Same Day ACH – We Are Ready

Marsha Sapino AAP

*UPDATE*  We have made a couple clarifying changes to the PowerPoint.

Thank you to all who attended this afternoon’s webinar on Same Day ACH.  As promised, I have attached the PowerPoint slides from the presentation.  Jeff and I will work on getting answers to the few questions we missed and I will have them posted here shortly.

Same Day ACH – We are Ready

Update FinCEN’s 314(a) Announcement

Jim Vilker, NCCO

Last week FinCEN announced that they were adding new data elements to the 314a file that you download and scan against member accounts.  They reported that they would be adding email, IP address, and website address to an existing field in the file.  No additional fields are being added; rather, new data type descriptions and data elements will be added to the existing social security number fields.  In the announcement they made it appear as though you would be seeing the changes by September 1st.   

We reached out to FinCEN last week asking for clarity on the announcement and they returned our email stating the September 1st date was relative to them being ready for law enforcement to begin inputting the new information, and that the inclusion of the information on the 314a file would not be immediate.  They did not give us a date when that would occur.   We subsequently reached out to FinCEN yesterday to get technical support relative to the changes and they have replied that the technical specifications will be arriving shortly.  No date was given.    

No changes will be made to the existing scan until we receive those specifications. 

So what if the data begins flowing before the changes are made?  If this happens you would see an error message when uploading the file, as the length of the field does not support more than 20 characters.  Again, until we get technical specifications we will not be changing the size of this field.  Selecting OK on the error is the appropriate response and the scan will continue without a hitch.    

It is important that you understand that the primary fields that are being matched are those related to the individuals name and alias name and then subsequently validated against date of birth.  If there is a hit on the primary search the system continues and scans the remaining fields.  In the event that the primary search does not find a match, the remaining information is not scanned.  This secondary scan writes out other information that matches the additional fields to a report which can be used for additional validation.  What you report back to FinCEN is the fact that you have a match on the name, not the additional information that actually matches on the file.   

We will continue to keep you updated once we receive additional information from FinCEN and have an opportunity to evaluate the development effort for any adjustments we will need to make.

 

 

CU*Answers, Zoot, and the Military Lending Act (MLA)

Jim Vilker, NCCO

As we’ve previously reported, we are working closely with Zoot in regards to MLA in order to develop the specifications that will ultimately lead to displaying an active military status on credit reports in CU*BASE GOLD.  In a recent meeting between CU*Answers and Zoot staff, we learned from Zoot that our clients should be contacting credit bureaus to determine what will be required in order to be allowed to receive this information.

It is anticipated that there will be an additional agreement between the credit union and the bureaus, potentially an additional cost, and may even require credit unions to update subscriber codes on GOLD used to pull reports.   While there are some steps your credit union will need to take, it is important to understand that CU*Answers will be doing the testing directly with the bureaus through Zoot; no testing will be required on your end.  However, be sure to add to your task list that you will need to be prepared to execute the new agreement and supply CU*Answers with the new subscriber codes if any have changed.

New Information Regarding 314(a) Data

Marsha Sapino AAP

Many of you received the email from FinCEN today announcing that IP addresses and e-mail addresses may be included within the 314(a) subject information that is made available to you via the Secure Information Sharing System (SISS).  CU*Answers also received this email and is researching what (if anything) we will need to do with this data.  We will keep you posted!

AuditLink Thanks Clients with Three Free Months of Daily Compliance Monitoring; Extends Offer to New Clients

Jim Vilker, NCCO

AuditLink, the auditing and compliance division of cooperative CUSO CU*Answers, is giving back to the clients that have helped the team achieve success in driving down the cost of compliance for credit unions. In an announcement sent to the credit union clients of the CU*Answers network, AuditLink stated that it would be giving three months of free daily log management services to all credit unions currently using the service.

“We’re so thankful for the credit unions that have been a part of our development over the years,” said Jim Vilker, Manager of AuditLink. “We’ve been dedicated to improving auditing practices and driving down the cost of compliance, and that wouldn’t be possible without the help of our credit unions and CU*Answers, working cooperatively to develop new methodologies and tools, and sharing best practices.”

