EMV Implementation (Credit Card Security)

EMV stands for Europay, MasterCard and Visa, the developers of global standards for integrated circuit cards (IC cards or “chip cards”). Credit cards that use EMV technology have an embedded microprocessor chip instead of a magnetic stripe. While magnetic stripes store credit card numbers and expiration dates, which can be used to make counterfeit cards, EMV-enabled cards encrypt transaction data differently each time the card is used.

Major credit card companies are pushing merchants and financial institutions to switch to EMV-enabled cards by making them liable for any fraudulent charges if they haven't converted. The liability shift became effective for MasterCard/Visa POS transactions on October 1, 2015 and for MasterCard ATM transactions October 1, 2016. The liability shift for Visa ATM transactions will occur in October 2017. The shift in liability for automatic fuel dispensers for MasterCard/Visa is expected to occur in October 2020.

Currently, Point of Sale (POS) counterfeit fraud liability is held by card issuers. With the liability shift, if a contact chip card is presented to a merchant that has not adopted contact chip terminals, liability for counterfeit fraud will shift to the merchant's acquirer, according to Visa’s website. Visa required U.S. acquirers to support merchant acceptance of chip transactions by April 1, 2013.

Unfortunately, EMV does not protect consumers from "card-not-present transactions" -- those made via the Internet or phone in which the cardholder is not physically present -- because no chip transaction is involved. Additionally, when a merchant terminal and/or point-of-sale system is hacked, an EMV chip still may have provided enough information to be used by criminals online. In countries using EMV technology, fraud is down at stores, but online fraud has increased.

Chip technology comes in two types: contact and contactless. Contact chips include an integrated circuit or chip that communicates information to a point of transaction terminal. Contactless chips employ a radio frequency or infrared technology that allows the terminal to communicate or transact without physically touching the card.

For additional information, click here for the topic.

Review the information today to help your credit union remain in compliance.


Bureau levies $1.75M HMDA penalty

Last week, the CFPB ordered Nationstar Mortgage, a national nonbank mortgage lender, to pay a $1.75 million penalty for HMDA reporting errors. This is the largest HMDA civil penalty imposed by the Bureau to date, and the action stems from Nationstar’s repeated and substantial reporting errors due to its flawed HMDA compliance system.

On three separate data reviews over a three year period, the Bureau found error rates exceeding the applicable resubmission threshold of 10%. Additionally, multiple deficiencies in Nationstar’s compliance mechanisms were found, including:

  • Lack of centralized HMDA data collection and validation procedures;
  • Failing to clearly define employees’ roles and responsibilities for HMDA data collection and reporting;
  • Not performing formal compliance tests, audits, or transaction tests of HMDA data;
  • Allowing inconsistent data definitions among different business lines;
  • Inadequate vendor monitoring; and
  • Not implementing adequate compliance management measures to detect and prevent these deficiencies.

This enforcement action stems from data collected and reported from 2012-2014, but it is important to keep in mind that when the new HMDA rule becomes effective next year, credit unions will be required to collect and report significantly more data points than under the current rule. Now is the time to start ensuring that your internal HMDA compliance management system is accurate and effective, and that your vendors are getting up to speed as well. The Nationstar action shows that this is a hot topic on the CFPB’s radar, and in this new administration they seem to be focusing on enforcement rather than rulemaking, at least for the time being. You can view the full text of the consent order here. Additionally, please refer to CUNA’s HMDA Final Rule Analysis and the HMDA section of the E-guide for more information on the rule.

Source: CFPB and CUNA Blog

OFAC sanctions Kuwait-based terrorist financier

OFAC has announced it has taken action against al-Nusrah Front (ANF) and al-Qa'ida (AQ) facilitator Muhammad Hadi al-'Anizi (al-'Anizi). The Kuwaiti-based terrorist financier is being designated as a Specially Designated Global Terrorist (SDGT) pursuant to Executive Order 13224, which targets terrorists and those providing support to terrorists or acts of terrorism. As a result of today’s action, all property and interests in property of al-'Anizi subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from engaging in transactions with him.

Source: OFAC

Agencies issue EGRPRA report to Congress

A joint press release has been issued by the member agencies of the FFIEC regarding their delivery to Congress of a joint report detailing their review of rules affecting financial institutions. The review was conducted as part of the Economic Growth and Regulatory Paperwork Reduction Act of 1996 (EGRPRA), which requires the federal banking agencies, along with the FFIEC, to conduct a review of their rules at least every 10 years to identify outdated or unnecessary regulations.

Source: FFIEC


Prepaid Accounts rule delay proposal published

The CFPB's previously announced proposal to delay for six months the effective date of its Prepaid Accounts rule was published in the Federal Register. The 21-day comment period ends on April 5, 2017.

CU growth trends continue

The NCUA Quarterly U.S. Map Review for the fourth quarter 2016 has been posted, and indicates federally insured credit unions saw continued improvement in nearly every category during the fourth quarter of 2016, according to state-level data compiled by the NCUA.

