Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now


Widget FCU: Real-life crime busters, CEO tells story (Part I)

LAS VEGAS (10/30/14)--As she walked through her branch in December 2012, Gail Cook, CEO of Widget FCU, overheard a branch manager comment about a strange new account, words that would spark an investigation that would span more than a year and involved tens of millions of dollars in fraud.
In this two-part series, News Now will cover the Widget FCU case, how Cook and her staff helped bring down a conspiracy and what credit unions can learn from it. Cook told her story to the nearly 300 credit union representatives that particpated in the Credit Union National Association-National Association of State Credit Union Supervisors Bank Secrecy Act Conference, which ended here Wednesday.
Cook and Widget FCU, Erie, Pa., with $264 million in assets, eventually found they helped shed light on a group of fraudsters
Click to view larger image Gail Cook, CEO of Widget FCU, says she overheard a branch manager comment about a strange new account, words that would spark an investigation that would span more than a year and involved tens of millions of dollars in fraud. (CUNA Photo)
responsible for tens of millions of dollars worth of phony IRS refunds, opening a minimum of 3,000 fraudulent accounts and identity theft affecting as many as 20,000 consumers. 
Back in December 2012, Cook heard a branch manager remark that another online account based in Providence, R.I., had just been opened. Widget opens 300 to 400 online accounts per month, so while nothing seemed suspicious on the surface, Cook told her manager to mention it to the compliance department. 
A few days later, the vice president of branches said he got a call from a man who did not have an account, but had received account information and materials from Widget. 
"At this time, I started feeling a little nervous. Most of our accounts are based in Erie and the surrounding areas," Cook said. "So I quietly went to our IT department and asked them to do a search of all accounts opened through online channels that didn't seem to have any connection to Pennsylvania. And they got back to me a few days later with eight accounts, and said, 'You're not going to like what we found.'"
The eight accounts had been opened over an eight-month period from November 2011 to September 2012. Four were based in Inwood, N.Y., three based in Providence, R.I., and one based in Brooklyn, N.Y. Cursory examination into those accounts revealed some odd similarities.
All the accounts listed the account holder's occupation as some kind of technician. All the accounts from each town had similar phone numbers and street addresses. All used Yahoo e-mail accounts. And all of the accounts said they met Widget's field of membership requirement through a brother who lived in the Erie area. 
So Cook contacted a National Credit Union Administration examiner, who told her to contact the FBI. 
"When I called the FBI, I wanted all the documentation I could get my hands on, anything we had on file from these accounts to give to the FBI," Cook said. "And that's when we started seeing the real red flags."
Those red flags included:
  • All listed their monthly income in account documents as being between $40,000 and $80,000 per month;
  • The driver's licenses of all the accounts from each state had the same height, weight and eye color listed, and the signatures were all the same. All the photos were slightly fuzzy, and the subjects were dressed similarly;
  • All account holders had used utility bills to provide proof of address, and all bills were from the same amount and had the same handwriting. A call to the utility companies revealed no such accounts;
  • All the accounts were accessed within minutes of each other from the same IP addresses; and
  • All account activity involved ATM transactions in public places and the sending and receipt of postal money orders. 
After giving the information to the FBI, Special Agent Michael Thoreson brought a few IRS special agents to speak to Cook, and then she didn't hear anything. 
Until she got a call earlier this year. 
"In April of this year, Agent Thoreson called me and went on and on and on thanking us for the work we had done. He said they had uncovered the largest fraud conspiracy of its kind to date," Cook said.
"It kind of blew us away when he called. We had called them and given them our information, and then we get this phone call. He just went on and on about how this information we gave him allowed them to crack the case."
See Friday's News Now for Part Two of the story, including how the case was cracked, and what credit unions can learn from Widget FCU.

Other Resources

CUNA urges CFPB to use all authority to exempt CUs from HMDA provisions

WASHINGTON (10/30/14)--Changes by the Consumer Financial Protection Bureau to Home Mortgage Disclosure Act (HMDA) rules would be yet another layer of expense and burden on credit unions already struggling to meet a suffocating overall compliance burden, the Credit Union National Association warns in its most recent comment letter.
CUNA urges the CFPB to use a surgeon's precision in meeting Dodd-Frank Act requirements to change HMDA--and go no further than the act mandates. CUNA also charged the CFPB with doing all it can to exempt credit unions from as many provisions of the proposal as is permissible.
The CFPB unveiled HMDA revisions in July--changes it said are intended to improve the information reported about the residential mortgage market under HMDA.
The proposal also is meant to simplify the reporting process for credit unions and other financial institutions. However, by the CFPB's own estimates, the changes would represent a compliance burden of 4.7 million hours annually for all regulated entities required to report under HMDA.
CUNA strongly urges the bureau to increase a proposed threshold that would exempt a depository institution from reporting HMDA data if it originates fewer than 25 closed-end mortgage loans in the year--which would include closed-end, reverse mortgages.
"As a practical matter, very few credit unions involved in mortgage lending originate less than 25 covered loans, so the relief contemplated by the proposal would likely be very small, if at all," CUNA writes.
CUNA urges the bureau to increase the exemption threshold to 500 loans to more appropriately exempt smaller financial institutions that have no track record of discriminatory lending--or redlining--or fair-lending violations.
In its letter, CUNA also advocates that the CFPB drop its plan to require mandatory reporting of home equity lines of credit (HELOCs)--calling that provision "a chief concern."
CUNA explains that HELOCs often are administered in consumer lending functions of a credit union, rather than in mortgage functions. This means HELOCs are maintained on entirely separate computer operating systems and platforms than their first mortgage counterparts, making it extremely difficulties and significantly expensive to compile and aggregate the required HMDA data points for HELOCs if the bureau's rule is finalized as currently proposed.
CUNA further urges adoption of a sufficient implementation time. 
"The data collection requirements outlined within the bureau's proposal are, at best, overwhelming for a vast majority of HMDA-reporting credit unions," CUNA writes and continues:
"As previously discussed in this letter, systems will need to be reprogrammed, staff will need to be trained and retrained, existing application forms will need to be amended, and over thirty-seven new data elements will also need to be developed, programmed, implemented and staff will also need to be trained according to the policies and procedures surrounding each of these additional data point disclosures, which will also have to be developed."
Another key area of concern, CUNA notes, is that the bureau does not state within the proposal what, if any, of the new data collection points would or would not be made available to the public, but indicates that the agency is reviewing the matter.

Much of the HMDA data, such as credit scores and property addresses, raise significant privacy issues because if made publicly available  it could conceivably allow a person to piece together the financial picture of a borrower, their place of residence, their income and their livelihood, thereby significantly intruding on credit union members' privacy.

CUNA urges the CFPB not to proceed until this issue is resolved and then to provide  an additional comment period for credit unions and other stakeholders to weigh in on the specifics of the privacy plan.

Additionally, the Government Accountability Office (GAO) recently released a report indicating concerns regarding the privacy and security procedures for data collection by the CFPB, and making numerous recommendations to improve the protection and security of consumer financial data.

CUNA feels that until all of these recommendations are acted upon, expanding the data provided to the agency would place credit union members at greater risk of financial harm, exposing credit unions and their members to possible misuse of their sensitive and personal financial information, including fraud and identity theft. 

Other Resources

NCUA's Graham shares BSA compliance tips, common violations

LAS VEGAS (10/30/14)--An adequate Bank Secrecy Act (BSA) compliance program makes life easier for everybody--for credit unions, their staff, their members and the National Credit Union Administration, said the agency's Judy Graham.
Click to view larger image Judy Graham, left, a program officer in the NCUA's Office of Examination and Insurance who comes each year to answer compliance questions from the audience at the CUNA Bank Secrecy Act Conference, talks to credit union representatives about some of the complexities involved. (CUNA Photo)
Speaking at the Credit Union National Association BSA Conference Wednesday, Graham, a program officer in the NCUA's Office of Examination and Insurance, gave an update about what the agency expects to see from credit union BSA programs.

The annual conference is co-sponsored by the National Association of State Credit Union Supervisors.
The NCUA is required by law to conduct a review of the BSA compliance program at each examination of a federally insured credit union. 
Part 748 of the agency's rules and regulations describes the requirements of such a program, which must:
  • Establish a system of internal controls;
  • Provide for independent testing;
  • Designate a BSA compliance officer who will monitor day-to-day compliance;
  • Establish a customer identification program; and
  • Establish a BSA training program for appropriate employees and volunteers.
According to Graham, the regulation itself requires credit unions to provide training, but does not set a specific time frame for how often it should be conducted. 
"The general rule of thumb is every 12 to 18 months, but that depends on your risk profile, your products, your services," she said.
"Some of the larger credit unions that may be taking on higher-risk products and services might be doing periodic or ongoing training on a quarterly basis. Some of our smaller, lower-risk institutions without a lot of products and services might consider a year, up to 18 months." But, Graham warned her audience, "Our examiners aren't going to let anyone go on much longer than that."
The cornerstone of internal controls for a credit union is customer due diligence. 
"Customer due diligence is part of the foundation of your BSA compliance program. If you don't do your customer due diligence when you open accounts and ongoing customer due diligence, how can you adequately monitor those accounts for suspicious activities?" Graham said.
She emphasized, "If you don't know what the norm is for the account, how can you tell when something suspicious is happening?"
So what are credit unions doing wrong? According to the NCUA, the most common violations found during examinations involve:
  • Training that is not recent, not documented, does not cover credit union policies and procedures and does not include the institution's board of directors;
  • Failure to check the Financial Crimes Enforcement Network's 314(a) lists, which are generally sent every other Tuesday to inform financial institutions of consumers who are the subject of current investigations;
  • Independent testing that does not cover all credit union operations, has not been done within the last 12 to 18 months or is not fully independent; and
  • Internal controls failures such as an out-of-date risk assessment or a suspicious activity monitoring system that is inadequate.
"This all might sound pretty heavy, and pretty onerous for a credit union, but a lot of the information you're gathering is not just for BSA compliance, it's going to help you with other day-to-day operations, such as making sure you have current phone numbers and other contact information," Graham said. "This will help you out in those other areas."
Graham also recommended several "enhanced due diligence" strategies, including recording the purpose of an account and the source of a member's funds; tracking beneficial owners signatories of guarantors; noting the proximity of a member's residence, place of employment or business to the credit union; and keeping on file a description of a member's business operations, anticipated volume and activity.

Graham is a regular speaker, bringing the NCUA and examiners' perspective each year to the BSA Conference, which draws hundreds of credit union representatives. This year's conference ended Wednesday.

Other Resources

FDIC report: 'Unbanked' households drop, 'underbanked' like mobile access

WASHINGTON (10/30/14)--The Federal Deposit Insurance Corp. (FDIC) Wednesday released the results of the 2013 FDIC National Survey of Unbanked and Underbanked Households , which showed a drop in unbanked households from 2011 to 2013.

The biennial report showed unbanked households declined to 7.7% in 2013, down from 8.2%, while the share of underbanked households remained essentially unchanged at 20%--or about 24 million households.

FDIC officials said that the economic recovery and "increases in household education" explain the decline in unbanked households. 
Out of all unbanked households, 35.6 % said that not having enough money was the main reason for lacking an account, while 14.9% said that they disliked or distrusted banks. Unpredictable or high account fees were cited by 13.4% of unbanked households as the primary reason they did not have a bank account.
The survey is conducted every two years by the FDIC in partnership with the U.S. Bureau of the Census and provides insights and guidance on the demographics and needs of the unbanked and underbanked.
New to the 2013 survey were questions related to how consumers access their accounts. Nearly two out of three households primarily used tellers or online banking when accessing their accounts, the report found.
The FDIC also reported that 29.2% of "underbanked households" and 21.7% of "fully banked households" used mobile banking devices in 2013.
The FDIC concluded that consumers needs could be better fulfilled if financial institutions "deploy and market checkless checking accounts and other options" and integrate "mobile banking initiatives with branch-based strategies."

While underbanked households are more likely to use mobile devices, the FDIC also said that they are less likely to use online banking to access accounts.

Other Resources

FHFA must strike balance on stability, access: CUNA

WASHINGTON (10/30/14)--The Credit Union National Association Tuesday called on the Federal Housing Finance Association (FHFA) to consider Americans' access to credit when setting housing goals for the government-sponsored enterprises (GSEs), Fannie Mae and Freddie Mac. 
CUNA Deputy General Counsel Mary Dunn encouraged the FHFA "to continue to work to find the right balance between safety and soundness on the one hand, and credit availability for American consumers on the other."  
"In the wake of the financial crisis, mortgage credit has become less available for many Americans as underwriting standards have increased and the 'qualified mortgage' (QM) has become the law of the land," she said. 
Dunn made the remarks in response to FHFA's proposed 2015-2017 housing goals for the GSEs.
CUNA encouraged FHFA to continue allowing "certain non-QM loans to be sold into the secondary market," noting that they are "often backed by vigorous underwriting."
"As FHFA considers how to meet its statutory obligations related to making housing affordable to Americans, it is important that FHFA's support for the purchase of non-QM loans continues unimpeded," Dunn wrote. 
CUNA also urged the FHFA to use a "broad interpretation" of the section of the Safety and Soundness Act which "ensure[s] that none of the housing goals cause financial instability" to Fannie Mae and Freddie Mac. 
Access CUNA Comment Letters here

