NCUA Advertising Signage Requirements

The credit union will follow the NCUA advertising rules in all its advertisements. All credit union advertisements or promotions will include either the NCUA’s official advertisement sign or an abbreviated statement.

NCUA Advertising Statement

The credit union can choose either of the following options to comply with this Regulation:

  1. Statement:This Credit Union is federally-insured by the National Credit Union Administration.
  2. Short Statement (no longer requires accompanying “official sign”):Federally Insured by NCUA”; or
  3. The Official Sign: (note: if the NCUA official sign in the advertisement is so small that the NCUA’s sign and the two lines of small type become indistinct, the credit union should use the NCUA official advertising statement, or the short statement instead.)

For additional information, click here for the topic.

Review the information today to help your credit union remain in compliance.


Court Affirms FTC Authority on Cybersecurity Issues

(8/26/15) A Third Circuit U.S. Court of Appeals panel of judges ruled Aug. 24 that the FTC could proceed with its lawsuit against hotel chain Wyndham Worldwide Corp. The suit claims the company violated the FTC Act's unfair business practice provisions when it took inadequate security measures to protect consumer data. As a result, the FTC claims, Wyndham had data breaches that between 2008 and 2009 exposed more than 619,000 payment cards and other consumer information.

Legal experts says the court's decision essentially affirms the FTC's right to oversee and fine U.S. companies for cybersecurity missteps that result in the compromise of personal information and payment.

Based on the court's decision, "it is even clearer that the FTC is the leading agency in the U.S. for data breach matters," says cybersecurity attorney Chris Pierson, who serves as chief security officer of payments provider Viewpost. "Challenging the FTC's authority to regulate unfair/deceptive acts and practices is unlikely to be fruitful in court. The Wyndham case is a seminal case for the FTC for the proposition that the FTC has the power and ability to oversee cybersecurity breach issues as the nation's default regulator."

In a research note, threat-intelligence firm iSight Partners says the ruling reinforces the FTC's authority to punish organizations that fail to take adequate steps to ensure user security. "This creates additional financial risk for enterprises that elect not to make cybersecurity a priority, theoretically pushing organizations to enact effective security policies," according to the research note. "The FTC has provided some resources and guidelines for cybersecurity, and may seek to establish a structure or system for issuing fines in the future."

Other FTC Actions

In addition to its ongoing case against Wyndham, a final FTC ruling is pending in its longstanding breach-related cybersecurity case against medical testing company LabMD. And in July, the FTC charged ID theft protection firm LifeLock with deception, claiming the company violated a 2010 settlement with the commission and 35 state attorneys general by continuing to make deceptive claims about its ID theft protection services and failing to take steps to protect users' data.

Privacy attorney Kirk Nahra of the law firm Wiley Rein says the Wyndham ruling could hurt LabMD's case, because the court has now made it clear that the FTC does have the authority to regulate cybersecurity. LabMD has argued, in part, that the FTC does not have jurisdiction.

What the Wyndham case does not make clear, however, is whether the FTC can fine and sue breached businesses that are regulated by other agencies, Nahra adds. "The Wyndham case doesn't address that issue at all, and I can't even try to guess how a court would [rule] based on the Wyndham decision," he says.

Attorney Adam Greene, a partner at law firm Davis Wright and Tremaine in Washington, says the Wyndham ruling leaves many questions about how the FTC will regulate cybersecurity going forward. "The ruling means that entities will need to read the FTC tea leaves to best discern what is 'reasonable' security, as the court did not hold that the FTC has to set forth more specific standards," he says.

And Matt Franko, a senior management consultant at forensics and security assessment firm SecureState, contends that giving more government agencies authority to oversee corporate cybersecurity, as the Wyndham ruling does, won't be good for business.

"The government seems to be allowing all industries to govern themselves, until they prove they cannot get their own houses in order," Franko says. "Now they're stepping in, with the courts' help, and levying fines and lawsuits in attempt to rectify the situation."  For additional information, please see this article.

Source:  CU Info Security

12 Red Flags for "Funnel Accounts" Used to Launder Money

Regulatory and law enforcement agencies are cautioning financial institutions about an increased use of illegal funnel accounts to launder proceeds from human smuggling, human trafficking and drug trafficking crimes. In light of the recent attention on this money laundering trend, I thought it would be useful to provide a brief overview of funnel accounts and how they are used to launder criminal proceeds.

What is a "funnel account"?

A funnel account (sometimes referred to as an interstate funnel account) is a method used to launder money that exploits branch networks of financial institutions. It involves illegal funds deposited into an account at one geographic location that gives criminals immediate access to the money via withdrawals in a different geographic location. The transaction amounts are kept under the AML reporting requirements in an attempt to avoid detection.

