?

    • Yes


What time will the last file come in from the ACH operator with credits to be posted same day?

    • 4pm (16:00) ET which is new as of 9/23/16


You said we have to post evening credits? Is that the CU’s responsibility or does CU*Answers do that?

    • It is your credit union’s responsibility to configure credits to be posted in the evening. CU*BASE only posts what is configured by your credit union. The recommendation is to post both debits and credits in the evening regardless of the other posting times, in order to remain in compliance.


So how does this affect Xtend SRS Bookkeeping? When will they work the exceptions?

    • Xtend SRS bookkeeping services will continue to work credit union ACH exceptions that show on the morning reports. At this time, we are not making any changes to our processing. However, once the activity for same-day transactions start to post, then you may call Xtend SRS to negotiate different terms. Keep in mind that if the account number format for the same-day credits is correct then they will post, so the volume of exceptions is uncertain at this time.


If the CU chooses to post an afternoon file, will there be an additional cost?

    • No.


Do we have to make sure the configurations are set or will you be setting them?

    • It is the responsibility of your credit union to ensure your configurations are correct. Access the ACH Posting Controls via the General Configuration 1 menu (MNCNFC).


How will we know that there are same-day credits posted? Which report would that be?

    • There is not a special report for same-day transactions. All detail is available on the PACXTB report and is simply a matter of the settlement day and time the file sent. Posting is still determined by the settlement day.


If we post a midday file and process the returns, when will the returns be processed?

    • If you post the afternoon file and work them before the 3:00ET return window, you could still return same day. Otherwise, they will be returned next day as they always have.

Examination Innovation Proving to be a Win-Win for Credit Unions and their Examiners

Jim Vilker, NCCO

AuditLink, the auditing and compliance division of cooperative CUSO CU*Answers, spent part of their time at the recent CU*Answers Strategic Board Planning Session reflecting on the successes and areas for growth with its Examination Innovation initiative. The group’s objective is to improve the examination process by making it less of a burden on both credit union and examiner through the implementation of technology and tools that make the process more efficient.

Jim Vilker, Manager of AuditLink said: “Early adopters of examination innovation are proving that the initiative really is a win-win. Examiners experience expense reduction and an improved quality of life as less time is spent on-site at the credit union, and credit unions gain the benefit of less stress and less staff time taken up by the examination process.”

Vic Pantea, Manager of Marketplace Alliances added: “We have identified two elements of examination practice that are addressed in our strategy for innovation. First, the technology aided observation and surveillance of credit union activities crucial to an effective and efficient examination. Second, the technology to immediately react, request and securely receive the encrypted in-depth details and data sets keyed by the surveillance tool. Our strategic objective is to BOTH increase the quality and timeliness of oversight while lowering the costs of examination for BOTH the regulator and the regulated.”

AuditLink has worked with regulators from a handful of Midwest states to begin accepting files electronically, and continues to add new alerts and tolerances into My CU Today, an online dashboard for key credit union metrics, and in so doing will allow for remote examiner supervision on a continuous basis.

Same Day ACH – We Are Ready

Marsha Sapino AAP

*UPDATE*  We have made a couple clarifying changes to the PowerPoint.

Thank you to all who attended this afternoon’s webinar on Same Day ACH.  As promised, I have attached the PowerPoint slides from the presentation.  Jeff and I will work on getting answers to the few questions we missed and I will have them posted here shortly.

Same Day ACH – We are Ready

Update FinCEN’s 314(a) Announcement

Jim Vilker, NCCO

Last week FinCEN announced that they were adding new data elements to the 314a file that you download and scan against member accounts.  They reported that they would be adding email, IP address, and website address to an existing field in the file.  No additional fields are being added; rather, new data type descriptions and data elements will be added to the existing social security number fields.  In the announcement they made it appear as though you would be seeing the changes by September 1st.   

