CUs Face Compliance Tidal Wave

Compliance solutions help CUs swim instead of sink.

March 15, 2011

Compliance will cost U.S. financial institutions about $30 billion through 2012, driven by a “tidal wave” of regulatory changes, says Lisa Fraga, vice president of banking and credit union services at Wolters Kluwer Financial Services, citing TowerGroup statistics.

Riding the crest of this wave will be the Dodd-Frank Wall Street Reform and Consumer Protection Act regulations, many of which go into effect July 21, she says. Fortunately, help is available.

Wolters Kluwer Financial Services offers a wide range of compliance solutions, both off-the-shelf and customized. ComplianceOne, the company’s core compliance documentation and workflow solution, helps users meet reporting requirements imposed by today’s alphabet soup of agencies, statutes, and regulations.


Similarly, Symitar’s Episys core system offers both off-the-shelf and customized compliance solutions to meet credit unions’ individual needs.

“Our primary goal is to represent the client’s needs and wishes in what we design,” says Mark Cauley, Symitar’s director of product management.

But even well-established software has undergone significant modifications. “In the past 12 to 18 months,” says Cauley, “we and our credit union clients have had to deal with the positive member contact and response opt-in requirement. Credit unions told us this was the costliest to implement in terms of time.”

Then there were changes to Regulations Z (Truth in Lending) and E (Electronic Fund Transfers), he adds, with often ambivalent or contradictory opinions about what they required. “We had to wait for firm rulings coming at a late date, which created difficulties for both us and our clients. Both regulations were like floodwaters—everybody was trying to keep their heads above them.”

As a result, says Cauley, “compliance has to bubble to the top of the pile of what we and our clients are working on. We have to deliver what the regulatory environment says we should.”

Fraga says that even though many credit unions lack dedicated compliance staff, “they’ll still have to address the effects of new legislation. Credit unions have to think about hiring third-party or in-house help, or outsourcing compliance issues to an expert.”

Three tips

Cauley offers three tips for dealing with compliance challenges:
1. Plan and budget for more disruptive compliance burdens down the road—“disruptive” meaning issues that take you away from other pressing matters. It’s better to over-budget resources for this, he says. “If the disruption is less than you planned for, you now have unexpected resources to apply to other concerns.”

2. Create an active dialog with regulators and legislators. Let them know you’re not disputing the regulations but need time to absorb and implement them. Doing so in a rush benefits nobody.

3. Increase scrutiny of the technology you invest in. If you’re dealing with a new company, does it have the ability, capacity, and talent to do what you need it to do, especially in an environment where new regulatory requirements are coming non-stop?

This is where vendor due diligence comes into play (“Vendor management made easier”).

Not following that advice can be costly. “The worst-case scenario today is reputational damage if a credit union fails to meet compliance requirements,” says Fraga.

That’s because whereas regulators regulate quietly, and usually don’t publicize sanctions they impose, new laws bring attorneys general into the act, who will file class- action suits. Those suits and their defendants will become publicized, to the detriment of any financial institutions named in them.

“Start planning now for the new regulations to come,” Fraga advises. “Changes to Reg Z will have a similar impact as the Real Estate Settlement Procedures Act did from a software and documentation perspective, and Dodd-Frank will, too. If you don’t have on-site resources and staff, find reputable outside help.”

Next: Vendor management made easier

Vendor Management Made Easier

Credit unions rely heavily on third-party providers. Dealing with vendors—in some cases, scores at a time—raises another compliance issue: Making sure you’re getting what you contracted for.

Vendor management software makes this a straightforward matter, says Michelle Willits, associate manager of new alliances at CUNA Strategic Services (CSS). “While credit unions must do their own due diligence, we give them the tools.”

She cites three CSS resources that help credit unions manage vendor relationships:

1. Staff’s extensive knowledge of the due diligence process it has conducted on providers through the years;

2. Its own vendor management product; and

3. The relationship CSS has with Abound Resources, which gives credit unions a third-party source for expertise when they conduct due diligence on potential vendors.

One crucial element in the credit union-vendor relationship is financial liability, says Julie Esser, director of new alliances at CSS. “Don’t take ‘no’ for an answer when requesting financial information about a vendor, especially if you determine the vendor is critical to your operations. You might have to sign a nondisclosure agreement, but make it clear that getting this information is a requirement for doing business.”

The CSS vendor management program is evolving to allow credit unions to assess and assign criticality levels to relationships. A landscaper, for example, is rated lower than a core processor, Willits explains.

“The software allows a credit union to create a spreadsheet that covers all pertinent concerns about a vendor, such as whether it does background checks on employees
who work in sensitive areas,” Willits says.

One common problem is when vendors charge credit unions more or differently for the same services they offer other clients. “Our alliance provider, John M. Floyd & Associates (JMFA), provides a service that determines the fair market value of a vendor’s offering and ensures the services it renders meet the terms of the contract,” says Esser.

The initial assessment is free, and credit unions pay JMFA a percentage of the savings they realize from its negotiation with providers.

Esser advises credit unions to do the following: Document everything. “If you saw a red flag and later moved on in the negotiation,” she says, “determine what led to your original concern and what made you later decide it was not a problem. Write it down.”

Follow your gut instincts if something seems awry. “Either don’t enter the relationship or else look much further,” Esser advises. “Ask, what’s the probability of something going wrong? If it’s high, what will you do if it does? What’s your plan?”

Never sign any agreements that prohibit your credit union from serving members or meeting their needs following contract termination.

And, of course, check references, Willits adds. “Ask your peers if they’d recommend a vendor.”

Other CSS compliance relationships include:

Perimeter E-Security. Through its security-as-a-software platform, Perimeter offers comprehensive compliance, security, and messaging services, including hosted e-mail, encrypted e-mail, firewall management and monitoring, vulnerability scanning, and intrusion detection and prevention.

TraceSecurity, a provider of information technology (IT) security compliance, risk, and audit management solutions. It helps credit unions achieve, maintain, and demonstrate IT security compliance.

Verafin, which provides Bank Secrecy Act and antimony laundering compliance and fraud detection software. Verafin’s customer base includes hundreds of financial institutions spanning a broad range of asset sizes.


CUNA Strategic Services, Madison, Wis.

CUNA Strategic Services alliance providers:
1. Abound Resources, Austin, Texas: 512-231-1750
2. John M. Floyd & Associates, Baytown, Texas: 800-809-2307
3. Perimeter E-Security, Milford, Conn.: 800-234-2175
4. TraceSecurity, Baton Rouge, La.: 877-275-3009
5. Verafin, St. John’s, Newfoundland: 877-368-9986