• Articles
    • About Us
    • Contributors
    • Contact Us
    • Links
Category: Industry Issues

Industry Issues

A Fresh Start

By Erin OHern February 2, 2012

With new regulations coming from federal agencies on almost a daily basis it is easy to forget that broad reviews of all existing regulations are conducted regularly. The NCUA recently posted a list of regulations that it plans to review in 2012.  The NCUA reviews all of its existing regulations every three years. This year it has identified one-third of the regulations for review and we are starting at the beginning. NCUA Rules and Regulations 700 through 710 are up for review and public comment.

  / READ MORE
Industry Issues

Does the new remittance rule apply to my CU?

By Andrea Stritzke January 31, 2012

When the new final remittance rule was released by the CFPB, many of you probably assumed it didn’t apply to your credit union because you don’t do traditional remittance transfers. Well, if you do international wire transfers or international ACH transactions, it may apply to you.

  / READ MORE
Deposit Accounts, Industry Issues, Operations

Web Browsers and Compliance?

By Jami Weems January 26, 2012

If you are like me you have a significant number of favorites set up in your web browser to assist you with your ongoing compliance responsibilities.   Take for instance Regulation Z (Truth in Lending).  I have Title 12 Chapter II Part 226 from the electronic Code of Federal Regulations bookmarked (no, unfortunately I don’t have it memorized). 

  / READ MORE
Industry Issues

Internet Banking Risk Assessments

By Andrea Stritzke January 5, 2012

Guest Blog by Tony Schwarz, Director of Risk Management, Affiliates Management Company

Is your credit union fully compliant with the new FFIEC authentication guidance?  Your internet banking provider likely has a variety of security controls you can choose from to help protect your members’ accounts and transactions.  However, another aspect of compliance is the NCUA exam.  You will want to make sure you have an executed awareness program for your members and that you have performed a risk assessment based on the FFIEC guidance.  After completing your risk assessment your credit union should be clear on what additional changes you may need to make internally with your credit union procedures, and which security/authentication options to implement with your internet banking site.  The risk assessment will help you find the balance between too much security and not enough.

Building a  risk assessment can be done in several ways.  You may have incorporated the FFIEC analysis into your annual enterprise risk assessment process.  Or maybe you’ve built a new document using a framework like the NIST 800-30 from the National Institute of Standards and Technology for IT risk assessments.  If you are a smaller credit union or you just haven’t had the time to do it, you may need to outsource the risk assessment.   Hopefully you’ve not ignored it because you will find that the examiners are certainly looking for it.  The value of working through the process can help protect your members and also help highlight other changes that may be necessary in your internet banking security. 

In collaboration with PolicyWorks, I recently worked with a credit union that needed their internet banking risk assessment completed.  Our completed document included a variety of recommendations that helped the credit union finalize decisions and move towards a more secure internet banking site for their members.  Although our process may be more detailed, at a very high level your own risk assessment process may look something like this:

  • Select the risk assessment framework you will use (like NIST 800-30 found at http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf) and study the structure.
  • Gather the input information such as credit union policies, internet banking vendor documentation/options, decisions the credit union has made, documentation on processes performed by the credit union related to internet banking, specific information about which transactions (ACH, wires, bill pay) can be performed on the internet banking site, and what personally identifiable information is available on the site or on linked sites like bill pay.
  • Document the threats, vulnerabilities, risks (that are present due to those threats and vulnerabilities), the controls that are in place (like out-of-band-authentication), the residual risk, and what recommendations exist for control improvements to address the residual risk. 

In summary, credit unions should be ready to provide their internet banking risk assessment to NCUA as they will likely ask for it in your 2012 exam.

  / READ MORE
Industry Issues, Operations

Tis the season to be thankful!

By Jami Weems November 22, 2011

Typically, we use our blog to keep you posted on compliance hot topics however with it being Thanksgiving week we thought we would share this special credit union story that was posted by the North Carolina Charlotte Observer on November 17, 2011. Enjoy your holiday and don’t forget to support our military and their families during this season of giving!

  / READ MORE
Industry Issues

PolicyAid, an Online Policy Library Tool.

By Jami Weems November 10, 2011

Are you responsible for the task of policy development at your credit union but struggle with the how and where to start?  PolicyWorks is excited to introduce our newest service, PolicyAid.    PolicyAid is a comprehensive, online, policy library that will help your credit union develop and maintain policies as regulations change. 

  / READ MORE
Industry Issues, Operations

Proceed with caution

By Andrea Stritzke November 3, 2011

By Guest Blogger, TJ Riha, PayFusion CEO

Community FIs are facing a unique opportunity as frustrated customers trade in their big-bank loyalty for a friendlier (and more affordable) option. But these community FIs must tread lightly as they go about the business of customer growth.

Following is an excerpt from a paper I recently wrote (“Use Caution When Wooing Angry Bank Customers,”) alongside Andrea Stritzke, VP of regulatory compliance for PolicyWorks

As programs like free checking and debit rewards circle the drain at big banks across the country, angry customers are shopping for alternatives.

To be sure, this extraordinary chance at growth can not be squandered. That said, leadership at the nation’s credit unions and community banks must proceed with caution when courting these angry bank customers.

Strings Attached to the Term ‘Free’

Truth in Savings regulations state that advertisements cannot refer to or describe an account as “free” – or even “no cost” – if any maintenance or activity fee may be imposed on the account.  Therefore, it’s extremely important for an FI to fully understand the fee structure behind its “free” checking product when planning to advertise it as such.

Perception is Reality

Community FIs must first do their research to understand exactly what products and services they will be competing against when trying to win business from the big-bank customers in their area. By preparing a competitive analysis on products ahead of time – and taking the time to train front-line staff on the sales strategy – community FIs will be better equipped to answer the challenging questions they’ll undoubtedly receive from prospects.

The Extra Push

 A community FI may consider giving these anxious customers a little nudge in the right direction by offering an incentive for making the switch. Perhaps this is double card rewards during the first six months – or maybe a cash-back incentive for each debit transaction in the first year.  But remember, full disclosure of the promotion is important to satisfy regulatory requirements.

Download a complimentary copy of the paper, “Use Caution When Wooing Angry Bank Customers,” to read more advice on marketing to this new type of consumer.

  / READ MORE
Industry Issues