NCUA Report; FinCEN SAR Activity Review

Written by Bernadette Clair, Regulatory Compliance Counsel

The May issue of the NCUA Report is now available. This issue includes the following:

• Office of Examination and Insurance Report: Demystifying Capital Requirements for Credit Unions – Part 2

• Chairman’s Corner: Secure Liquidity Sources While the Sun is Shining

• Board Actions: Share Insurance And Stabilization Funds Remain on Sound Footing

• Board Perspective: Everyone Comes Out a Winner

• Electronic Banking Threats and Security

• Mobile Banking Offers Credit Unions New Ways to Attract Members, Offer Value

• Deadline for Consulting Service Nominations is May 31

• FFIEC Appraisal Complaint Hotline Opens

• NCUA Discontinues Mailing Regulatory Letters to Credit Unions; Will Send by Email Instead

There are a few good reads in this issue, and we’ll take a closer look at Electronic Banking Threats and Security tomorrow.

****

FinCEN SAR Activity Review.  FinCEN has released its 23^rd Issue of the SAR Activity Review – Trends, Tips & Issues, as well as the 18^th Issue of the SAR Activity Review – By the Numbers. These two reports are an excellent source of information on the latest trends and numbers in suspicious activity reporting.

The Buck Stops Here: Improving U.S. Anti-Money Laundering Practices

Written by Bernadette Clair, Regulatory Compliance Counsel

Last week, U.S. Senators Dianne Feinstein (D-Calif.) and Chuck Grassley (R-Iowa), co-chairs of the Senate Caucus on International Narcotics Control, released a report on strengthening anti-money laundering (AML) practices in the U.S. The report, entitled The Buck Stops Here: Improving U.S. Anti-Money Laundering Practices, is intended to “outline the scope of the problem, describe the U.S. anti-money laundering framework and its main gaps and propose solutions for how we can best strengthen our anti-money laundering laws.”

A press release on the report highlights several recommendations:

• Stronger enforcement of anti-money laundering laws by the Justice Department, particularly in cases where banks are accused of improperly monitoring billions of dollars in illicit proceeds;

• Making pre-paid cards (known as stored value) subject to cross-border reporting requirements;

• Closing a loophole that makes armored cash carriers exempt from reporting requirements;

• Passage of the Incorporation Transparency and Law Enforcement Assistance Act to make it more difficult for criminal organizations to hide behind shell companies;

• Passage of the Combating Money Laundering, Terrorist Financing and Counterfeiting Act to close gaps in anti-money laundering laws; and

• Enforcement of the 2007 National Money Laundering Strategy, including the requirement that all money service businesses register with the Treasury Department’s Financial Crimes Enforcement Network.

In addition to pushing for additional action on the legislative and regulatory fronts, the report urges stronger enforcement of current laws by the Department of Justice, so that penalties for noncompliance with BSA requirements will not be viewed simply as a cost of doing business.  From the report:

"STRONGER DEPARTMENT OF JUSTICE ENFORCEMENT

 1. Finding: On December 11, 2012, HSBC, one of the largest banking and financial services institutions in the world, agreed to pay a $1.92 billion settlement to federal and state authorities for charges that they failed to maintain an effective anti-money laundering program. U.S. authorities charged that HSBC had allowed over $200 trillion in wire transfers to enter the United States unmonitored, including $670 billion in wire transfers from Mexico and at least $881 million laundered by Mexican and Columbian drug traffickers. In addition, over $9.4 billion in physical money entered the United States from Mexico unmonitored. Similarly, in 2010, Wachovia agreed to pay $160 million to settle charges that its weak anti-money laundering compliance program enabled more than $373 billion to enter the bank unmonitored as required by law, $110 million of which was shown to be  Mexican drug money.1 In both cases, no individuals were criminally prosecuted by the Department of Justice.

