Seeking a CPI Vendor? Ask the Right Questions

Make sure members’ insurance data will be handled properly.

January 17, 2014
KEYWORDS data , diligence , insurance , loan , ncua
/ PRINT / ShareShare / Text Size +

When choosing a collateral protection insurance (CPI) vendor to protect your auto loan portfolio, part of your due diligence should be to confirm how members’ insurance information, in addition to their loan information, will be used and protected.

This is especially important if you’re considering a tracked CPI program, in which the vendor monitors whether collateralized loans have current insurance and, if not, places insurance coverage on the vehicles.

Due Diligence Resources

Some key resources regarding due diligence in working with third-party providers:

Credit unions have plenty of guidance available from regulators regarding due diligence in working with third parties that use member data (“Due diligence resources”).

For example, credit unions are directed to confirm that vendors have information and network security plans in place, as well as a disaster recovery plan should an emergency interrupt their data processing operations.

Due diligence should also require third parties to provide recent results from a qualified accounting firm’s examination of the company’s internal controls or systems. But don’t just file away an audit report provided by a CPI vendor and check that off your due diligence list.

Current and relevant audit results

CPI vendors should provide a qualified accounting firm’s Statement on Standards for Attestation Engagements No. 16 (SSAE 16), which replaced the Statement on Auditing Standards No. 70 (SAS 70) for reports covering periods ending on or after June 15, 2011.

Ask potential tracked CPI program vendors for the SSAE 16 report called “SOC 1,” which addresses a service organization’s process controls. It should cover the controls that specifically affect your credit union’s loan information and the members’ insurance information.

Some companies that offer auto loan CPI services also provide a variety of other products and services, and the SSAE 16 may be specific to something other than the service the company would provide for your credit union.

Also, if the CPI vendor is outsourcing any critical functions to additional third parties, you need to request a current SSAE 16 from these additional companies.

Again, these reports must pertain to the specific services these companies would be providing to your CPI vendor on behalf of your credit union.

When you review the audit reports for tracked CPI programs, look for these controls regarding your program and your members’ insurance information:

  • Premiums are processed in accordance with the terms of the policy;
  • Premiums are accurately billed and collected;
  • Borrower insurance documents and client loan files are processed accurately and promptly;
  • Lender-placed coverage is cancelled promptly when the vendor receives proof of insurance, and any refunds due are processed accurately;
  • Claims are processed in accordance with the terms of the policy; and
  • Claims are paid accurately and promptly.

Data security and process controls certainly aren’t everything you need to know about a tracked CPI program vendor and subcontractors who have access to your members’ data. But it’s important not to overlook them, and to ask the right questions.

JAY MORGAN is director of collateral protection product management for CUNA Mutual Group. Contact him at 800-356-2644, ext. 6657721.

Post a comment to this story


What's Popular

Popular Stories

Recent Discussion

Great article! Unfortunately, most employees don’t feel valued or appreciated by their supervisors or employers. In fact, research has shown that the predominant reason team members quit their jobs is because they don’t feel valued. This is in spite of the fact that employee recognition programs have proliferated in the workplace – over 90% of all organizations in the U.S. has some form of employee recognition activities in place. But most employee recognition programs are viewed with skepticism and cynicism – because they aren’t viewed as being genuine in their communication of appreciation. Getting the “employee of the month” award, receiving a certificate of recognition, or a “Way to go, team!” email just don’t get the job done. How do you communicate authentic appreciation? We have found people have different ways that they want to be shown appreciation, and if you don’t communicate in the language of appreciation important to them, you essentially “miss the mark”. Additionally, employees need to receive recognition more than once a year at their performance review. Otherwise, they view the praise as “going through the motions”. A third component of authentic appreciation is that the communication has to be about them personally – not the department, not their group, but something they did. Finally, they have to believe that you mean what you say. How you treat them has to match the words you use. If you are not sure how your team members want to be shown appreciation, the Motivating By Appreciation Inventory (www.appreciationatwork.com/assess) will identify the language of appreciation and specific actions preferred by each employee. You then can create a group profile for your team, so everyone knows how to encourage one another. Remember, employees want to know that they are valued for what they contribute to the success of the organization. And communicating authentic appreciation in the ways they desire it can make the difference between keeping your quality team members or having a negative work environment that everyone wants to leave. Paul White, Ph.D., is the co-author of The 5 Languages of Appreciation in the Workplace with Dr. Gary Chapman.

Your Say: Who should be Credit Union Magazine's 2014 CU Hero of the Year?

View Results Poll Archive