We reached out to FinCEN last week asking for clarity on the announcement and they returned our email stating the September 1st date was relative to them being ready for law enforcement to begin inputting the new information, and that the inclusion of the information on the 314a file would not be immediate.  They did not give us a date when that would occur.   We subsequently reached out to FinCEN yesterday to get technical support relative to the changes and they have replied that the technical specifications will be arriving shortly.  No date was given.    

No changes will be made to the existing scan until we receive those specifications. 

So what if the data begins flowing before the changes are made?  If this happens you would see an error message when uploading the file, as the length of the field does not support more than 20 characters.  Again, until we get technical specifications we will not be changing the size of this field.  Selecting OK on the error is the appropriate response and the scan will continue without a hitch.    

It is important that you understand that the primary fields that are being matched are those related to the individuals name and alias name and then subsequently validated against date of birth.  If there is a hit on the primary search the system continues and scans the remaining fields.  In the event that the primary search does not find a match, the remaining information is not scanned.  This secondary scan writes out other information that matches the additional fields to a report which can be used for additional validation.  What you report back to FinCEN is the fact that you have a match on the name, not the additional information that actually matches on the file.   

We will continue to keep you updated once we receive additional information from FinCEN and have an opportunity to evaluate the development effort for any adjustments we will need to make.



CU*Answers, Zoot, and the Military Lending Act (MLA)

Jim Vilker, NCCO

As we’ve previously reported, we are working closely with Zoot in regards to MLA in order to develop the specifications that will ultimately lead to displaying an active military status on credit reports in CU*BASE GOLD.  In a recent meeting between CU*Answers and Zoot staff, we learned from Zoot that our clients should be contacting credit bureaus to determine what will be required in order to be allowed to receive this information.

It is anticipated that there will be an additional agreement between the credit union and the bureaus, potentially an additional cost, and may even require credit unions to update subscriber codes on GOLD used to pull reports.   While there are some steps your credit union will need to take, it is important to understand that CU*Answers will be doing the testing directly with the bureaus through Zoot; no testing will be required on your end.  However, be sure to add to your task list that you will need to be prepared to execute the new agreement and supply CU*Answers with the new subscriber codes if any have changed.

New Information Regarding 314(a) Data

Marsha Sapino AAP

Many of you received the email from FinCEN today announcing that IP addresses and e-mail addresses may be included within the 314(a) subject information that is made available to you via the Secure Information Sharing System (SISS).  CU*Answers also received this email and is researching what (if anything) we will need to do with this data.  We will keep you posted!

AuditLink Thanks Clients with Three Free Months of Daily Compliance Monitoring; Extends Offer to New Clients

Jim Vilker, NCCO

AuditLink, the auditing and compliance division of cooperative CUSO CU*Answers, is giving back to the clients that have helped the team achieve success in driving down the cost of compliance for credit unions. In an announcement sent to the credit union clients of the CU*Answers network, AuditLink stated that it would be giving three months of free daily log management services to all credit unions currently using the service.

“We’re so thankful for the credit unions that have been a part of our development over the years,” said Jim Vilker, Manager of AuditLink. “We’ve been dedicated to improving auditing practices and driving down the cost of compliance, and that wouldn’t be possible without the help of our credit unions and CU*Answers, working cooperatively to develop new methodologies and tools, and sharing best practices.”

In addition to providing existing clients with free daily activity monitoring services, AuditLink extended the offer to any new credit unions that sign up for a two year contract by the end of 2017. Vilker added: “We hope to add new client credit unions who can not only benefit from our services, but who can contribute to the evolution of our organization.” Daily log management includes BSA, suspicious activity, OFAC scan, employee account, wire transfer, dormancy, teller transaction, and file maintenance reviews.