Recommendation: The Caucus calls on the Department of Justice to fully enforce existing criminal sanctions against both the financial institutions and the individuals knowingly and intentionally responsible for the criminal activity more forcefully in major money laundering cases involving foreign and domestic financial institutions. Without serious consequences for those who break the law, financial institutions will continue to avoid compliance with U.S. anti-money laundering rules and regulations. Strong enforcement of federal law against financial institutions and employees who knowingly and  intentionally engage in money laundering activities will ensure that the risk of working with criminals is far greater than the illicit profits those criminal activities produce. Without tough and appropriate penalties, sanctions will simply remain the cost of doing business for financial institutions." (emphasis added)

The report makes for an interesting read and can be found here.

NCUA Report: Beware of Three Emerging BSA Risks

Written by Bernadette Clair, Regulatory Compliance Counsel

The April issue of the NCUA Report is now available. This issue includes the following:

• Office of Examination and Insurance Report: Demystifying Capital Requirements for Credit Unions

• Chairman’s Corner: Wearing a Different Hat

• Board Actions: Streamlined Fixed Assets Rule Proposed

• Board Perspective: Derivative Investment

• Economic Scenarios to Prepare for in 2013

• Q&A with the Director of the Office of Consumer Protection

• Beware of Three Emerging BSA Risks

• The User Experience Guides Mycreditunion.gov and Pocket Cents Redesign

• Register Now for NCUA’s CEO Boot Camps

• Take a Trip to Financial Stability with NCUA’s New Personal Finance Game

I want to highlight one of the articles –Region III’s Report Beware of Three Emerging BSA Risks. This article discusses three services increasingly offered by credit unions that can significantly increase BSA risk – money services businesses accounts, reloadable prepaid cards and remote deposit capture.  For example, the article has this to say about the BSA risk related to remote deposit capture (RDC):

“A rapidly growing electronic service that credit unions are offering to business account members (and some individual account holders) is RDC service. RDC is an automated deposit transaction delivery system enabling members to scan items—typically checks—from remote locations and electronically transmit the electronic images or captured digital data to credit unions for posting and clearing. While only 503 federally insured credit unions currently offer RDC service, this figure represents a 42.5 percent increase from the end of 2011.

The potential use of this service as a way to launder money is a risk associated with RDC. In particular, inadequate internal controls necessary to manage the anti-money laundering risk posed by RDC activity and insufficient automated transaction monitoring systems are two common deficiencies identified in recent FinCEN enforcement actions.

Before offering RDC to members, credit union management must assess all of the risks associated with the service, including BSA compliance, and develop and implement policies and procedures to mitigate those risks. Credit unions should ensure that their transaction monitoring systems adequately capture, monitor and report suspicious activities occurring through remote deposit capture.”

The article also serves as a reminder to credit unions that BSA risk should be one of the areas addressed during the development of new products and services.  From the conclusion of the article:

“In Region III, we have noticed that while management often addresses the financial, operational and legal risks in servicing new categories of members and offering new products and services, they may forget to include addressing BSA risks. When developing a new program or service, we recommend including the BSA Compliance Officer at the outset. This will prevent a lot of headaches when examiners come.”  (my emphasis)

 Takeaway: save yourself a headache and make sure evaluating BSA risk is incorporated into your credit union’s product and service development process if it isn’t already!

BSA Deficiencies Result in $10 Million Civil Money Penalty; April 2013 BSA Blast and Best of Staff Quiz #2

Written by Shari R. Pogach, Regulatory Paralegal

I simply love it when banks provide me with material when it comes time to write the BSA Blast.  In NAFCU’s April 2013 BSA Blast we have the example of TCF National Bank (TCF) in Sioux Falls, South Dakota being so off the mark with their BSA compliance practices they were slapped with a $10 million civil money penalty.  A review of account and transaction activity from November 2008 through July 2010 resulted in TCF’s late filing of 2,357 Suspicious Activity Reports (SARs) describing suspicious activity with transactions of $70 million.  TCF’s Board and management were ordered to take specific action and revamp the bank’s BSA compliance program. 

The April 2013 issue of the BSA Blast is now available for NAFCU members.  In addition to TCF’s BSA compliance deficiencies we highlight FinCEN’s list of prohibited words when completing the electronic Suspicious Activity Reports (FinCEN SARs) and Currency Transaction Reports (FinCEN CTRs). 

