Compliance Update with Amy K
by Amy Kleinschmit
Chief Compliance Officer

NCUA – Cybersecurity Awareness Month

It is cybersecurity awareness month and NCUA recently issued a reminder about the potential threats facing consumers and credit unions and the need to take steps to protect themselves.

As a reminder, the NCUA maintains a cybersecurity resources webpage that provides credit unions with important information about protecting themselves and their members from cyber threats. Also, during this month, the NCUA is sharing tips on Facebook and Twitter about online security, recognizing and preventing identity theft, and what consumers can do if they fall victim to a cybercrime.

Additionally, the NCUA provides consumers with information on staying safe in the Be Smart Online section of

Also, during yesterday’s NCUA Board meeting the Special Advisor to the Chairman for Cybersecurity briefed the Board on emerging and potential cyber threats affecting financial services and other critical infrastructure. Find his presentation here. The presentation reviews business continuity questions; cyber hygiene questions; incident/breach management questions; and digital strategy questions – all items that should be considered by your credit union’s board of directors.


FinCEN Advisory – Unemployment Insurance Fraud

The Financial Crimes Enforcement Network (FinCEN) has issued another advisory, this time related to Unemployment Insurance Fraud during the COVID-19 pandemic. Credit unions can review this advisory here.

The Advisory specifies that if the credit union is filing a SAR in response to this type of fraud that it should reference this advisory in SAR field 2 (Filing Institution Note to FinCEN) and the narrative by including the following key term: “COVID19 UNEMPLOYMENT INSURANCE FRAUD FIN-2020-A007” and select SAR field 34(z) (Fraud - other).

The credit union should review all the Red Flags included in the Advisory, found at the above link, but a few of the Red Flags included in the advisory include:

  • After a financial institution suspects (Unemployment Insurance) UI fraud and conducts due diligence, it determines that the customer does not have a history of living at, or being associated with, the address to which the UI check or UI debit card is sent, or within the geographical area in which the registered debit card is being used.
  • The customer withdraws the disbursed UI funds in a lump sum by cashier’s checks, by purchasing a prepaid debit card, or by transferring the funds to out-of-state accounts.
  • The customer’s UI payments are quickly diverted via wire transfer to foreign accounts, particularly to accounts in countries with weak anti-money laundering controls. 
  • The customer receives or sends UI payments to a peer-to-peer (P2P) application or app.  The funds are then wired to an overseas account, or withdrawn using a debit card, in a manner that is inconsistent with the spending patterns of similarly situated customers.

TRID Assessment

The Consumer Financial Protection Bureau (CFPB) has released its assessment of TRID which can be found here. By way of background, Section 1022(d) of the Dodd-Frank Act requires the CFPB to conduct an assessment of each significant rule or order adopted by the CFPB under Federal consumer financial law.

Some findings noted in this 316-page assessment –

  • The CFPB found that the TRID disclosure forms improved prospective borrowers’ abilities to locate key mortgage information.
  • The TRID disclosure forms improved prospective borrowers’ abilities both to compare the features and costs of different mortgage offers and to compare estimated and actual loan terms and costs.
  • Evidence was mixed regarding whether the Rule increased consumer shopping for mortgages. 
  • The TRID Assessment Survey of Mortgage Originators (Lender Survey) asked representatives of companies that originate mortgages to estimate their one-time costs of implementing the Rule.  The median response was roughly $146 per mortgage originated in 2015.  This represents 2.0 percent of the average cost of originating a mortgage for that year.  By comparison, the Rule’s benefit-cost analysis estimated an average implementation cost of about $135 per mortgage originated in 2015.  Participants in the Lender Survey reported their largest implementation costs to be new information technology systems, policies, and training.
  • A survey of loan officers found that forty-one percent of loan officers said that the Loan Estimate was “more confusing” than the Good Faith Estimate and initial Truth-In-Lending disclosures replaced by the Loan Estimate; only 29 percent said that the Loan Estimate was “less confusing” than the GFE and initial TIL.  Similarly, 44 percent of loan officers said that the Closing Disclosure was “more confusing” than the HUD-1 and final TIL disclosures replaced by the Closing Disclosure; only 31 percent said that the Closing Disclosure was “less confusing” than the HUD-1 and final TIL.

InfoSight Highlight

In case you missed it, October is Cybersecurity Month! The Security channel has a page dedicated to the FFIEC Cybersecurity Assessment Tool and it’s always available for your use.  A couple of new resource links have also been added:  FTC Consumer Information - OnGuard Online and NCUA Fraud Prevention Center.

Also, the Small Business Administration recently released a new streamlined loan forgiveness application for Paycheck Protection Program borrowers of less than $50,000 after applications for PPP loan forgiveness were opened on Oct. 2. Designed to target small businesses that are still struggling during the pandemic as they near the end of their covered loan period, the application – which has been reduced from 12 pages to 2 — is supposed to make the forgiveness process simpler both for borrowers and lenders. This new application and instructions for completion have been added to the Paycheck Protection Program topic in the COVID-19-Coronavirus Channel.

As always, DAKCU members may contact Amy Kleinschmit with any compliance related questions.




<< Go to Memo List