In addition to providing existing clients with free daily activity monitoring services, AuditLink extended the offer to any new credit unions that sign up for a two year contract by the end of 2017. Vilker added: “We hope to add new client credit unions who can not only benefit from our services, but who can contribute to the evolution of our organization.” Daily log management includes BSA, suspicious activity, OFAC scan, employee account, wire transfer, dormancy, teller transaction, and file maintenance reviews.

AuditLink also offers a la carte services like concentration risk analysis, ACH reviews, BSA review, duration analysis, and employee security reviews. Earlier in 2016, AuditLink announced that it had partnered with G2Link to provide vendor management services to credit unions. For more information, visit https://auditlinksuite.com/.

Update to the Military Lending Act (MLA)

Jim Vilker, NCCO

More and more is being learned about the requirements of the Military Lending Act here at CU*Answers, and questions continue to be asked relative to what changes we anticipate making in CU*BASE. This update will investigate the three main requirements and then further describe where we are at relative to the core platform. For previously shared information regarding MLA, visit https://auditlinksuite.com/.

Requirement #1

The first requirement includes the credit union’s responsibility to identify covered borrowers prior to the approval of credit. As stated previously, it does not appear that the DOD will be allowing many financial institutions to access the direct connect portal. To date it does not appear as though any changes to this are on the horizon. We continue to track the credit reporting agencies’ progress on listing the active duty status on credit reports. To date Equifax is the only CRA that has stated they are currently in the testing phase of accessing the MLA database and displaying it on their reports. We have begun discussions with ZOOT and asked that we be kept in the loop as the testing phase continues so as to, if necessary, make any changes on our end. As a reminder, identifying covered borrowers must only be completed at the time of application or refinance. Existing members in an active duty status do not need to be checked.

Requirement #2

The calculation of MAPR continues to be the hot button and there have been numerous compliance events where this has been the headlining discussion. The kicker revolves around the fact that credit insurance and other fees are defined as a finance charge by the DOD and included in the calculation. If credit insurance is chosen, the credit union must then calculate the MAPR including the cost and verify that result does not exceed 36%. In the event the percentage does exceed the limit, the interest rate on the loan must be adjusted accordingly. This is a requirement for both open and closed end loans.

However, the calculation does warrant some clarity for lending and compliance professionals. An important piece of the regulation that must be taken into consideration with the MAPR calculation is that the requirement does not apply to:

  •  Any credit transaction secured by an interest in a dwelling regardless of it being open or closed end
  • Any credit transaction that is expressly intended to finance the purchase of a vehicle when the vehicle is used as collateral
  • Any credit transaction that is expressly intended to finance the purchase of personal property when the credit is secured by that property

Even today subsequent interpretations are being discussed relative to the definitions which appear to be a moving target.

This does beg the question of what types of loans are covered. Basically it would be the unsecured and loans in which a security interest is taken in personal property where the member is not financing the purchase of the property. This is important to understand in that this vastly limits the population of potential loans that would ever be made during a given year; in some credit unions it may never happen at all.

We continue to research the calculation of the MAPR. To date we have received and evaluated the MAPR calculation for closed end loans but have not received any information on what the calculation looks like for open end loans or its application to the monthly billing cycle. An important reminder for open end unsecured credit is that this calculation must be completed every billing cycle and tested against the 36% tolerance. We will continue to monitor any updates relative to the calculations but based upon the types of loans this applies to and the chance of it even coming into play we have decided to not make any programming changes relative to MAPR at this time.

Requirement #3

The final requirement revolves around required disclosures to covered borrowers. Credit unions have been working directly with forms providers and the effort to complete these forms includes your provider as well as the Lender*VP Forms department. These forms have been coming steadily all year and we are working on completing them as they are received.

Wrap-up

What should credit unions expect on October 1st relative to system functionality? At this point we believe Equifax will be ready to display the active duty status. Credit unions using the other two CRAs will need to drop an icon on loan officers’ desktops for access to the MLA database. In the event credit unions offer unsecured loans or takes a security interest in personal property where the loan is not expressly made for the purchase of that property loan officers should be hesitant on adding credit life and/or charging other fees that would qualify under the MAPR calculation.