We’ve also made a change to the BSA Blast format with this latest issue.  It’s called the BSA Beat where we cover BSA news of note. 

And, of course, the second of the “Best of NAFCU’s BSA Blast Quizzes” is part of this issue.  These updated 25 questions with the associated answer key should make a useful training tool for both new and experienced credit union staffers.

For those of you who have taken the quizzes, I often wonder if you’ve caught on to the rather unusual sounding names that are featured in the questions.  If they sound familiar, that’s because they are:  I love movies and make references to them in my questions.  And, I try not to use the lead character names so as not to make it obvious.  Just a little trivia extra, I hope you enjoy!

Note:   If your credit union is a NAFCU-member and you'd like to receive an email update when the BSA Blast is available each quarter, just send us an email.

A Final Farewell to the Legacy Forms; eCFR Updated to Reflect ATM Disclosure Amendments; Happy Weekend from the Twins

Written By JiJi Bahhur, Regulatory Compliance Counsel

With April 1 approaching, I thought today would be a good time to remind you all that after March 31, 2013, the legacy reports can no longer be used for filing SARs and CTRs.  Starting April 1, 2013, the new SAR and CTR forms must replace the legacy forms if you have not already said your goodbyes to those forms. 

For more information, check out FinCEN’s guidance on this matter and past blog posts written by NAFCU’s Compliance Team (here, here, and here). 

***

In last Friday’s blog post, Steve mentioned that the CFPB issued a final rule requiring the removal of the Regulation E requirement to place ATM fee disclosure language “on the machine.” He also mentioned that the final rule would be effective immediately upon publication in the Federal Register.  Well, as of March 26, 2013, the final rule has been published in the Federal Register.  And on a grander note, the language has already been removed from the Electronic Code of Federal Regulations, thus making everything consistent. 

    “§ 1005.16   Disclosures at automated teller machines.

     (a) Definition. “Automated teller machine operator” means any person that operates an automated teller machine at which a consumer initiates an electronic fund transfer or a balance inquiry and that does not hold the account to or from which the transfer is made, or about which an inquiry is made.

    (b) General. An automated teller machine operator that imposes a fee on a consumer for initiating an electronic fund transfer or a balance inquiry must provide a notice that a fee will be imposed for providing electronic fund transfer services or a balance inquiry that discloses the amount of the fee.

    (c) Notice requirement. An automated teller machine operator must provide the notice required by paragraph (b) of this section either by showing it on the screen of the automated teller machine or by providing it on paper, before the consumer is committed to paying a fee.

    (d) Imposition of fee. An automated teller machine operator may impose a fee on a consumer for initiating an electronic fund transfer or a balance inquiry only if:

     (1) The consumer is provided the notice required under paragraph (c) of this section, and

     (2) The consumer elects to continue the transaction or inquiry after receiving such notice.”

Now when credit unions research Regulation E, the regulation matches the underlying law! Imagine that!

***

The twins and I intend to just relax this weekend.  We hope you can do the same!

Vendor Risk Management - Compliance Considerations

Written by Steve Van Beek

Back in May 2012, the Philadelphia Federal Reserve's Consumer Compliance Outlook webinar series discussed Vendor Risk Management - Compliance Considerations (the slides are available here). The Fourth Quarter 2012 Consumer Compliance Outlook publication included an article that provides highlights of the main themes. As you can see from the headings and subheadings, this article is a must read:

Vendor Risk Management - Compliance Considerations

QUESTIONS ABOUT THIRD PARTIES

What Are Common Types of Third-Party Relationships?

What Are the Risks of Using Vendors?

PRACTICES THAT INCREASE THE RISK OF VIOLATIONS

• Overreliance on third-party vendors.
• Failure to train new staff or retain knowledgeable staff.
• Failure to adequately monitor the vendor.
• Failure to set clear expectations.

