Compliance Q&A: Suspicious Activity Reports
What is the difference between an “unauthorized electronic intrusion” and an “account takeover?"
Q: What is the difference between an “unauthorized electronic intrusion” and an “account takeover” for purposes of completing a Suspicious Activity Report (SAR)?
A: An “unauthorized electronic intrusion” occurs when a cyberthief gains access to a credit union’s computer system to:
- Remove, steal, procure, or otherwise affect funds of the credit union or its members;
- Remove, steal, procure, or otherwise affect critical information of the credit union, including member account information; and/or
- Damage, disable, or otherwise affect critical systems of the credit union.
An “account takeover” primarily targets the member’s account, rather than the financial institution maintaining the account. Ultimately, the fraudster aims to remove, steal, procure, or otherwise affect funds of the targeted member.
Q: When must credit unions provide the new Closing Disclosure under the Truth in Lending Act–Real Estate Settlement Procedures Act (TILA-RESPA) final rule?
A: The TILA-RESPA final rule, which becomes effective Aug. 1, 2015, creates two new forms—the Loan Estimate and the Closing Disclosure. The Closing Disclosure replaces the existing HUD-1 form and the TILA/Regulation Z final loan disclosures. Generally, creditors must provide the Closing Disclosure to borrowers no later than three business days prior to loan consummation.
Visit CUNA’s compliance blog—“CompBlog”— at cuna.org/compliance. E-mail email@example.com with questions or ideas for blog posts, and keep the conversation going with your peers on COBWEB, CUNA’s compliance listserv.