AuditLink Advisor – February 2009

Of the 31 identified potential Red Flags, tools native to CU*BASE GOLD can control the event or monitor activity in at least 50% of them. Those not covered by the software, require well defined internal procedures which have little to do with the use of CU*BASE but can be tracked through its tracking system. During the recent AuditLink focus group held on February 20th the AuditLink team reviewed many of these components of CU*BASE but I would like to more fully describe them to assist you in developing internal procedures.

CU*BASE Spring Release

Coming this spring, CU*Answers will introduce a full integration of the Experian AS Level 1 product into account opening and update processes. As you are aware this integration was put in place as a method of performing Red Flag due diligence during these processes. The specific Red Flag relates to the use of an external source for member verification and identification of potential fraudulent activity. With that said, listed below are the Red Flags that directly pertain to the AS Level 1 verification during the account opening process.

  • Address discrepancy by CRA (also on CB report)
  • Fraud or active duty alert (also on CB report)
  • Personal information is associated with known fraudulent activity
  • Personal information is inconsistent when compared to external sources
  • Personal information provided is inconsistent including phone, SSN, address, drivers license, DOB
  • Address is fictitious, a mail drop, or prison

The Advisor Suggests…

Even though the interface for AS 1 will be integrated into the CU*BASE platform, I encourage you to retain the internet access point through the “Network Links” button as well. There will be instances other than those related to updating or opening a new account when validation through AS 1 is recommended. One likely activity is for incoming wire transactions.

Establish procedures

Returned member statements while transactions are occurring is a red flag that warrants attention. To monitor for this on CU*BASE I suggest you run a report on mail Group 7 and review accounts to make sure there are no transactions being performed. You should have procedures in place to contact the member immediately and obtain an updated address.

Procedures should also address circumstances where you are unable to contact the member and establish escalation procedures including freezing of the account. These procedures should be reviewed with those staff members who are responsible for monitoring dormancy. Accounts with activity while the members account has been flagged with a wrong address flag deserve an even higher degree of scrutiny.

Credit unions should also review phone center and teller line procedures relative to completing transactions when this situation exists. Don’t forget to include the findings in a CU*BASE Audit tracker.

Anomalous use of account

Other areas of the Act relate to the “anomalous use of account” such as the account has not been used for a lengthy period of time and there is a sudden flurry of activity. Again, the system has the tools to assist you in monitoring for this type of activity which revolves around dormancy monitoring. First, determine the definition of “lengthy period of time”, then apply that decision to CU*BASE dormancy monitoring configuration. Inactivity will be tracked at that level. Train your staff on the fact that this is no longer just a dormancy issue or internal control procedure but is now an event regulated by FACTA. Use your tools. Remember to record these discoveries in an Audit Tracker.

Another “anomalous use of account” is the first payment default event. Your collections staff plays a key role in monitoring for this event. Make sure they understand the new ‘sort feature’ in CU*BASE for first payment date. Accounts with a first payment of 00/00/00 are based on a first payment default date. When they become delinquent, they must be reviewed not only for collection but for potential fraudulent activity. Train your collections staff to escalate events of this nature and be diligent in creating and keeping tracker records up to date for all member contacts.

The final “anomalous use of account” occurs when a member who has judiciously used credit in the past, suddenly uses the majority of their available credit on credit cards. In this case, investigation is required to determine if the use of the card is legitimate, or if fraud is evident. If you have CU*BASE on-line credit cards, the financial data is available through the custom report writer. If not you will need to contact your vendor to develop this report through them.

Coming Features

One of the central requirements outlined in FACTA revolves around address and vital information changes. State chartered, Federally insured credit unions were not given a reprieve on this part of the regulation, although other factors were delayed. To meet the desired results of this flag we are working on a new, automated feature of the CU*BASE system. This new feature will track the number of days between vital information changes. Each time a change is made a warning will alert your staff and automatically notify the member when address, phone number, or
e-mail address has been changed within the configured risk period. The warning message is displayed on the teller line, inquiry, phone operator, and card ordering systems.

Below is a list of the “Other Red Flags” (as defined in the regulation) and tools CU*BASE provides as a solution.

  • An employee has downloaded an unusually large amount of customer data.
    This project is currently in CU*BASE development, soon to become a report which generates daily.
  • The address, SSN, and home or cell phone number provided is the same as that submitted by other persons opening an account or other customers.
    This was requested by a client and is currently being reviewed for possible development.

Your Red Flags Tool Box

  • The financial institution or creditor detects attempts to access a customer’s account by unauthorized persons.
    To detect if this is occurring on your member accounts go to MNAUDT option 6. This report shows accounts disabled in home banking and the last successful log-in. Investigate these incidents carefully to assure they are valid indicators of a violation rather than typing mistakes by the member.
  • A consumer report indicates a pattern of activity that is inconsistent with the history and usual pattern of activity of an applicant or customer, such as:
    • A recent and significant increase in the volume of inquiries.
      Tool: Included on credit report.
    • An unusual number of recently established credit relationships.
      Tool: Included on credit report.
    • A material change in the use of credit, especially with respect to recently established credit relationships.
      Tool: Included on credit report.
    • An account was closed for cause or identified for abuse of account privileges by a financial institution or creditor.
      Tool: Included on credit report. Some credit unions also pull a Chex systems Report for this purpose.

Internal Procedures should address these

  • Documents provided for identification appear to have been altered
  • The photograph or physical description on the identification is not consistent with the appearance of the applicant or customer presenting the identification
  • Other information on the identification is not consistent with information that is on file, such as a signature card.
  • The address on an application is the same as the address provided on a fraudulent application.
  • The phone number on an application is the same as the number provided on a fraudulent application.
  • The person opening the account or the customer fails to provide all required information on an application.
  • Personal information provided is not consistent with information that is on file.
  • The person opening the account or the customer cannot provide authenticating information beyond that which generally would be available from a wallet or consumer report.
  • An account is used in a manner that is not consistent with established patterns of activity on the account. There is, for example:
    • Nonpayment when there is no history of late or missed payments.
    • A material increase in the use of available credit.
    • A material change in purchasing or spending patterns.
    • A material change in electronic fund transfer patterns in connection with a deposit account.
    • Notice from Customers or Others Regarding Customer Accounts
    • The financial institution or creditor is notified of unauthorized charges in connection with a customer’s account.
    • The financial institution or creditor is notified that it has opened a fraudulent account for a person engaged in identity theft.
    • The financial institution or creditor is notified that the customer is not receiving account statements
    • The financial institution or creditor is notified that its customer has provided information to someone fraudulently claiming to represent the financial institution or creditor or to a fraudulent Web site.
    • Electronic messages are returned to mail servers of the financial institution or creditor that it did not originally send. These indicate that customers may have been asked to provide information to a fraudulent Web site that looks similar, even identical, to the Web site of the financial institution or creditor.
    • The name of an employee of the financial institution or creditor has been added as an authorized user on an account.
    • The financial institution or creditor detects or is informed of unauthorized access to a customer’s personal information.
    • There are unusually frequent and large check orders in connection with a customer’s account.
    • The person opening an account or the customer is unable to lift a credit freeze placed on his or her consumer report.

In the next edition of AuditLink Advisor, Terri Ubanek will discuss some of the ways Community Credit Union has addressed Red Flag requirements relating to their new internal procedures.

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>