CUNA Compliance Blog: Questions about BSA, counterfeit currency and more
Friday, December 07, 2012
CUNA Compliance Blog reviews questions about BSA, FCRA, counterfeit currency, non-interest bearing transaction account insurance and call report change for delinquency reporting.
Here are a few of the questions posed to CUNA compliance staff in November 2012.
Skip down to:
FCRA | counterfeit currency | non-interest bearing transaction account insurance |
call report changes
Q. We have to appoint a new BSA compliance officer. Can our BSA policy just state that the Board appointed a compliance officer on a specific date, or does regulation require us to list who that person is?
A. According to NCUA, the specific name (i.e., Jane Smith) is not required to be included in the policy itself, a title is enough. However, the board minutes should reflect the current person by name, who has been designated as the BSA compliance officer.
Q: In terms of BSA’s Customer Identification Program (CIP), does the original information obtained during account opening have to be retained or can the credit union satisfy the recordkeeping requirement by just keeping updated information about the member, for example, the member’s current address?
A: The CIP rule requires that a credit union retain the identifying information obtained about the member at the time of account opening for five years after the date the account is closed or, in the case of credit card accounts, five years after the account is closed or becomes dormant. According to FinCEN, updated information serves valuable, but different purposes to the credit union.
Q: What should we do if the credit union receives a civil subpoena for a SAR we filed on one of our members? I know we can only disclose SAR information to authorized government authorities, but this request is for the production of documents in a civil proceeding.
A: Call FinCEN! FinCEN issued an advisory (FIN-2012-A002) in March to remind financial institutions, "and their current and former directors, officers, employees, agents, and contractors,” that they are prohibited from disclosing suspicious activity reports (SARs), or any information that would reveal the existence of a SAR.
Why the warning? An increasing number of private parties, who are not authorized to know of the existence of filed SARs, have been seeking SARs from financial institutions for use in civil litigation and other matters. So, credit unions need to be vigilant in maintaining the confidentiality of SARs.
What are the consequences for failing to maintain SAR confidentiality?
- Civil penalties of up to $100,000 for each violation;
- Criminal penalties of up to $250,000 and/or imprisonment not to exceed five years; and/or
- Civil money penalties resulting from anti-money laundering program deficiencies (i.e., internal controls, training, etc.) that led to the SAR disclosure. Such penalties could be up to $25,000 per day for each day the violation continues.
Credit unions should contact FinCEN if they receive a subpoena or other request for a SAR from anyone other than an authorized government authority (e.g., law enforcement agencies, credit union’s regulator); or if the credit union becomes aware of an unauthorized disclosure of a SAR.
Q: Does the Fair Credit Reporting Act ever apply to commercial transactions?
A: The Fair Credit Reporting Act (FCRA) is a consumer protection statute, so you might think that it never applies to commercial transactions. But the real answer is: it depends of the circumstances, according to FCRA interpretations issued by the Federal Trade Commission (FTC).
The FTC played a key role in the implementation, interpretation and enforcement of the FCRA since the Act’s initial passage in 1970. So, although the CFPB now has primary responsibility for FCRA implementation, the agency will basically continue where the FTC left off.
And, here’s where the FTC stood on the issue of commercial transactions & the FCRA.
"Permissible Purposes” of Consumer Reports
There is no permissible purpose to obtain a "consumer report” on a consumer (i.e., individual) for the purpose of extending credit to a commercial entity. So, in order to have a permissible purpose, the transaction must involve the "extension of credit to a consumer” or a business transaction "initiated by a consumer.”
In other words, you’ll have a permissible purpose to pull a consumer report for business credit under the FCRA only if the business owner (individual proprietor, guarantor, etc.) will be personally liable for the debt.
What about the catchall "written authorization” when no other permissible purpose exists? I don’t think that works either, because again you’re pulling the report "in accordance with the written instructions of the consumer to whom it relates.” [FCRA, Sec. 604(a)(2)]
Consumer Reports versus Commercial Credit Reports
A report that concerns the member’s business history (as opposed to personal credit or employment history) that is collected and provided by a commercial reporting service solely for use in business transactions is not a "consumer report” under the FCRA. So, the FCRA wouldn’t apply if you’re obtaining these types of reports in connection with a commercial transaction.
However, the FCRA will apply when the credit union pulls a "consumer report” on an individual consumer. Remember, a consumer report is furnished by a consumer reporting agency (CRA) and bears on one or more consumer characteristics (e.g., credit standing).
As the FTC explains: "a report from a CRA on the personal credit of a consumer to a business credit grantor is a ‘consumer report’ regardless of the purpose for which the information may in fact be used. Reports obtained from CRAs on consumers retain their character as ‘consumer reports’ even if they are subsequently furnished in connection with a commercial credit or insurance transaction.”
Bottom line: the FCRA applies whenever you pull a consumer report.
Q: Is there any guidance available on how a credit union should handle suspected counterfeit currency? Specifically, are we allowed to confiscate it - even when the member insists that we return it?
A: The U.S. Secret Service provides this guidance. If you receive counterfeit currency:
- Do not return it to the passer.
- Delay the passer if possible.
- Observe the passer's description, as well as that of any companions, and the license plate numbers of any vehicles used.
- Contact your local police department or United States Secret Service field office. These numbers can be found on the inside front page of your local telephone directory.
- Write your initials and the date in the white border areas of the suspect note.
- Limit the handling of the note. Carefully place it in a protective covering, such as an envelope.
- Surrender the note or coin only to a properly identified police officer or a U.S. Secret Service special agent.
Non-Interest Bearing Transaction Account Insurance
Q: I have read that the temporary unlimited insurance on our non-interest bearing transaction accounts will be expiring on December 31, 2012. I see that the FDIC has issued guidance for banks. Has NCUA issued any guidance on how credit unions are required to notify members about this?
A: The Dodd-Frank Act provides temporary unlimited deposit insurance coverage for noninterest-bearing transaction accounts from December 31, 2010 through December 31, 2012. Beginning January 1, 2013, noninterest-bearing transaction accounts will be added to any of the member’s other accounts, in the applicable ownership category, and insured up to $250,000. The Dodd-Frank Act imposes no specific notice requirements.
At this time NCUA has not issued guidance similar to the FDIC Financial Institution Letter. However, CUNA has brought this up to the agency and we believe it is likely we will see something soon.
There is currently a push by the community bankers to get this program extended. CUNA’s legislative thrust is to try to pair the bankers’ interest in extending this expanded federal insurance program with credit unions’ interest in increasing the member business loan cap.
Call Report Changes
Q: NCUA Letter to Credit Unions 12-CU-12: Changes Planned for Upcoming Call Reports states that, effective with the June 2013 Call Report Cycle, the delinquency categories will be changed from months to days. One of the new delinquency categories listed in the letter is "1-59 days.” Is this is typo, or will credit unions really need to report delinquencies of less than one month?
A: NCUA has assured CUNA that this was just a typo. The online version of the letter has been corrected and now reads "30-59 days,” i.e., no reporting of delinquencies of less than 30 days.
June 2013 Call Report Cycle
Effective June 2013, we are revising the delinquent loan schedules on pages 7 and 8.
Specifically, we clarified reporting requirements by changing delinquency categories from "months” to "days.”
|Current Categories||June 2013 Delinquency Categories|
|1 to <2 months||30-59 days|
|2 to <6 months||60-179 days|
|6 to <12 months||180-359 days|
|12 months and over > ||360 days|