Five Compliance Questions that Keep Credit Union Leaders Up at Night

By Preston Packer04.15.2019

Ambien and Lunesta have met their match, and its name is credit union compliance. Compliance is a topic at the top of any credit union leader’s mind as there are a lot of looming questions and concerns when it comes to compliance, and many credit union CEOs have endured sleepless nights worrying about their state of compliance. In the digital world, there are a varied and vast amount of risk factors when it comes to data security and more rules and regulations too. Here are five questions that keep credit union leaders up at night.

1. Is my core system prepared for Current Expected Credit Loss (CECL) reporting?

The deadline to be CECL compliant is fast approaching, as the Securities and Exchange Commission (SEC) expects policies and finances in place by 2021 for credit unions, and many CUs are feeling the pressure to become fully compliant by this deadline. However, the process to become prepared for CECL reporting doesn’t need to stressful, as long as it’s taken one step at a time, and it begins and ends with gaps (or GAAPs).

GAP analysis. Begin by performing a gap assessment. Comparing your current allowance process to that required for CECL, you’ll have a better idea of how much more you need to set aside.

Forecasting. This is often the most difficult step because CECL requires very accurate credit loss estimates. When calculating reserves, a flexible loss estimation model is key. Neither the SEC or Financial Accounting Standards Board (FASB) will provide sample models to follow, so choose one that will allow your credit union to create and compare estimates will be best suited for CECL compliance.

Know your GAAP. CECL requirements have affected the Generally Accepted Accounting Principles (GAAP) because by incorporating future losses into the equity and regulatory capital requirements, the total reserve for your CU may need to increase.

When managing the switch to CECL level reporting, this type of step-by-step approach will get you to full compliance in an easy to follow and low-stress process.  

2. Are my digital banking solutions compliant and secure?

In the financial industry, the burden of responsibility to ensure that digital banking platforms protect member data lies with the credit union. Due to the high volume of data breaches across FIs and beyond, many CU leaders fear their digital banking solutions won’t hold up against hackers. Protecting data security can be as simple as enforcing strict password policies.

More than 81% of hacking-related breaches leveraged either stolen and/or weak passwords according to the PCI Security Standards Council, so the fight against cyberattacks begins with your credit union’s member password requirements. Encourage members to create unique passwords that are more than 8 characters long with a mixture of lowercase and uppercase letters, numbers and special characters.

To further increase security, multi-factor authentication helps prevent remote attackers from gaining access to your network, email system and digital banking application. MFA is most commonly implemented by asking users to enter a verification code received through their mobile phone after submitting a correct password. There are many was a credit union can increase security within digital banking solutions, but password security and protection are a great place to start.

3. Is my website compliant?

In the age of digital banking, considerations for your credit union's website compliance abound. In addition to protecting the site from hackers, there are other compliance guidelines to be met as well. The Americans with Disabilities Act (ADA) has its own regulations for website compliance. Websites must now be fully optimized for use on more than desktops, mobile phones and tablets. People with disabilities may use different devices and platforms to access information online such as different types of devices to access this information, such as text readers and audio scanners. This means your credit unions website needs to be optimized for use of such applications. There are website developers and even ADA specific agencies that can help audit your site, and ensure the proper codes are in place to meet the level of compliance required.

4. Is my member data at risk?

Member data breaches can lead to more than just a compliance nightmare. Such a breach can lead to a loss of loyalty and trust, which is damaging to a credit unions overall reputation. Members join a credit union for better service, but also for a greater sense of security and trust. While some CU leaders are skeptical of cloud security, there is actually very little difference in the protocol for traditional information security practices and cloud security practices. It is estimated that three-quarters of all community banks and credit unions have moved to the cloud over the past five years, and institutions in the $100 million to $750 million asset range have done so most aggressively. Increased use of the cloud doesn’t have to increase the risk of member data attack. When implemented according to recommended security guidelines, cloud solutions are a safe, efficient and effective means of storing member data.

5. How do I manage BSA at the core system level?

Compliance with the Bank Secrecy Act (BSA) can be a real source of fear for credit unions, as those who make egregious errors can get hit with hefty fines, or even shut down. However, credit unions who understand BSA regulations and take the necessary steps toward compliance have nothing to worry about. There is a lot of dissent in the credit union community on the topic of BSA compliance, for many feel that the regulations are too harsh for small credit unions. According to CUNA President and CEO, Jim Nussle, credit unions are spending their limited resources disproportionately on BSA compliance, which means they are spending fewer resources on providing safe and affordable products and services for their members. While support from leaders like Nussle might encourage the government to loosen BSA regulations for credit unions down the road, CUs must adhere to the current guidelines for now. There are a myriad of resources from the National Credit Union Association that can help credit unions pave a clear and affordable plan towards BSA compliance.

Compliance in the financial industry has always been rigorous, but with the added level technology in modern-day banking, maintaining compliance on all fronts can be daunting. Creating a plan that encompasses all areas of compliance is a great place to start for CU leaders who are overwhelmed by all the rules and regulations. The best way to avoid sleepless nights worrying about compliance is knowing that your CU has a plan in place that will help you navigate through any potential mishaps.

Preston Packer is director of sales and marketing at FLEX Credit Union Technology, which provides core system software solutions for credit unions. Reprinted with permission.