New Threats Require a New Approach to Risk Management
Of all the risks your CU faces, the greatest is board complacency.
The evolving world of financial services is creating unprecedented risk management challenges. These challenges come in many shapes and sizes—new forms of fraud and litigation, increased regulatory compliance burdens, directors’ growing fiduciary responsibilities, ongoing corporate stabilization assessments, and reductions in once- stable forms of fee income.
The credit union movement, however, has a history of finding opportunities in the midst of challenging times. And there’s every reason to believe credit unions will continue that legacy despite the difficult road ahead.
One litigation trend that’s certain to continue is the tendency for plaintiffs’ attorneys to pursue “deep pockets” in search of a quick and easy payday.
The latest litigation trend involves lawsuits from noncardholders alleging missing or inadequate ATM fee signage. CUNA Mutual Group issued more indemnity claim payments in 2011 related to these types of allegations than in any previous year.
There were 90 class-action lawsuits filed against credit unions from May 1, 2010, to December 31, 2011, and 60 new Electronic Funds Transfer Act class-action suits for alleged ATM fee signage violations, CUNA Mutual reports.
Regulation E requires financial institutions to post notices of fees that may be charged to ATM users. Every terminal must provide the option to discontinue the transaction to avoid incurring the fee, as well as disclose the fee on every transaction receipt.
All of your credit union-owned ATMs must contain adequate notices that comply with Reg E. And make sure your credit union’s ATMs are regularly inspected and documented for appropriate fee signage when they’re serviced or replenished with cash (“Beware ATM fee disclosure lawsuits”).
When credit unions use a third-party vendor to service ATMs, consider these service arrangements when developing or revising your compliance oversight program.
There is also an increase in the number of lawsuits against credit unions alleging patent infringements. In almost all cases, the credit union was unaware of the alleged patent infringement because it used a third-party vendor to provide the product or service involved.
Several credit unions were also notified by plaintiff law firms that the secure communication feature offered in conjunction with their online banking service violated a patent held by their client.
The notice contained details of the filed patent and further explained that without the appropriate license agreement and fee, the credit union is considered to be infringing on the patent.
In a separate matter, several credit unions were accused of violating a patent held on the technology used to create customizable credit and debit cards. This allegation involved credit unions that allow members to insert a customized logo or personal photograph on their plastic cards.
In both of these instances, credit unions enlisted third-party vendors and service agreements to provide these products and services.
Credit unions should always have their legal counsel review service agreements to ensure that, among other things, they’ll be held harmless for any unintentional violations of registered U.S. patents if they use the applicable agreement.
Credit union vendors should provide assurance that these types of matters have been resolved before the credit union signs the service agreement.
Lender liability losses continue to rise due in part to the residual fallout of the subprime and liquidity crisis of 2008. There has been a significant increase in claims including wrongful repossession, wrongful foreclosure, and violation of the U.S Bankruptcy Code.
The number of lender liability claims grew 18% from 2010 to 2011, and total paid losses for these claims jumped 26% during this time, CUNA Mutual reports.
CUNA Mutual saw a record number of claims filed in 2010 and 2011 resulting from the issuance of Uniform Commercial Code (UCC) post-repossession documents that didn’t comply with the notice of intent to sell. The UCC governs repossession documents and requires specific language, disclosures, and properly executed documents.
Collection staff must complete these documents properly and send them to members after secured collateral has been repossessed but before the sale of the collateral. Unintentional violation of any steps involved in this process can lead to potential class-action lawsuits against the credit union.
Be aware that certain UCC provisions can vary among states. So make sure your legal counsel reviews and approves member-facing repossession documents.
One final area of emerging litigation relates to employment practice liability. Wage and hour litigation has been rising steadily for the past 12 to 18 months.
These allegations stem from credit unions not following state labor laws, such as mandated employee breaks or allowing nonexempt staff to continue working after they’ve clocked out and are no longer being compensated.
Again, this has resulted in costly class-action litigation that can easily be avoided with adequate personnel controls and oversight.
While these might appear to be minor infractions of labor law, verdicts and damage awards tell a different story.
Next: Board oversight
Credit unions face no greater risk than complacency or lack of oversight by their boards of directors. Many failed credit unions over the past few years serve as a reminder of the importance of board-level risk oversight and corporate governance.
A truly effective risk oversight program begins with your strategic planning process. As your board of directors and senior management team begin the strategic planning process, consider how your strategic plan will align with your risk tolerance.
The five basic elements of a risk oversight program include:
- Identifying and defining your strategic objectives, such as growing membership by a certain percentage, increasing return on assets, implementing new loan programs, or diversifying your loan portfolio.
- Identifying the initiatives that will contribute to your credit union’s strategic objectives, such as new product or service offerings, additional branches, expense reduction, or new sources of noninterest income.
- Identifying the risks that threaten each of your initiatives, such as data breaches, fraud, credit risk, or reputation risk.
- Developing a viable risk-mitigation technique that will manage exposure in accordance with your predetermined risk tolerance.
- Recording and reporting the progress of each initiative and risk-mitigation technique to your board.
Ideally, these steps should be monitored and reported to your board on a regular basis. The effectiveness of your credit union’s risk oversight program depends largely on the board’s understanding of risks and risk-mitigation strategies.
Without adequate knowledge and resources to identify, measure, and manage threats, it’s nearly impossible to take a calculated approach to balancing risk with reward.
A comprehensive risk oversight program should be flexible, containing “safety valves” to manage risk and preserve your credit union’s ability to change course based on a wide variety of uncertainties.
Boards need a high level of regular engagement in these discussions. They should incorporate financial literacy into risk oversight as part of their overall fiduciary responsibility.
In the future, exciting prospects and new challenges will require your credit union to adjust its approach to managing risk.
Litigation threats are coming from all directions, but an informed and proactive stance to these emerging trends can be your best defense.
Fines, penalties, and judgments are bad enough, but irreversible damage to your credit union’s reputation could be the ultimate price of noncompliance with important consumer protections and labor laws.
Credit unions have fared well through the recession and are well positioned to ride the wave of economic recovery.
A sharp focus on emerging opportunities and a steadfast commitment to member service-along with proper risk management-will guide your credit union through turbulent times, distinguishing it as a trusted leader in the financial services industry.
BRAD MUNDINE is senior manager, Credit Union Protection Risk Management, for CUNA Mutual Group. Contact him at 800-356-2644, ext. 5100.
Mortgage SARs on the Rise
The number of mortgage fraud suspicious activity reports (SAR) reached 19,934 during third-quarter 2011, up from 16,567 during the same period in 2010, according to the Financial Crimes Enforcement Network (FINCEN).
The most common types of suspicious activities involved loan workout or debt elimination attempts, questionable loan modification attempts by those targeting distressed homeowners, and Social Security number discrepancies.
Almost 62% of SAR filings reported in third-quarter 2011 involved suspicious activities that started four or more years ago, FINCEN reports, stemming from mortgages made at the height of the lending boom.
Mortgage fraud SAR filings have skyrocketed over the years, from 6,936 in fiscal year 2003 to 93,508 in fiscal year 2011, reports the FBI.