EXAMPLES OF VENDOR RISK MANAGEMENT COMPLIANCE ISSUES

Flood Insurance Monitoring

Loan Modifications

Credit Card Administration

Disclosure Software

Revenue Enhancements

BEST PRACTICES

• Due diligence.
• Risk assessment.
• Clear contractual expectations.
• Comprehensive monitoring program.
• Board oversight.

CONCLUSION

Vendors provide value in the expertise and experience they offer; however, financial institutions must still maintain active oversight. It is important to remember that when a vendor performs a service or function, the institution bears ultimate responsibility for compliance. Because varying levels of risk remain with the institution that offers the product or service, a strong vendor risk management program is key to maintaining compliance and avoiding claims of improper treatment of bank customers. With good vendor management, banks can minimize the risk of less direct oversight or control and maximize the benefits gained through a well-managed vendor relationship. Specific issues about vendor risk management should be raised with your primary regulator.

Again, I recommend reviewing the full article and passing it along to your colleagues.

***

I also wanted to highlight the subsection on board oversight - which states:

"Board oversight. Keeping the board of directors properly informed about the vendor management program is key to ensuring that they can provide proper oversight and that the bank’s management process addresses the risks inherent in third-party relationships. The board should review the vendor management policy, due diligence reports, risk assessments, and monitoring results."

Board of Directors & Risk Management. Risk management and the role of the credit union's board of directors will be the focus of my colleague Anthony Demangone's presentation at NAFCU's upcoming Board of Directors and Supervisory Committee Conference.

Additionally, I'll be presenting on How the CFPB Impacts Your Credit Union and will include a discussion of the CFPB's latest actions related to "unfair, deceptive or abusive acts or practices" (UDAAP) - including how the actions of third-parties resulted in liability for the financial institutions. If your board is considering attending, sign up by Friday, March 29th to Save $100.

***

NAFCU's Online Training Program also includes 14 courses for credit union boards - including one on Risk Management.  

The Extra 30 Minutes & Director Education

Written by Steve Van Beek

On Friday I blogged about the Importance of Informed, Decisive and Strategic Board Members.  Over the weekend, I read another article that highlighted this issue and included a great tip.  The article was from NCUA Board Member Michael Fryzel and states:

"Recently, when visiting a credit union, I heard an excellent idea on helping board members better understand the many aspects of the financial services world. I call the idea "the extra 30."

Each month, prior to their board meeting, directors arrive at the credit union 30 minutes early. Those extra 30 minutes are then spent listening, asking questions and learning about one specific topic that will help them do their jobs better.

The range of subjects covered during the extra 30 minutes can be anything from the value of passbook accounts to asset liability management. It can even be a discussion on an NCUA regulation or the benefits of derivatives.

The extra 30 sessions should be concise, plain English presentations that provide solid information on a particular subject. The session should leave the participants knowing a little more than they knew before and eager for what is to come at the next session."

Of course, when I'm reading the section above I'm thinking about ways credit unions can use NAFCU's Online Training Program which includes 14 unique modules for boards. The majority of the modules are between 25 and 35 minutes in length - a great way to train during "the extra 30 minutes."

Board Member Fryzel continues:

"Director education is one of the most important functions of a credit union. The people entrusted with fiduciary responsibility need to know what their credit union is doing and what they are voting to approve when making decisions. Credit unions must continue to provide directors with the opportunity to understand and become familiar with the many aspects of our ever changing financial world. The first step in achieving that goal is to make education easy, available and understandable.

What better way to begin than with just an extra 30?"

Again - this builds on Friday's blog post on the Importance of Informed, Decisive and Strategic Board Members.  