AuditLink also offers a la carte services like concentration risk analysis, ACH reviews, BSA review, duration analysis, and employee security reviews. Earlier in 2016, AuditLink announced that it had partnered with G2Link to provide vendor management services to credit unions. For more information, visit

Update to the Military Lending Act (MLA)

Jim Vilker, NCCO

More and more is being learned about the requirements of the Military Lending Act here at CU*Answers, and questions continue to be asked relative to what changes we anticipate making in CU*BASE. This update will investigate the three main requirements and then further describe where we are at relative to the core platform. For previously shared information regarding MLA, visit

Requirement #1

The first requirement includes the credit union’s responsibility to identify covered borrowers prior to the approval of credit. As stated previously, it does not appear that the DOD will be allowing many financial institutions to access the direct connect portal. To date it does not appear as though any changes to this are on the horizon. We continue to track the credit reporting agencies’ progress on listing the active duty status on credit reports. To date Equifax is the only CRA that has stated they are currently in the testing phase of accessing the MLA database and displaying it on their reports. We have begun discussions with ZOOT and asked that we be kept in the loop as the testing phase continues so as to, if necessary, make any changes on our end. As a reminder, identifying covered borrowers must only be completed at the time of application or refinance. Existing members in an active duty status do not need to be checked.

Requirement #2

The calculation of MAPR continues to be the hot button and there have been numerous compliance events where this has been the headlining discussion. The kicker revolves around the fact that credit insurance and other fees are defined as a finance charge by the DOD and included in the calculation. If credit insurance is chosen, the credit union must then calculate the MAPR including the cost and verify that result does not exceed 36%. In the event the percentage does exceed the limit, the interest rate on the loan must be adjusted accordingly. This is a requirement for both open and closed end loans.

However, the calculation does warrant some clarity for lending and compliance professionals. An important piece of the regulation that must be taken into consideration with the MAPR calculation is that the requirement does not apply to:

  •  Any credit transaction secured by an interest in a dwelling regardless of it being open or closed end
  • Any credit transaction that is expressly intended to finance the purchase of a vehicle when the vehicle is used as collateral
  • Any credit transaction that is expressly intended to finance the purchase of personal property when the credit is secured by that property

Even today subsequent interpretations are being discussed relative to the definitions which appear to be a moving target.

This does beg the question of what types of loans are covered. Basically it would be the unsecured and loans in which a security interest is taken in personal property where the member is not financing the purchase of the property. This is important to understand in that this vastly limits the population of potential loans that would ever be made during a given year; in some credit unions it may never happen at all.

We continue to research the calculation of the MAPR. To date we have received and evaluated the MAPR calculation for closed end loans but have not received any information on what the calculation looks like for open end loans or its application to the monthly billing cycle. An important reminder for open end unsecured credit is that this calculation must be completed every billing cycle and tested against the 36% tolerance. We will continue to monitor any updates relative to the calculations but based upon the types of loans this applies to and the chance of it even coming into play we have decided to not make any programming changes relative to MAPR at this time.

Requirement #3

The final requirement revolves around required disclosures to covered borrowers. Credit unions have been working directly with forms providers and the effort to complete these forms includes your provider as well as the Lender*VP Forms department. These forms have been coming steadily all year and we are working on completing them as they are received.


What should credit unions expect on October 1st relative to system functionality? At this point we believe Equifax will be ready to display the active duty status. Credit unions using the other two CRAs will need to drop an icon on loan officers’ desktops for access to the MLA database. In the event credit unions offer unsecured loans or takes a security interest in personal property where the loan is not expressly made for the purchase of that property loan officers should be hesitant on adding credit life and/or charging other fees that would qualify under the MAPR calculation.

Record Attendance for AuditLink’s Second Conversations on Compliance Symposium

Jim Vilker, NCCO
“We had an amazing turnout this year,” said Marsha Sapino, AuditLink Assistant Manager. “We filled our training room to its capacity. Turnout was so high in fact that next year we will be moving the event off-site and will open up the invitation to individuals outside the CU*Answers client network as well.” The full day schedule included discussions on regulatory updates, profitability & mergers, and overdraft protection regulatory & legal risks. In addition to AuditLink professionals Jim Vilker, manager, and Marsha Sapino, guest speakers were on hand to provide their own insights on the changing regulatory environment. Mr. Vilker added: “There’s clearly an appetite among credit unions for information relating to regulatory updates and compliance in general. We’re looking forward to the event next year and to opening it up to credit unions outside the CU*Answers network.”