Credit unions can expect to face three major regulatory compliance issues this year, says Sai Huda, vice president/general manager for compliance solutions at FIS: safety and soundness, fair lending, and Unfair Deceptive Abusive Acts and Practices (UDAAP).
Safety and soundness refers to a renewed focus by NCUA and state regulatory agencies on management and board competency, Huda says. “The number of problem credit unions is rising. By the end of 2010, 359 credit unions had CAMEL [capital adequacy, asset quality, management, earnings, and asset/liability management] ratings of 4 or 5, and a larger number was expected by the end of 2011.”
At that time, another 1,791 federally insured credit unions had CAMEL ratings of 3, “meaning they had problems that could place their operations in eventual danger.
“The Office of Inspector General has said NCUA... didn’t do enough to force some credit unions to take corrective measures,” Huda continues. “One effect of NCUA’s new scrutiny has been that if a credit union enters a new business line and has no solid risk management plan for the new venture, NCUA will no longer give the institution a CAMEL 1 or 2 rating.”
As a result, Huda says credit unions must improve their performance. “NCUA Regulation 701.4 requires boards to get enhanced training. They need to understand asset/liability management, economic influences on members and the financial industry, and risk management.”
The emphasis on fair lending is a spillover from the Dodd-Frank Wall Street Reform and Consumer Protection Act, regulators’ scrutiny of big banks’ anticonsumer practices, and the creation of the Consumer Financial Protection Bureau. As a result, NCUA’s Office of Consumer Protection is looking at fair lending in greater detail.
Huda says financial institutions can run afoul of fair lending regulations by:
UDAPP aims to provide transparency for consumers. “UDAAP makes sure that ads aren’t bait-and-switch,” Huda says, “and that there are no unfair, deceptive, or abusive sales or service conditions. Financial institutions are under pressure to grow and show returns, which may increase the temptation to engage in questionable practices. Credit unions must make sure their fee structures and payment procedures are clear so members understand what they’ll pay and there are no practices that may be considered problematic.”
FIS, which has worked with thousands of financial institutions as well as regulators, provides clients with software and education to get staff and directors up to speed.
“We offer online or in-person educational sessions with credit union boards,” Huda says. “We teach them what regulatory red flags to look for, questions to ask, and issues to focus on. Credit unions often ask us to review their product compliance and regulatory compliance programs. We benchmark them against successful, well-managed programs so they can see how other credit unions manage this responsibility.”
Next: Managing the reg burden
Managing the reg burden
A growing issue for credit unions is simply keeping up with all of the compliance changes and additions, particularly in the consumer protection arena, says Jami Weems, senior compliance officer at PolicyWorks.
“Credit union people are busy managing day-to-day operations,” she says. “They don’t have the time to track, interpret, and implement every rule and regulation.”
That’s where outside assistance with complex compliance issues comes in handy.
“We’ve been tracking compliance changes for years, which means we can pretty much offer any level of assistance to credit unions,” says Weems. “Some credit unions come to us strictly for disclosure reviews, while others may ask us to review their Truth in Lending and Reg E compliance—and still others may ask us for a full-scale lending and deposit audit.
“The latter gives us a baseline for a credit union’s compliance and helps us see its strengths and weaknesses,” she continues. “Sometimes a client is surprised by what we tell them because nobody had mentioned they weren’t doing something properly.”
PolicyWorks, which specializes in federal compliance issues, works exclusively with credit unions.
Weems says new compliance challenges are coming. “A main function of the new Consumer Financial Protection Bureau is consumer complaints, so it’s now easier for consumers to lodge complaints against financial institutions.
“When a credit union has a complaint lodged against it, it will call us for guidance on how to respond,” she says. “We’ll advise the institution on evidence it should gather in its favor, such as an account agreement that clearly states the rights and responsibilities of both the credit union and the member.”
Some new rules are basic and easy to interpret and implement, she says. “But others could be hundreds of pages long and take many staff hours to go through to make sure we understand the new law.”
Even then, regulators can seem almost capricious. “Rules can change suddenly and you may have only 30 days to come into compliance,” Weems says.
“Credit unions should prepare for amendments using the proposed rule so they understand the impact and what may need to be changed. However, they shouldn’t actually make the operational changes until they see the final rule. The final rule may have elements they had not expected.”
ACH and Wire Transfers Draw Regulator Scrutiny
Supplemental government guidelines on Internet banking are creating additional requirements regarding automated clearinghouse (ACH) and wire transfers, and how financial institutions protect consumers.
“ACH is a point of increasing scrutiny because it’s the step before money goes out and the place where you can stanch money outflow,” says Dr. Charles Robertson, an analyst and researcher at Verafin, a CUNA Strategic Services alliance provider.
“This means an increased emphasis on layered security, including strong passwords, authentication, and back-end transaction monitoring,” he says.
The Federal Financial Institutions Examination Council’s supplement to its “Authentication in an Internet Banking Environment” guidance provides “supervisory expectations” that financial institutions implement a “system of layered security.”
These expectations include, but aren’t limited to, conducting risk assessments at least every 12 months, customer authentication for high-risk transactions, and layered security programs.
Regardless of any new threat facing credit unions, one criminal element hasn’t changed: motivation.
“Criminals go to the weakest link,” Robertson says. “Their goal is to get as much money as possible as quickly as possible.”
Verafin’s compliance system provides back-end transactional analysis, where one determinant is whether a member’s activity is in line with past activity.
“Based on its built-in analytics, our system recognizes the overlap between fraud and money laundering,” says Robertson.
“So separate alerts are brought together across a unified dashboard, linking all activities,” he continues. “The speed of detection depends on the credit union core system’s speed and frequency.”
CUNA Strategic Services alliance providers: