Presentation on theme: "2015 Spring MACCU Compliance Update. Today’s Agenda E-Sign Act Electronic Signatures in Global & National Commerce Act Signed Into Law -In the year."— Presentation transcript:
2015 Spring MACCU Compliance Update
Today’s Agenda E-Sign Act Electronic Signatures in Global & National Commerce Act Signed Into Law -In the year 2000 NCUA 2015 Supervisory Priorities (Old & New) Lending Program Small Credit Union Exam Program
President Bill Clinton
“ ” Article 1 Section 10 clause 1 of the Constitution shall forever be known as the Contract Clause J AMES M ADISON [I]n the just preservation of rights and property, it is understood and declared, that no law ought ever to be made, or have force in the said territory, that shall, in any manner whatever, interfere with or affect private contracts or engagements, bona fide, and without fraud, previously formed.
Electronic Signatures in Global and National Commerce Act (1)a signature, contract, or other record relating to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form; and (2)a contract relating to such transaction may not be denied legal effect, validity, or enforceability solely because an electronic signature or electronic record was used in its formation. *******Definitions can be found in Section 106 of ACT
Uniform Electronic Transactions Act UETA
Uniform Electronic Transactions Act-UETA At the state level: S.C. Code § S.C. Code § et seq. N.C. Gen. Stat. §66-311N.C. Gen. Stat. § et seq. cle/Chapter_66/Article_40.html
What is an Electronic Signature? An electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.
Credit Union Operational Requirements 1)The member has consented to the electronic format and has not withdrawn this consent. 2)The member is provided, before consenting to the format, with a clear and conspicuous Statement: informing the member that he/she has the right to receive the record(s)in paper form. Also, that they may withdraw their consent and any consequences of withdrawing the consent (fees or termination of account, for example) informing the member of the scope of the consent, whether it is for a single transaction, or categories of records to be provided in an ongoing relationship
Credit Union Requirements Cont. describing the procedures the member must use to withdraw consent, and to update information needed to contact the member electronically informing the member of the method to request and obtain a paper copy of an electronic record after giving consent and any associated fees. 3) The member is provided with a statement of hardware and software requirements for access to and retention of electronic records. 4) Member consents, or confirms his/her consent electronically in a manner demonstrating the member can access the information in the electronic form the credit union will use.
Credit Union Requirements after receiving consent 5) If the hardware and software requirements for accessing or retaining electronic records change, creating a material risk that the member may not be able to access or retain subsequent electronic records, the credit union must… provides the member with a notice of the changes, and the right to withdraw the consent without charging a fee for the withdrawal, and without imposing any condition or consequence not previously disclosed. consents, or confirms his/her consent electronically in a manner demonstrating the member can access the information in the electronic form the credit union will use. (MUST GIVE CONSENT AGAIN)
E-Sign Other Topics (Section 101(c) Prior Consent Consumer disclosures of the E-Sign Act does not apply to any records that are provided or made available to a member who has consented prior to the effective date of the E-Sign Act. (2000) Oral Communication A recording of an oral communication shall not qualify as an electronic record for purposes of the consumer disclosures of the E-Sign Act except as provided under applicable law.
E-Sign Other Topics (Section 101(d) Accuracy Accurately reflect the information set forth in the record to be retained. Accessibility Remain accessible to all persons who are entitled to access it, for as long as legally required, in a form that is capable of being accurately reproduced for later reference.
Credit Union Training Requirements Annually ensure all departments are aware of all aspects of the E-sign Act. Annually update policies and procedures to reflect the provisions of E- Sign Act.
Credit Union Internal Review At least annually assess compliance with the E-sign Act. Conformity of the credit union’s practices with its policies and procedures.
