Q. Is the credit union responsible for screening both inbound and outbound international ACH transactions (IATs) to ensure compliance with Office of Foreign Assets Control (OFAC) regulations?
A. In the case of inbound IATs, as the receiving depository financial institution (RDFI), the credit union is responsible for compliance with OFAC sanctions programs. For outbound IATs, the originating depository financial institution (ODFI) can’t rely on OFAC screening by an RDFI outside of the U.S. So the credit union, as the ODFI, must exercise increased diligence to ensure illegal transactions aren’t processed.
Due diligence may include screening the parties to a transaction, reviewing the details of the payment field information for an indication of a sanctions violation, investigating the resulting hits, and blocking or rejecting the transaction, if appropriate, according to the 2014 FFIEC Bank Secrecy Act Anti-Money Laundering Manual.
Q. Does a credit union have to provide a member a change in terms notice before cancelling an ATM card?
A. No. It doesn’t have to provide a change in terms notice when cancelling an ATM card or other access device. Section 1005.8 of Regulation E requires the credit union to send a change in terms notice at least 21 days before the effective date of any change that would be adverse to the consumer (increased fees, increased liability, fewer types of available electronic funds transfers, and stricter limitations on the frequency or dollar amount of transfers). But the staff commentary to the regulation clarifies the 21-day advance notice isn’t required when an institution closes an ATM or cancels an access device (such as an ATM card). From a member relations standpoint, the credit union should provide some type of warning to the member that his or her access device has been or will be cancelled.
Q. Does ESIGN require the credit union to redeliver returned email messages?
A. No. The federal ESIGN statute doesn’t mandate any particular means of electronic delivery or redelivery of disclosures. The credit union must determine how to handle undeliverable email messages. If there are reasonable grounds to believe a member didn’t receive the electronic communication, most credit unions follow-up via postal mail.
Visit CUNA’s compliance blog— “CompBlog”— at cuna.org/compliance. Email firstname.lastname@example.org with questions or ideas for blog posts, and keep the conversation going with your peers on COBWEB, CUNA’s compliance listserv.