Audit Link Focus Group February 20, 2009
Agenda Introduction and Formalities AS Level 1 Red Flag Questions for Experian Other Red Flags and CU*BASE Common upfront contact and daily work findings by Leah Sutherby and Jim Vilker What’s next for Audit Link
Other Red Flag Questions Handling address discrepancies Due diligence on address discrepancies Other questions for our Experian partners Questions regarding reporting of credit bureau data promulgated by a recent League event
CU*Base and Red Flag Red flags checked through AS Level 1 Address discrepancy by CRA (also on CB report) Fraud or active duty alert (also on CB report) Personal information is associated with known fraudulent activity Personal information is inconsistent when compared to external sources Personal information provided is inconsistent including phone, SSN, address, drivers license, DOB Address is fictitious, a mail drop, or prison In the Spring of 09 all of the above items will be fully integrated in CU*BASE and become audited data on the member record
Other Red Flags Address changes –New feature which warns staff and automatically notifies member when address has been changed. Teller, inquiry, card ordering. –Returned member statements and transactions are occurring Run a report on Mail Group 7 and review accounts with recent transactions. Contact member and freeze account Second tier dormancy monitoring and training
Other Red Flags Anomalous use of account –Account is used after an lengthy inactive period Review dormancy configuration and train staff on dormancy review –Member fails to make the first payment Sort by first payment date in collections and train staff on potential red flag activity –Majority of available credit is used for cash advances Query report on cash advance activity
Other Red Flags Other Red Flags (as defined in regulation) An employee has downloaded an unusually large amount of customer data –Currently with a programmer The address, SSN, and home or cell phone number provided is the same as that submitted by other persons opening an account or other customers. –Requested by a credit union. Currently in review The financial institution or creditor detects attempts to access a customer's account by unauthorized persons –MNMISC option 10 review
Red Flags in Total Of the total 31 potential Red Flags –16 of them – GOLD has tools to either control the event or allow you to monitor for activity –15 - are strictly internal procedures which have nothing to do with the use of CU*BASE but can be tracked through the use of the tracking system
RMG “Risk Management Generator” A new tool for evaluating third party relationships WHY? NCUA says To expand service and product offerings, credit unions increasingly outsource functions and programs through collaboration with third parties. Developing sound third party relationships and alliances can assist credit unions in meeting their strategic objectives and enable them to: Provide access to products and services through expanded delivery channels. Offer more cost-effective products and services; and Manage programs that would not be feasible without external expertise.
RMG “Risk Management Generator” A new tool for evaluating third party relationships WHEN DOES IT APPLY Involves a new financial service activity Materially affects revenues and expenses Involves member data Involves marketing of CU products by a third party Involves subprime lending or card payment transactions Poses risk that could significantly affect earnings or capital
RMG “Risk Management Generator” A new tool for evaluating third party relationships WHAT DOES IT COVER? Core data processing Mortgage servicing and underwriting Internet banking Indirect lending Bill payment Call centers Network maintenance
RMG “Risk Management Generator A new tool for evaluating third party relationships HOW? INTRODUCING THE RMG
Audit Link Update Findings of up front contacts Findings from daily audit work Audit Link Advisor site Software development related to audit link Increasing capacity –New team members –Streamlining processes and changing software Clients Status Johns comments on regulatory environment
Findings of First Contacts Wire transfer tracking Regulation E –Statement generation –Dispute resolution Regulation D –New report for the spring release Dormancy monitoring TIS –Fee disclosures and ANR configurations ECOA Employee and data center security
CTR’s & DBA’s Only 1 section A is needed FINCEN will accept CTR’s with 2 section A’s Sole proprietorships and DBA
Name of legal entity DBA name Entity’s EIN Entity’s address
Double Check every CTR or SAR Most mistakes made on CTR’s and SAR’s could be avoided by a second review of the form When a mistake has been made… –Check the Amends Prior Report box –Staple a copy of the original report to amendment
BSA Errors When an employee deletes a BSA tracker, a description of the incident still needs to be entered When an error has been made it needs to reversed instead of creating more cash transactions After reviewing BSA activity put findings in the Audit Tracker
Dormant Accounts Work dormant accounts on a regular basis, otherwise the Activity on Dormant Accounts report is inaccurate Do not delete accts from dormancy monitoring due to fees Review of priority on configuration when adding new products ACH postings are considered activity Use the Audit Link Run Sheet to save time when working dormancy
Non-Member Transactions How can OFAC be run on a non-member? –Enter non-member information into MNUPDA, #8 (Update Non-Member Information) Use F15 (Verify Name) to run OFAC after Non- Member file has been created –Run name at to compare a name to the OFAC SDN list or use the web based Experian AS 1 from the “Network” button on GOLDwww.instantofac.com
Withdrawn Loan Applications Configure the withdrawn by member codes to memo Make sure the configuration is set to do not prompt for denial notice
Use the withdrawn by member code on application Let the application stay in pending status until automatically removed
Employee Accounts Configure Employee Type (MNCNFC #2) –Allow posting only –High Risk Accounts Employee Account Security (MNMGMT #1) –Update Account Security Enter each of employee’s own accounts Allow account inquiry only Update special security
Audit Link on the Web Audit Link Advisor site
Software Developments AS Level 1 incorporated into the account opening process ps#22083 Status—In next release Address change warning messages and audit tracker write-out ps#24335 Status—In Process New collector screen sort to monitor for first payment skips ps#22426 Status—In next release Change in credit reporting to add the Address Indicator field which confirms the verification of an address after a discrepancy has been received ps# Status— Awaiting specifications Automated scan for FinCen ps#20312 Status—Waiting for programming resources
Software Developments Running wire transfers through OFAC at the time of creation. Status—In fall release New BSA file structure to monitor for FSCC and Xtend shared branching. ps#24190 Status—In Process Update to BSA report ps#24092 Status—In next release Running recipient of a corporate craft ps#24553 Status— Awaiting approval New Reg D statistics report ps#23555 Status—In next release NCUA share insurance analysis report ps#24015 Status—In process Enhanced Due Diligence ps#23964 Status—In process
Business Status Increasing capacity –New team members John Yoemans - Consultant Marisa Bailey – Audit Associate –Streamlining processes and changing software –Portal under development
Business Status 18 upfront contacts completed –15 on daily monitoring 6 additional clients reviewing contracts 6 additional credit unions expressed interest Expecting 35 to 40 total partners by year end
From the Desks Of John Yoemans “The regulatory environment” Jim Vilker “Whats next” –Who’s next –Defining the model –Expanding on ad hoc and consulting services