E-Sign Associated Risks 1. Failure to implement necessary controls to comply 2. Allowing E-signatures for exempt items (such as deeds/court documents) 3. Failure to draft an adequate policy 4. Failure to update your policy 5. Failure to train all departments 6. Failure to ensure member has not withdrawn their consent 7. Failure to retain documents/FORMAT
Do NOT use to Distribute Documents Containing Private Member Information- Deliver documents and disclosures through a secure html page (one that the member logs into to view). From there, PDF copies of documents can be downloaded for their own files. Gather Process Evidence- Digital processes should aim to strengthen a credit union’s legal and compliance position by capturing and reproducing stronger evidence than is possible with pen and paper. Embed the Audit Trail- All electronic signatures, time stamping and audit trails should be embedded directly within the document rather than stored separately in the cloud or a proprietary database. Use Digital Signatures -Both the document and the E-signatures should be protected using digital signature technology. The digital signature creates a digital fingerprint of the document (called a hash) that can later be used to verify the integrity of the E-record. If the document is tampered with the E-signature will be visibly invalidated. E-Signature Best Practices
E-Sign Enforcement /Liability Penalties 1. E-Sign Act does not specify civil liability provisions for violations 2. Nor does it provide an exemption from penalties
Moving Forward with Today’s Agenda NCUA 2015 Supervisory Priorities (Old & New) Lending Program Small Credit Union Exam Program
"Change is the law of life and those who look only to the past or present are certain to miss the future." —John F. Kennedy
NCUA 2015 Supervisory Priorities I. Cybersecurity – Focus on proactive measures CU can take to protect their data and their members including: Encrypting sensitive data Developing a comprehensive Information Security Policy (ISO) Vendor Due Diligence (3 rd parties) that handle CU PII data Monitoring cybersecurity risk exposure TESTING security measures (Results & Rebounding) ** Examiners will be evaluating your capacity to notify, recover and resume operations in the event of a security breach does occur. Appendix B NCUA Rules & Regulations Part 748 -Guidance
The biggest cybersecurity threats of 2015
Insider Cybersecurity Issues 1. Equipment Losses : Laptop & ATM machines 2. Missing Keys 3. Employee Retention Issues (why are they leaving) 4. Moving of employee accounts to another institution 5. Substance Abuse & Gambling Issues
What Can the CEO/Executive Leadership do? NCUA Channel On YouTube
The White House also listed MasterCard’s partnership with First Tech Credit Union to launch a biometrics pilot program later this year, allowing consumers to authenticate and verify transactions using unique biometrics like facial and voice recognition.
NCUA 2015 Supervisory Priorities II. Interest Rate Risk (IRR) – No new guidance- continued compliance with 2014 NCUA Rule: CU over 50 million to draft & implement a written IRR policy Develop a program to identify, measure, monitor and control IRR NCUA IRR Rules & Resources page on NCUA website –Guidance III. NCUA Liquidity Rule Section Full Compliance $250 million or more Dec 31, 2014 requirement to advance planning & Periodic testing to ensure contingent funding sources are available when needed. Examiners will also be looking to evaluate THE RESULTS OF YOUR TEST.
NCUA 2015 Supervisory Priorities IV. BSA Compliance Specific focus will be on Credit Union relationships with Money Service Businesses(MSB) Identifying customers MSB registration Enhanced Risk Assessment NCUA BSA page on website for additional guidance V. TILA-RESPA CFPB Integrated Disclosures (August 1, 2015) * At this point MLO’s should be working on rewriting policy & procedures to ensure compliance by August.
NCUA 2015 Revised Focus: 3 rd Region I. IRR What does it mean to earnings Can you get over it (Impact Analysis) Model that works Test It (Back testing)/ Independent Testing Do you look at your balance sheets for deposits or do you have another source II. Cybersecurity Comprehensive Plan (Required) Policy & Vendor Mgt. CEO must address how you are trying to stay ahead (How are you mitigating risk) What did you learn? (Back Brief- What would you do differently) CUSO (can not be the only way of putting off risk)
NCUA 2015 Revised Focus: 3 rd Region III. RESPA/TILA It’s the first year so at least have the basics: Have a policy/plan in place Have new forms/ or access to new forms Have trained personnel & staff
Specialized Lending Programs
Specialized Lending: Indirect, Third-party & Sub prime *Guidance August 2010 Letter to FCU on Appropriate Due Diligence
Small Credit Union Exam Program 2 Exam Options Defined & Risk Based Determined based upon: Camel Rating Asset Class Complexity of Product & Services
Small Credit Union EXAM Type FCU Camel Rating & Asset Size
Small Credit Union Exam Program Defined Scope Exam Approach: Internal controls Recordkeeping Lending In 2 nd qtr they will use a 3 tiered approach Standard required procedures, more in depth analysis and testing triggered by red flags
Additional Resources & Assistance OSCUI-Office of Small Credit Union Initiatives FS-ISAC –FFEIC Resource Beth Hubbard (Member (*fee as low as $250 per year for assets size under 1 billion) FFEIC- Executive Leadership of Cybersecurity (Free Webinar)