Compliance Center: Division of Credit Unions Selected IT Contractor to Assist With IT Exams

The Washington State Department of Financial Institutions Division of Credit Unions recently released DCU Bulletin B-15-13, which provides details about the new IT Contractor the DCU has selected to assist with credit union IT Exams. Future IT examinations will focus on cybersecurity and will identify areas of IT security and cybersecurity weaknesses at state chartered credit unions.

Cybersecurity has been identified as a significant threat to financial institutions and credit unions and banks are a primary target for cyber theft. Additionally, data breaches and credit card losses have become much more frequent and expensive. Because of this, the Division of Credit Unions (Division) decided to allocate more examination resources to cybersecurity and information technology (IT) exams. They did this by selecting an IT contractor to assist them on performing IT examinations. The following are the main reasons why the Division decided to use an IT vendor rather than internal resources to improve its IT exam program: (1) They currently do not have the IT experience or resources on staff; and (2) The Division has the financial resources to pay for the vendor contract.

The Division selected Security Compliance Associates (SCA) as its primary vendor to assist the Division in performing IT examinations from November 2015 through the end of the current biennium (June 30, 2017). SCA has approximately 170 credit union clients in 40 states, and has performed IT security work for credit unions and other clients for over 10 years.

Compliance Question of the Week

For BSA-AML Risk Assessment purposes, would a business account for a vehicle dealership be classified as a Money Service Business (MSB) or another type of the special classifications?

First, FinCEN defines Money Service Businesses as a distinct category of financial service providers to include currency dealers, check cashers, issuers of traveler’s checks or money orders, seller or redeemer of traveler’s checks, money transmitters and the U.S. Postal Service. Vehicle dealerships are not on this list.

BSA/AML requires credit unions to develop a compliance program. Credit unions are urged to use a risk-based approach with this program. In other words, develop procedures that take into consideration the risks associated with the membership, the service/products offered and geographic location.  In terms of membership, BSA/AML is particularly interested in cash-intensive businesses such as convenience stores, restaurants, retail stores, liquor stores, cigarette distributors, privately-owned ATMs, vending machine operators, and parking garages.

Whether you classify vehicle dealerships as high risk or low risk depends on your own BSA/AML policy tolerances. Credit unions should consider collecting the following information when opening higher risk accounts: purpose of account; member’s occupation or type of business; banking references; financial statements; source of funds/wealth; beneficial owners of the account (if applicable), etc. Credit unions are expected to apply enhanced customer due diligence procedures when opening accounts that fall into higher risk categories.

Related Links:

Legal Briefs

National Credit Union Administration (NCUA)

The NCUA announced that it will hold an auto lending webinar that will cover best practices and managing risk. The webinar will be on Wednesday, November 18th at 2 p.m. EST. Credit unions that are interested in the webinar can register here.

The NCUA announced that it has created a video to help credit unions better understand how to use the FFIEC’s Cybersecurity Assessment Tool.

Consumer Financial Protection Bureau (CFPB)

The CFPB published a blog post aimed at helping servicemembers understand the different rules that protect them regarding their personal finances.

The CFPB released its rural or underserved counties list for 2016.

The CFPB released its monthly consumer complaints snapshot, which focuses on credit card complaints.

Federal Housing Finance Agency (FHFA)

The FHFA released its September index, which shows a decrease in mortgage interest rates for the month of September.

Federal Reserve Board (FRB)

The FRB released its most recent Federal Open Market Committee statement.   

The FRB released a study, Analyzing Racial and Ethnic Data in the Survey of Young Workers, which takes a deeper look into the FRB’s 2014 initial Survey of Young Workers.

The FRB announced that it has made changes to the Operating Circular 2 and Cash Services Manual of Procedures, with an effective date of January 4, 2016.

Office of Foreign Assets Control (OFAC)

OFAC has updated the SDN list as of October 20, 2015. The last update prior to this was October 15, 2015. 

Questions? Contact the Compliance Hotline: 1.800.546.4465,

Posted in Compliance News.