***

Modules from NAFCU's Online Training Program. Below is a listing of the 14 board modules in NAFCU's Online Training Program:

1. The Nature, Foundation and Organization of Federal Credit Unions (33 minutes)
2. The Role of the Federal Credit Union's Board (34 minutes)
3. The Role of the Supervisory Committee (33 minutes)
4. Ethics and Fiduciary Duties (26 minutes)
5. The Regulation of Federal Credit Unions (23 minutes)
6. The Examination of Federal Credit Unions (38 minutes)
7. Risk Management (36 minutes)
8. Privacy, Security & Identity Theft (19 minutes)
9. The Bank Secrecy Act, Money Laundering and Financial Crime (44 minutes)
10. Asset Liability Training (35 minutes)
11. Discrimination Issues for Credit Unions (32 minutes)
12. On-Demand Webcast:  Essential Financial Literacy Education (60 minutes)
13. On-Demand Webcast:  Corporate Governance and Board Fiduciary Duties (90 minutes)
14. On-Demand Webcast:  BSA & OFAC Compliance for Directors and Supervisory Committee Members (75 minutes)

I see numerous opportunities to get your extra 30!  You can get a sneak peek at the Online Training Program here.

The Importance of Informed, Decisive and Strategic Board Members

Written by Steve Van Beek

Yesterday, we blogged on the latest The Federal Credit Union magazine - including an article on The Vital Life of the CU Director.

Well, that article isn't the only one focusing on the role of the credit union's board of directors.  The NCUA Report has included detailed articles in both the January and February issues.

The January issue had an article from Region V titled Strong Board Leadership is Essential for Successful Credit Unions.  The article includes this summary:

"We found the most successful directors display three overarching and essential characteristics.

• They have a clear understanding of their role.
• They are engaged in critical decisions.
• They have a strategic mindset."

You can find the full article here.

The February issue includes an article from NCUA Chairman Debbie Matz titled Volunteer Directors Play Critical Role in Safety & Soundness (continued on page 6).

The article focuses on the board's duties to oversee the direction of the credit union as well as their risk management duties - including:

• Interest Rate Risk
• Third-Party Risk - including

1. Credit Risk; and
2. Reputation Risk

• Aging Membership

The article ties risk management back into overall safety and soundness.  

Read together - these articles provide a compelling case for informed, decisive and strategic credit unions boards.

***

With the above in mind, I wanted to share two NAFCU resources to help ensure your credit union's board is informed, decisive and strategic.  

NAFCU's Board of Directors & Supervisory Committee Conference.  NAFCU's 32nd Board of Directors Conference will be held May 15 - 17 in beautiful Asheville, North Carolina.  You can view the conference agenda here, which includes the following:

• Bank Secrecy Act and Risk Management with NAFCU's Anthony Demangone

• Fiduciary Duties and Ethics: The Top 10 Things Credit Union Directors Need to Know with NAFCU's Carrie Hunt

• Strategic Succession Planning

• How the CFPB Impacts Your Credit Union with Yours Truly

• Regulatory Update with NAFCU's Carrie Hunt

And, much more - including the opportunity to earn Bank Secrecy Act and Financial Literacy training certificates.  You can find additional information here (including the full conference brochure).

Sign up by March 22nd to get the early-bird rate!

***

NAFCU's Online Training Program.  NAFCU also offers an affordable online training program for credit unions.  The program includes 14 modules for board members - including two on the Bank Secrecy Act and one on Financial Literacy (training certificates are available for board members who view those modules).  You can find FAQs here and pricing information here.  If you have any questions - just shoot me an email and I'll help in any way I can.     

***

Be sure to pass the articles and the training opportunities along to your management and board.  And, remember that all of NAFCU's educational events - including our Board of Directors conference and Online Training Program - are open to all credit unions regardless of NAFCU membership.

***

Have a great weekend!  

NAFCU's Regulatory Compliance School Just Got Better - Regulatory Update Day

Written by Steve Van Beek

We've heard you!  For the past couple of years, we've received the following feedback about NAFCU's Regulatory Compliance School (paraphrased, of course):

"School is great and provided a solid foundation for understanding the regulatory requirements credit unions face on a daily basis.  BUT, the rules are changing so fast that it would be great to receive updates on what has just changed and what is changing next."

With this in mind, we've created Regulatory Update Day at NAFCU's 2013 Regulatory Compliance School (March 18-23 in National Harbor, Maryland).  

