Comply With Internet Gambling Regs

June 1, 2010

June 1, 2010, is the compliance date for the Unlawful Internet Gambling Enforcement Act (UIGEA) regulations.

Credit union compliance officers might remember that just days before they were scheduled to comply with these requirements in December 2009, the Federal Reserve Board and U.S. Department of Treasury decided to push back the compliance date. No additional delays, however, were on the horizon at press time.

The regulations primarily affect card systems participants and money transfer business operators (“nonexempt participants”). Some participants in automated clearing house (ACH), check collection, and wire transfer systems are exempt from the requirements. The exemptions are complicated, however, and most credit unions are covered to some extent by the requirements.

Card system participants must establish and implement policies and procedures to identify and block, prevent, or prohibit restricted transactions; or rely on and comply with the policies and procedures of the payment system (e.g., Visa regulations).

For the payment systems other than card systems (ACH, wire transfer, check collection), the policy and procedures must focus on the due diligence process of establishing business accounts (so-called “commercial customer” relationships) to ensure the institution isn’t setting up an account for an illegal Internet gambling operation.

Visit the Credit Union National Association’s (CUNA) e-Guide at and select “compliance,” and then “e-Guide.”

BSA/AML Exam Manual Revised

The Federal Financial Institutions Examination Council (FFIEC) issued a revised Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual.

The new version, which clarifies supervisory expectations since the August 2007 update, draws on comments from the financial services industry and agency examination staff.

Significant updates include:

• A revised section on enterprisewide BSA/AML compliance programs, now titled “BSA/AML Compliance Program Structures.”
• A streamlined and reorganized section on the core examination procedures for assessing the BSA/AML compliance program.
• Guidance for examiners to determine whether a violation is systemic or recurring, as opposed to a technical or isolated violation.
• An updated section on Currency Transaction Reporting (CTR) exemptions to reflect the changes in the regulation and Financial Crimes Enforcement Network (FinCEN) guidance in this area.
• Enhanced discussion of methods to identify, research, and report â?¨suspicious activity.
• Updates to reflect the recent changes to International Automated Clearing House transactions (IAT) and Office of Foreign Assets Control (OFAC) compliance.
• A more in-depth discussion of prepaid cards and remote deposit capture.

To find the manual, go to the FFIEC’s BSA/AML InfoBase. Visit, and select “BSA/AML InfoBase” under “supervisory info.”


Mortgage Fraud Red Flags

FinCEN released new guidance (FIN-2010-A005) to help financial institutions guard against fraud schemes perpetrated against senior citizens who use the Federal Housing Administration’s (FHA) Home Equity Conversion Mortgage (HECM) program—a form of reverse mortgage.

This advisory contains examples of common fraud schemes and potential “red flags” for fraudulent activity related to this program.

To assist law enforcement in targeting this type of fraudulent activity, the advisory also suggests key words for financial institutions to use when completing suspicious activity reports involving fraud related to the HECM program. The guidance is available at

New Privacy Form Builder

The National Credit Union Administration (NCUA) has posted an online form builder credit unions can use to create customized privacy notices.

NCUA and other federal regulators issued a model privacy form credit unions may use to comply with initial and annual privacy notice requirements under the Privacy Act.

There are three versions of the model form available, depending on whether the credit union provides members with an opt-out option and the manner in which members exercise the opt-out (via Internet, telephone, or written request).

The model form will replace the sample clauses that most credit unions are using in their privacy notices today.

Credit unions that decide to use the model form will have satisfied the content requirements for privacy notices and are granted a safe harbor with regard to privacy notice compliance.

Regulators are providing a one-year transition period for institutions currently using the sample clauses.

This period expires on Dec. 31, 2010.

To access the NCUA’s online form builder, visit and select “resources,” then select “resources for consumers,” and then “consumer privacy.”

Training Calendar

 NCUA Requirements and Guidance Webinar: June 2 and June 16.
• Deposit Account Regulations Webinar: June 23 and June 30.
• Pressing Credit Union Compliance Issues audio conference: June 24.
• General Operations Regulations Webinar: July 7 and July 14.
 Regulatory Compliance Fundamentals Seminar: Aug. 14-15.
 Regulatory Compliance Schools (Introduction and Update): Aug. 15-20.
• Regulatory Compliance Update eSchool: Sept. 1- Oct. 13.

Visit, and enter the name of the event in the “event finder.”



Compliance effective dates:

• June 1, 2010: Federal Trade Commission’s enforcement of the Fair and Accurate Credit Transactions (FACT) Act identity theft red flag rules (applicable to state-chartered credit unions; federal credit unions have been subject to these rules since 2008).
• June 1, 2010: Treasury and the Federal Reserve Board’s Unlawful Internet Gambling Enforcement Act (UIGEA) regulations.
July 1, 2010: Regulation E rules restricting overdraft fees for ATM and one-time debit transactions for new accounts (applicable to all credit unions).
• July 1, 2010: Regulation Z’s open-end lending rules (applicable to all credit unions).
• July 1, 2010: FACT Act’s accuracy and direct dispute provisions (applicable to all credit unions).
 Aug. 15, 2010: Regulation E overdraft rules for existing accounts—those established prior to July 1, 2010 (applicable to all credit unions).
• Aug. 22, 2010: Credit Card Accountability, Responsibility, and Disclosure (CARD) Act’s gift card rules and rules on the amount of fees and penalties and interest rate reviews on credit cards.

Visit and select “compliance,” and then “e-Guide.”


Compliance Q&A

Q Can the credit union provide the Regulation E opt-in and confirmation notice in the same mailing?

A No. The confirmation notice is an acknowledgement of the consumer’s affirmative consent to sign up for the credit union’s overdraft service for ATM and one-time debit card transactions. Therefore, a credit union must provide it after receipt of the member’s opt-in. The confirmation notice can be a copy of the member’s completed form (if it includes information regarding the member’s right to revoke consent), or a separate letter acknowledging the member has elected to opt-in to the overdraft service. Also, note the Federal Reserve Board has clarified in a proposal that an institution may not assess any overdraft fees or charges on the consumer’s account until it has sent the written confirmation.

Q To what extent does the Servicemembers Civil Relief Act (SCRA) protect a servicemember’s dependents?

A The SCRA defines “dependent” as the service member’s spouse, child, or an individual for whom the servicemember provided more than one-half of the individual’s support for 180 days immediately preceding an application for relief.

Dependents generally aren’t entitled to receive reduced rates of interest on loans (unless there is a joint obligation with the servicemember), but may seek court protection to prevent foreclosure, repossession, or an out-of-court sale.

CUNA’s newly released edition of “Servicemembers Civil Relief Act: A Compliance Guide,” ensures credit union staff maintain compliance under the law. Visit, and enter 0300 in the product finder.

For more compliance questions and answers, visit, and select “compliance.”