How Criminal Enterprises Use Funnel Accounts

Funnel accounts are opened by criminal organizations in the geographic area where the funds will be withdrawn, often locations along the southwest border of the U.S. The criminal organization provides the account number to co-conspirators around the U.S. who make cash deposits into the account from various geographic locations. The illicit funds are then immediately available for withdrawal by the criminal organization in the state in which the account was opened.

Alien smuggling organizations (ASOs) often use funnel accounts to receive illicit proceeds from U.S. based family members of foreign nationals living in Mexico and Central America who pay “coyotes” to smuggle their relatives into the United States across the southwest border. Deposits into funnel accounts can occur anywhere in the U.S. since individuals making payments to smuggling organizations can live in any part of the country.

Red Flags Indicators for Funnel Accounts

U.S. Immigration and Customs Enforcement (ICE) recently featured the topic of funnel accounts in their publication Cornerstone Report and provided the red flags listed below as potential indicators of this type of money laundering scheme.

  1. Account(s) with multiple deposits which are shortly transferred to other accounts
  2. Accounts with high aggregate dollar deposit activity but with low account balances
  3. Accounts with deposits from multiple, different individuals or companies
  4. Accounts with multiple deposits from multiple locations outside the banking area
  5. Accounts with multiple deposits from multiple sources (e.g., cash, ATM deposits, checks, wire transfers, etc.)
  6. Accounts opened in the U.S., by individuals temporarily within the U.S. who are bearing immigration identity documents (such as border crossing cards), then used to wire transfer funds back to Mexico
  7. Deposits are immediately (or within 1 to 2 days) withdrawn or wired from the account
  8. Accounts with an unusually high number of charge-backs
  9. Financial activity not commensurate with stated business or occupation of the depositing individual
  10. Anonymous cash deposits made in destination states [interior states] followed by rapid cash withdrawals made in source states [border states]
  11. Abrupt change in account activity
  12. Branch-shopping at various financial institutions to disguise nexus of the deposited funds with movements across the U.S. international borders.

Financial institutions would be well advised to incorporate these red flag indicators into their suspicious activity detection initiatives.

Source: Verifin

FTC Consumer Privacy Conference announced

The Federal Trade Commission has announced it will host PrivacyCon, a conference examining cutting-edge research and trends in protecting consumer privacy and security, in Washington, DC on January 14, 2016. The event is the first of its kind and will bring together leading stakeholders, including whitehat researchers, academics, industry representatives, federal policymakers, consumer advocates and others. A PrivacyCon website has been established and more information will be posted at a later date.

Source FTC

Register for OFAC symposium

OFAC has opened the registration for its 2015 Fall Symposium to be held September 22 from 8 a.m. to 4 p.m. ET in Washington, D.C. Note that online registration does not automatically confirm attendance. A separate email will be sent containing registration status. Travel arrangements should not be made until a confirmation email is received.

Source: OFAC

Providing Sensitive Credit Union and Member Data to NCUA

ALEXANDRIA, Va. (8/27/15)--Recently updated examination procedures from the National Credit Union Administration are intended to strengthen safeguards for data received electronically during an examination.

The changes, detailed in a letter sent to credit union CEOs last week, are based on recommendations the NCUA’s Office of the Inspector General made in June.

The NCUA defines “sensitive data” as: information which by itself, or in combination with other information, could be used to cause harm to a credit union, credit union member or any other party external to the NCUA; and any information concerning a person or their account which is not public information, including any non-public personally identifiable information.

“In order to ensure sensitive electronic credit union and member data is well protected, the data held by NCUA needs to be encrypted,” reads the letter, signed by Larry Fazio, director of the NCUA’s Office of Examination and Insurance. “The process of exchanging this data between credit unions and examiners also needs to be secure and well controlled.”

Effective immediately, NCUA examiners may only accept sensitive data electronically through:

Secure electronic transmission or transfer by removable media, including encryption. The data files or the electronic transmission conveying the files must be encrypted. Encryption must have 128-bit encryption and the use of a strong password (minimum eight characters, mixture of upper- and lowercase letters, numerals and special characters). The password must be provided separately from the device or transmission; and

In-person transfer by removable media not including encryption. If a credit union is unable or unwilling to provide data as mandated in the previous option, it may accept data if a credit union representative provides the data files to the examiner and remains physically present while the examiner transfers the data to the NCUA’s encrypted equipment.

“The above protocols reflect the initial steps NCUA is taking to strengthen the safeguards for sensitive data received electronically from a credit union during an examination,” the letter reads. “NCUA is in the process of acquiring a secure file transfer solution (such as an online portal) to facilitate examiner staff and credit unions securely and efficiently exchanging information.”

Fazio added that agency aims to have such a solution in place early in 2016.