New Mexico Legislature Passes Data Breach Notification and CDFI Bill

After months of advocating with New Mexico lawmakers, the League scored two major victories for credit unions in the state legislature.

The New Mexico legislature unanimously passed a credit union-supported data breach notification bill, The Data Breach Notification Act, H 15. The legislation requires retailers and any other entity that gathers and stores personal information to notify affected parties within 30 days if the entity believes there is a serious risk of identity theft or fraud. The bill is expected to help stop fraud and identity theft.

Businesses that do not comply could be fined up to $150,000. If the measure becomes law, Alabama and South Dakota would be left as the only states without a data breach notification law.

The League also successfully ushered H 342, The Community Development Financial Institution Act, through the New Mexico Legislature. The bill is expected to grow jobs in New Mexico by allowing the State to invest in economically distressed communities through public-private partnerships. In addition to helping to create jobs, the bill would also provide affordable financial services and assist small businesses with seed capital. The bill is in response to growing concern that distressed New Mexico communities need direct support.

The League continues to advocate with the Governor to ensure both bills become law.

Credit Union Bills Pass Legislatures in Georgia and Iowa

Recently, a Georgia League-backed bill, H 143, with multiple pro-credit union provisions to help improve operations and alleviate compliance, has passed the state legislature and is being considered by the Governor. If enacted, the measure would:

  • Create flexibility and enhancements in the audit provisions for smaller credit unions by permitting different forms of audits to be held on a case-by-case basis;
  • Modify the law governing merger votes;
  • Outline that businesses headquartered within the field of membership may be eligible for membership in the same manner as a person;
  • Add "working" to the eligible criteria for field of membership when an individual is working in the approved geographic area;
  • Add whole loans to the permissible items for investment;
  • Improve the law that governs fixed assets and real estate property held by the credit union;
  • Outline the ability of financial institutions to charge a convenience fee;
  • Permit financial institutions to operate on Sundays;
  • Permit the regulator to include third-party providers in its examinations;
  • Streamline the calculation for lending limits; and
  • Increase the age at which a minor can open an account.

In Iowa, the League is supportive of the credit union regulator’s clean-up bill, S 409, which has also passed the state legislature and is being considered by the Governor. With a limited scope, the legislation would:

  • Create a process by which the regulator can share confidential exam information with a third party (like a potential merger partner) and;
  • Permit the regulator to call a meeting of a credit union board unrelated to the examination process.

The Iowa league is also working on a bill that would permit credit unions to credit unions to provide deferral payment programs and an amendment to the bill that will provide regulatory relief by allowing credit union employees and directors access to overdraft protection.

CUNA Advocacy Update

The CUNA Advocacy Update is published at the beginning of every week and keeps you on top of the most important changes in Washington for credit unions--and what CUNA is doing to monitor, analyze, and influence government agencies and federal law. Additional Advocacy efforts may also be found under CUNA’s Removing Barriers blog.

ComplySight: A Complete Compliance Management and Tracking System

What can ComplySight do for your credit union? It is central site that allows your credit union to:

  • review regulations and laws to assess the level of compliance within your own organization;
  • manage regulatory requirements and the associated internal organizational communications;
  • assign and track the activities needed to achieve or maintain compliance; and
  • keep current on regulatory alerts and updates.

Click here to see six more ways ComplySight can help your credit union!

ComplySight Training is Available!

Not sure how to get started, or want a refresher on how to use ComplySight? Or are you interested in seeing more of how ComplySight works? We are excited to make available recorded webinars to help you get the most out of ComplySight! We currently have seven training modules available! The ComplySight training webinars are available at any time, and registration is not required. Click here to start training today!

ComplySight: 30 Day Free Trial!

If you’re interested in a “trial run” of ComplySight, League InfoSight is offering a free, 30-day trial so you can see the benefits first-hand. It's easy to get started. Just visit us online and click on Free Trial Offer.

Compliance eNEWSLETTER

March 24, 2017
Vol. 11, Issue 12

Created in partnership with the

Credit Union National Association

Q4 2016 Overview and Q1 2017 Changes Coming

In this recent video, Glory LeDu reminds us of the regulatory changes that became effective in the 4th quarter of 2016 (which includes the DELAY of the DOL Overtime rules). Glory also provides a review of the changes effective in the 1st Quarter of 2017 including the updates to Member Business Lending and the new requirements for HMDA reporting for 2017. This also includes the updated threshold changes effective on 1/1/2017.

Member Business Lending

This video provides the details you will need to know to comply with the NCUA’s Member Business Lending rules.

April, 2017 May, 2017
  • May 29th, 2017: Memorial Day - Federal Holiday
July, 2017 September, 2017 October, 2017

Regulatory Compliance Training

Cybersecurity – Intrusion threats and vulnerabilities (recorded webinar)


CUNA offers hundreds of online training events that make it easy for you to learn right at your desk. Whether you are looking for a beginner course or want a comprehensive understanding on a specific topic, CUNA webinars, audio conferences and eSchools have what you need. 

Click here for updates on compliance, operations, lending topics and more!