The Point: Feb. 4, 2013

Frontline Compliance series info, registration now available

The Credit Union Association of New York is once again offering its popular Frontline Compliance Certificate Program, a seven-part webinar series that equips frontline staff to comply with the latest regulations.

The series will begin March 5, and registrations must be received by Feb. 19. Complete details are available on the Association website.

Association Compliance Director Mike Carter will lead the series. Webinar dates and topics include:

  • March 5: Share Insurance;
  • March 19: Truth in Savings Act;
  • April 9: Regulation Z;
  • April 23: Regulation B/Fair Credit Reporting Act;
  • May 14: Bank Secrecy Act/Fraud Prevention;
  • May 29: Account Ownership; and
  • June 18: Share Draft Basics.

All webinars begin at 10 a.m. and will last approximately one hour. Participants who complete all seven webinars will be certified as Frontline Compliance Specialists.

Note: This is the only Frontline Compliance Certificate Program that will be offered by the Association in 2013.

The education investment is $229 per person for the complete series. Professional Development Grants are available through the New York Credit Union Foundation (NYCUF). To learn more or apply for funding, visit the NYCUF website.

Reminder: March 1 is HMDA filing deadline

Credit unions subject to Home Mortgage Disclosure Act requirements in 2012 (i.e., those with total assets of more than $41 million) have until March 1 to submit their 2012 Home Mortgage Disclosure Act (HMDA) loan/application register (LAR) data to the Federal Reserve Board.

Credit unions with 25 or fewer entries on their LAR may report and submit their data in paper form, and credit unions with more than 25 LAR entries are required to submit the reports in an automated, machine-readable format. Credit unions that do not file their LAR forms by March 1 could become subject to civil money penalty assessments.

For more information, view NCUA's Regulatory Alert.

The CFPB announced in December that credit unions and other financial institutions with total assets above $42 million as of Dec. 31, 2012, are required to collect and report HMDA data this year. For more information, view the related news release.

CUNA Mutual Group offers tips for preventing cyber attacks

In 2012, cyber criminals claiming to be politically motivated conducted several well-publicized, large-scale attacks on national banks. Recently, two credit unions were also victims of the attacks. The attacks disrupt online service at the impacted financial institutions, sometimes serving as smoke screens while member/customer account funds are diverted to accounts held by criminals at other institutions.

To help credit unions avoid or mitigate these cyber attacks, CUNA Mutual Group Risk Management Senior Consultant Ken Otsuka recently published the following tips:

1. Don't underestimate the threat of cyber attacks. It's true that most credit unions don't face the same risk as national banks from attacks by high-profile cyber criminal groups, but the first thing to understand about cyber attacks is that they are unpredictable. No one knows whether they will come from an established criminal organization or from a single perpetrator with an axe to grind, so no credit union should assume they aren't big enough to be a target.

2. Mitigate the risk of service interruptions caused by "distributed denial of services" (DDoS). In the world of internet banking, DDoS generally refers to an attempt to disrupt or suspend online service by saturating the targeted institution's network with external communication requests to overload its server. Legitimate users either can't log on, or can't use any services because the system is responding so slowly. Credit unions may not be able to prevent DDoS attacks, but they can establish a process to identify them. Monitoring bandwidth usage, using firewall logs to determine what is being attacked and using an intrusion detection system to identify the type of traffic are all viable tactics.

3. Perform due diligence on third-party service providers. Credit unions should ensure that third parties such as internet service providers and web-hosting vendors address website problems caused by DDoS attacks. They should also confirm that the providers have a contingency plan for these types of attacks.

4. Be prepared to provide timely and accurate information to members. Have a plan in place to get the word out if the credit union website is disabled or compromised. The faster an impacted credit union communicates, the better they can control the message and counter any rumors or misconceptions about what's going on.

Credit union staff should also be prepared to monitor social media and search engine results to find out what's being said in cyberspace about any interruption to online services. Credit unions may need extra staff or third-party assistance to work the phones and contact local media, if necessary, to be sure the correct information reaches members as quickly as possible.

5. Check transfers initiated via online banking when an attack occurs. When a DDoS attack occurs, employees may be busy answering calls from members who cannot access the credit union website, as well as performing other damage control steps. During the chaos, the institution may fail to notice fraudulent transactions initiated through online banking. Therefore, impacted credit unions should review transactions initiated through online banking to identify suspicious transfers. If necessary, transfers should be delayed until their legitimacy is verified with the members.

6. Have a strong multi-factor authentication method in place for online banking systems. Credit unions should be sure their authentication process complies with the Federal Financial Institution Examination Council's (FFIEC) updated authentication guidance issued in 2011. The FFIEC expects all financial institutions to have a fraud monitoring system in place to detect anomalies related to: the initial login and authentication of members requesting access to the online banking system; and initiating fund transfers to other parties.

Biz Kid$ financial education grants available for CUs

Credit union organizations are invited to apply for Biz Kid$ Financial Education Grants from the National Credit Union Foundation (NCUF). Applications will be accepted through March 31, and detailed information is available on the NCUF website.

The overall objective of the Biz Kid$ Financial Education Grant program is to engage the credit union movement in using Biz Kid$ to build students' financial literacy and economic skills while also increasing awareness and usage of Biz Kid$. Credit unions can use grants to fund innovative programs that improve the financial education of youth through the use of the Biz Kid$ program. Projects may engage teachers, students, education leaders, local PBS stations or community stakeholders through events, activities and/or curriculum distribution. A total of $125,000 is available through the grant program.

Eligibility: Credit unions, CUSOs, state credit union associations/leagues, state credit union foundations and any other organizations owned or controlled by credit unions may apply for funding.

About Biz Kid$: Biz Kid$ is a financial literacy initiative launched nationally in January 2008 that teaches kids about money and business. The initiative includes an award-winning TV series, free classroom curriculum, outreach activities, and a website targeting children 9-16 years old. NCUF is responsible for the fundraising and outreach of the program, and a coalition of more than 290 credit unions and affiliates from across the country have exclusively helped to fund Biz Kid$. To learn more, visit the NCUF website.


National industry news & CUNA reports

To view today's issue of CUNA News Now, click here.

To view the most recent CUNA Regulatory Advocacy Report, click here. (CUNA member log-in/registration required.)

To view the most recent CUNA Legislative Update, click here. (CUNA member log-in/registration required.)