Source: NCUA


CU Advocacy This Week

The Federal Trade Commission has extended the deadline for public comment on the proposed verifiable parental consent method that Riyo, Inc., has submitted for Commission approval under the agency’s Children’s Online Privacy Protection Rule.

The deadline for comments has been extended from the original date of Sept. 3 to Sept. 14, 2015.  Information for submitted comments is found in the Federal Register notice at the link below.

From the original notification on July 31, 2015:  The Federal Trade Commission is seeking public comment on a proposed verifiable parental consent method that Riyo has submitted for Commission approval under the agency’s Children’s Online Privacy Protection Rule.

Under the rule, online sites and services directed at children must obtain permission from a child’s parents before collecting personal information from that child. The rule lays out a number of acceptable methods for gaining parental consent, but also includes a provision allowing interested parties to submit new verifiable parental consent methods to the Commission for approval.

In a Federal Register notice to be published shortly, the FTC is seeking public comment about the proposed Riyo verifiable parental consent method including whether the proposed method is already covered by existing methods under the rule and whether it meets the rule’s requirement that it be reasonably calculated to ensure that the person providing the consent is actually the child’s parent. The Commission also seeks comment on whether the program poses a risk to consumers’ information and whether that risk is outweighed by the benefits of the program.

Source:  FTC

Regulatory Advocacy Report – now CUNA Advocacy Update

The Regulatory Advocacy Report is now combined with CUNA’s Legislative Update into a comprehensive CUNA Advocacy Update.  The new Advocacy Update is published at the beginning of every week, is accessible here and keeps you on top of the most important changes in Washington for credit unions--and what CUNA is doing to monitor, analyze, and influence government agencies and federal law.

Prior CUNA Regulatory Advocacy Reports have been archived and are available here

FREE Webinars on ComplySight, the League's latest compliance resource

Registration is now open for your front row seat to learn about ComplySight, the league's newest addition to your compliance toolbox. If you're looking for a solution to the compliance tidal wave, this system is for you! (Please register at least 15 minutes prior to the start of the webinar to allow for login information to be sent.)

Introduction to ComplySight

Designed to introduce and show the many features and benefits of ComplySight.

Introduction to ComplySight
9/09/15 11:30 am ET
9/17/15 3:30 pm ET
9/24/15 11:30 am ET

ComplySight Training & Tips:

An opportunity to review specific ComplySight topics in detail. Topics change so that users can continue to learn additional ComplySight functionality.

ComplySight Training & Tips
9/15/15 3:30 pm ET
9/30/15 11:30 am ET

Reports in ComplySight: 
New Webinar!

What reports are available and how do they work?

Reports in ComplySight
9/22/15 3:30 pm ET


Compliance eNEWSLETTER

September 4, 2015
Vol. 9, Issue 35

Created in partnership with the

Credit Union National Association

CU Compliance Connection – Promoting a Culture of Compliance

In this video for Compliance Connection, Compliance Consultant Amy Wargo details how to set up a culture of compliance at your credit union. 

View the CUBE TV video here.

September, 2015 October, 2015 November, 2015
  • November 1st, 2015: Daylight Savings Time Ends
  • November 11th, 2015: Veterans' Day - Federal Holiday
  • November 26th, 2015: Thanksgiving Day - Federal Holiday
December, 2015 January, 2016


CUNA offers hundreds of online training events that make it easy for you to learn right at your desk. Click here for updates on compliance, operations, lending topics and more!

Introduction to Financial Management Analysis and Problem Solving webinar 9/10/2015

Custom Construction Lending - Technical Stuff, Best Practices and Red Flags webinar 9/10/2015

Money Mission Demo - Online Financial Literacy Game webinar 09/14/2015

Balance Sheet Earnings webinar 9/17/2015

Introduction to Investments webinar 9/24/2015

Loan and Deposit Pricing webinar 10/1/2015

ACH Origination webinar series 10/13/2015

Forecasting and Budgeting Approaches webinar 10/8/2015

ACH Origination webinar series 10/13/2015

Determining Loan Losses and Strategic Decisions webinar 10/15/2015

CUNA Financial Management eSchool - Part 2 10/22/2015

Advanced Financial Ratios webinar 10/22/2015

Advanced Asset-Liability Management webinar 10/29/2015

Advanced Financial Management Analysis and Problem Solving webinar 11/5/2015

Balance Sheet Earnings webinar 11/12/2015

Identify Interest Rate and Market Risks webinar 11/19/2015

Liquidity and Funding Risk webinar 12/3/2015

Money Mission Demo - Online Financial Literacy Game webinar (12-07-2015)

Forecasting and Strategically Planning for Long-Term Growth webinar 12/10/2015

Managing Credit Risk webinar 12/17/2015