Record Attendance for AuditLink’s Second Conversations on Compliance Symposium

Jim Vilker, NCCO
“We had an amazing turnout this year,” said Marsha Sapino, AuditLink Assistant Manager. “We filled our training room to its capacity. Turnout was so high in fact that next year we will be moving the event off-site and will open up the invitation to individuals outside the CU*Answers client network as well.” The full day schedule included discussions on regulatory updates, profitability & mergers, and overdraft protection regulatory & legal risks. In addition to AuditLink professionals Jim Vilker, manager, and Marsha Sapino, guest speakers were on hand to provide their own insights on the changing regulatory environment. Mr. Vilker added: “There’s clearly an appetite among credit unions for information relating to regulatory updates and compliance in general. We’re looking forward to the event next year and to opening it up to credit unions outside the CU*Answers network.”

Conversations on Compliance – Another Successful Event

Marsha Sapino AAP

We here at AuditLink would like to thank everyone that attended our Conversations on Compliance event on May 24.  It was a great day! As promised, attached are the presentations from the day.  Mark your calendars for next year as we will be moving this event to a venue. Tentative date is May 10, 2017. We want to thank Steve Van Beek from Howard & Howard and Charley McQueen from McQueen Financial for joining us.

 

 

Releases – Marsha Sapino

Profitabliity Merger – Charley McQueen

Regulatory Update – Jim Vilker

Overdraft Protection – Steve Van Beek

 

 

 

AuditLink Moving Forward with Top Ten Products

Jim Vilker, NCCO

CU*Answers has announced that AuditLink’s Top Ten suggested projects previously presented are in various stages of client implementation, programming development, or still being reviewed.

AuditLink, a division of CU*Answers, has re-iterated that a key strategy is to design system features that create a least-cost process in the credit union and meet the minimum requirements imposed by regulators and third party auditors. Some of the best ideas suggested simply need credit unions to share best practices and existing methodologies to accomplish the task and do not even require software enhancements.

The list is openly published on the cuanswers.com website, so any credit union may comment on a suggestion, make recommendations, and participate in an online dialogue. Listed enhancements include:

1.    BSA enhancements per primary and joint owner activity tracking
2.    Cashed check tracking – audit log expansion
3.    Critical field monitoring – allowing the credit union to choose critical system fields to be displayed separately within the file maintenance log
4.    Identity theft – creating a system configuration that allows tracking/ reporting of a specified number of months since the last transaction
5.    Wire transfer enhancements for fraud
6.    Expanding enterprise risk management with additional 5300 Call Report ratios
7.    Reg D monitoring
8.    Reg CC holds on non-transaction accounts
9.    Include ATM transactions in BSA monitoring
10.    Enhanced abnormal activity monitoring

AuditLink Becomes G2Link Vendor Monitoring Reseller

Jim Vilker, NCCO

AuditLink, the audit and compliance division of the West Michigan-based CUSO CU*Answers, announced that it has become a reseller of the G2Link vendor monitoring platform, which helps financial institutions automate their vendor compliance monitoring.

AuditLink helps credit unions reduce their cost of compliance by providing compliance management services including daily log management, comprehensive program reviews, compliance training, and best practices review. The latest vendor management requirements are complex and entail significant additional effort on behalf of all involved parties: credit unions and their vendors. Recognizing this, CU*Answers found in G2Link a partner capable of solving this problem uniquely by creating a network of vendors making the exchange of requirements more cost effective and secure.

As part of the effort to reduce the cost of compliance, CU*Answers has provided a free vendor management system, the Risk Management Report Generator, for years. With this new partnership with G2Link, AuditLink will now be able to offer credit unions with a more complete vendor management service. AuditLink professionals will work with their credit union clients to ensure vendor due diligence is performed and appropriate materials are gathered from within G2Link’s system.

G2Link’s industry-leading platform is designed to accommodate the rapidly changing compliance requirements, while providing cost effective scale for the growing number of regulations. The regulatory requirements are particularly complex for credit unions and vendors alike.