Regulatory Update Day (Thursday, March 21st) will provide:

• A clear understanding of what changes NCUA has in store for 2013 – including their Exam Focus

• An overview of the scope and applicability of the CFPB’s seven new mortgage regulations*

• A detailed look at the CFPB’s Qualified Mortgage/Ability-to-Repay requirements*

• Answers to Frequently Asked Questions on the mortgage rules from NAFCU’s compliance team*

• Insight from credit union attorneys and practitioners on how best to set up your implementation strategy

You can find more information on Regulatory Update Day here.  The three sessions with the "*" are sessions that are also part of NAFCU's Mortgage Reform Webcast Series.

The other 4 days of Compliance School will remain the same as will the opportunity to take the NAFCU Certified Compliance Officer (NCCO) exams.  Good luck!  

***

And, all attendees at NAFCU's 2013 Regulatory Compliance School will receive NAFCU's 2013 GPS (coming soon!) as well as NAFCU's Scope & Applicability Charts.

Remember:  You do not need to be a NAFCU member credit union to attend NAFCU's conferences or webcasts.  In fact, you don't even need to work at a credit union.  Each School usually features a handful of consultants, vendors and other credit union "peeps" who support credit unions - in one way or another - on a daily basis.      

***

FBI Bank Robbery Website; January 2013 BSA Blast & Best of Staff Quiz

Written by Steve Van Beek

Below is a short article from NAFCU's January 2013 BSA Blast: 

New Resource Tool Launched: FBI Nationwide Wanted Bank Robbers Website

According to the last full year of the Federal Bureau of Investigation (FBI) bank crime statistics, bank robbers last year walked away from federally insured banks, credit unions, savings and loan associations and armored trucks with more than $38 million in cash. To help with unsolved cases, the FBI launched a new Wanted Bank Robbers website in December. The first national system of its kind, the site spotlights a gallery of unknown suspects and includes a map function that plots robbery locations. Users can search the site by name, location or other factors. Searches result in a “Wanted by the FBI” poster with more images, a suspect’s full description and a brief narrative of the crime.

Jason DiJoseph, who runs the FBI’s bank robbery program at its headquarters, says the website “is an operational tool that will help law enforcement identify and prosecute bank robbers more quickly with the public’s help.” Users of the site can filter searches of serial and non-serial bank robbers. Bank crime statistics bear out the bureau’s emphasis on violent cases. Demand notes are robbers’ most frequently used tools (2,958 times in 2011), followed by firearms (1,242 times) and the mere threat of weapons (2,331 times) or explosive devices (154 times). Even in cases where weapons were not used, the FBI says the risk of violence increases each time a serial robber strikes.

The new website will include the most pressing bank robbery cases from the FBI’s 56 field offices. New features and more suspects will be added in the coming weeks and months, thus creating a fuller picture of the nation’s most-wanted bank robbers.

- Shari R. Pogach Regulatory Paralegal

***

BSA Blast.  The full issue of NAFCU's January 2013 BSA Blast is now available for NAFCU members.  This issue includes:

• Examples of Banks Receiving Large Fines for Noncompliance with BSA/OFAC (HSBC Bank, Standard Chartered Bank, and First Bank of Delaware);
• A Detailed Review of FinCEN's Roundtables on their Customer Due Diligence ANPR; and
• The FBI's Bank Robbery Website (full article above)

Additionally, the BSA Blast includes a calendar of recent BSA news and BSA-related Questions & Answers.  Take a look today!

Note:  If your credit union is a NAFCU-member and you'd like to receive an email update when the BSA Blast is available each quarter, just send us an email.

Best of BSA Blast Staff Quizzes.  Each BSA Blast includes a 10 question staff quiz attached.  Over the years, we've had 20 staff quizzes with 200 questions.  We've reviewed the past questions and answers and have been putting together a "Best of BSA Blast Staff Quizzes" series.  The first edition is now available to NAFCU members - it is attached to the January 2013 BSA Blast and also available directly here (NAFCU log-in required).  Each "Best of" staff quiz includes 25 questions along with a detailed answer key.    

***

Programming Note:  NAFCU's offices will be closing early today and will also be closed on Monday in observation of Inauguration Day and the Federal holiday.  We'll be back blogging on Tuesday.  Have a great weekend!