Other Resources

A look at the do's, don't's of BSA recordkeeping

LAS VEGAS (10/30/14)--Records should be kept for every transaction at a credit union, but there are rules about which records must be kept, for how long and how they must be disposed of. Rusty Vellek, compliance officer for Transportation FCU, Washington, D.C., with $193 million in assets, went over those requirements at the Credit Union National Association Bank Secrecy Act (BSA) Conference Wednesday. 
"Your credit union's operations will be a big factor in how you keep BSA records," Vellek told his credit union audience, adding that credit unions are known to use hard copies, microfilm, microfiche, optical storage and combination of those and other media. 
Records that need to be retained include:
  • Suspicious activity reports, currency transaction reports and all supporting documentation;
  • Monetary instrument cash sale logs for transactions from $3,000 to $10,000, including for money orders, traveler's checks and cashier's checks;
  • Wire transfers over $3,000, including sender, recipient and payment details;
  • Member identification information including Social Security numbers and taxpayer identification numbers;
  • Non-real estate loans over $10,000 including loan and borrower data;
  • International transactions of more than $10,000, including currency, monetary instruments and checks;
  • U.S. coin or currency transfer records and reports;
  • Reports of Office of Foreign Assets Control blocked or rejected accounts and transactions; and
  • Other account and transaction records, as evidence of BSA compliance.
U.S. Treasury Department regulations state these records must be kept for five years, with certain stipulations.  Mortgage insurance premium information must be kept for five years from the date the account is closed. ID verification information must be kept for five years from the date of verification.
"There are no specified requirements for keeping [Financial Crimes Enforcement Network] 314(a) forms, but keep them at least long enough to demonstrate compliance to examiners and auditors," Vellek said. 
The National Credit Union Administration, the Federal Credit Union Act, and state and federal laws also contain requirements that must be consulted. 
Similar regulations must be referred to when it comes time to dispose of these records, as well as considerations of information and privacy requirements from state and federal entities. The actual method of disposal depends on the medium on which the records are kept. 
Vellek said it's also recommended that financial institutions keep a record of how and when the records were disposed of or discarded.

Wednesday was the final day of the BSA Conference, co-sponsored by CUNA and the National Association of State Credit Union Supervisors. The annual event draws hundreds of credit union representatives and offers a certification course and certificate for BSA compliance.

Other Resources

Inside Washington (10/30/14)

  • WASHINGTON (10/30/14)- -The Consumer Financial Protection Bureau released a report this week that says some companies that service the nation's student loans used unfair or deceptive practices to trick borrowers into paying higher fees or other acts that violate lending laws ( Reuters Oct. 29) . The CFPB report found such violations by student loan servicers as inflated minimum payments, illegal debt collection calls or charging unlawful late fees, even after borrowers had made payments during a grace period. The report did not name companies that were being accused of the shoddy practices. "All borrowers should be treated fairly by loan servicers, and through our supervision program, we intend to hold them accountable for how they treat borrowers," CFPB Director Richard Cordray said in a statement ...
  • ALEXANDRIA, Va. (10/30/14)-- There is still time to register for the National Credit Union Administration's Nov. 19 webinar, "Building a Loan Portfolio: Four Keys to Lending, " hosted by the Office of Small Credit Union Initiatives. Vanessa Lowe, economic development specialist with OSCUI, will be joined by Tim Moorman, manager, Riverside Community FCU, Marion, Ind., with $35 million in assets; Winona Nava, president/CEO, Guadalupe CU, Santa Fe, N.M., with $135 million in assets; and Ian Lampl, co-founder/CEO of Loan Street. Topics will include: business planning, field of membership expansion and product mix; opportunities and challenges of serving the Hispanic market; growth through participation lending, and tips on vendor due diligence and NCUA compliance ...

Other Resources

RSS print
News Now LiveWire
Mortgage interest rates continue slide in September @FHFA
19 minutes ago
Reimagined branches shift to member, not #creditunion, needs: @cunacouncils white paper
1 hours ago
Data breach at Home Depot in Sept. cost CUs nearly $60M 2 reissue cards, deal w/fraud & other costs: new @CUNA survey
1 hours ago
.@COFCU's #CommunityChallenge saves members $700K in interest, gives back to local charities See #NewsNow
2 hours ago
Post #QE, @federalreserve concerns still linger, says @CUNA's Schenk
3 hours ago