“Today every business relies on more allies, partners, and vendors than ever before,” said Jim Vilker, AuditLink Manager, NCCO, CAMS. “It’s a networked world and keeping track of just the names of all the players who contribute to your organization’s success can be challenging, let alone the key data and information you need to defend them during vendor due diligence audits. You feel like you know your partners, but without the data can you prove you know your partners? G2Link data is part of our plan to know our partners.”

Mr. Vilker added, “Serving our credit union customers and setting the standard for regulatory compliance is an important part of our overall customer experience. The G2Link platform enables us to scale our compliance and deliver superior experiences for both CU*Answers customers and our internal stakeholders.”

“CU*Answers is at the forefront of setting the standard for compliance” said Edward Sullivan, CEO, G2Link. “We’re delighted to serve as CU*Answers’ partner as they further optimize their vendor compliance and in turn drive higher value to their credit union customers.”

CU*Answers Hosts Compliance Event!

Jim Vilker, NCCO

CU*Answers announced that on Tuesday, May 24thit held its 2nd Annual Conversation on Compliance Training Event at its corporate facility location. CU*Answers invited credit unions to spend a day with its AuditLink professionals as they discussed the hot topics surrounding the world of auditing, risk mitigation, and compliance.

The day’s events were kicked off with AuditLink’s Jim Vilker reviewing recent regulatory updates including cyber security and vendor management. Special guest Steve Van Beek of Howard & Howard Attorneys PLLC was on hand to talk about the risks associated with overdraft protection programs.

Special guest Charles McQueen of McQueen Financial kicked off the afternoon with a discussion on profitability in a low interest rate environment as well as navigating mergers. Lastly, Marsha Sapino covered recent enhancements in CU*BASE® that affect the auditing world.

AuditLink Prepares for 2nd Annual Compliance Symposium

Jim Vilker, NCCO

AuditLink, the audit and compliance division of the West Michigan-based CUSO CU*Answers, has announced the date of their 2nd annual Conversations on Compliance event. “We had a really great turnout last year so we have decided to make it an annual event,” said Marsha Sapino, AuditLink Associate.

Sapino continued, “Our lineup will consist of Jim Vilker, VP of Professional Services, and myself, as well as two guest speakers: Charles McQueen from McQueen Financial Services and Steven Van Beek from Howard & Howard Attorneys PLLC.”

The date of this free event is May 24, 2016 at the CU*Answers facility in Grand Rapids, Michigan. The agenda and registration link can be found on the CU*Answers website.

FinCEN Cybersecurity Recommendation

Marsha Sapino AAP

At a Cybersecurity forum in New York on December 10, 2015, FinCEN Director Jennifer Shasky Calvery said that Financial Institutions should include IP addresses and other cyber-derived information in the SARs that they file.

Shasky Calvery states: “This information is incredibly important to the FinCEN analysts and law enforcement investigators working to combat cyber-crimes.”

For CU*BASE GOLD clients, this data can be obtained by going to MNQURY #17.

AuditLink Services Rapidly Expanding

Jim Vilker, NCCO

CU*Answers Managed Services, a subsidiary of CU*Answers, recently announced that its AuditLink service to credit unions continues to grow and is now providing a full suite internal audit review, monitoring and reporting services to dozens of credit unions utilizing the CU*BASE® member processing system. AuditLink is a credit union’s execution arm for tackling auditing and compliance related requirements.

AuditLink stated its suite of services is designed to reduce the added work imposed by seemingly endless regulations and compliance issues challenging credit unions today. Future forecasts continue to indicate an even greater focus upon these areas, with stringent rules and penalties for violators. This has placed an even greater criteria of internal accountability being required to assure these regulatory requirements are being met. In addition to an initial credit union meeting for helping determine the status and level of service desired, AuditLink’s dedicated team provides each credit union with an executive summary stating the on-going auditing activities performed and their outcomes. Written recommendations are designed to improve internal credit union processes, on-going procedures and staff training.

In addition to its consultative services, AuditLink also provides daily auditing monitoring and reporting services and prices charged for its service represents a tiny fraction of what is traditionally seen in the credit union industry. Most clients for which it performs services have saved many thousands of dollars as compared to alternative providers, updating internal credit union procedures performed and or performing daily monitoring/ reporting management services.