Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

October 30, 2014

NEW: Home Depot breach cost CUs nearly $60M

WASHINGTON (10/30/14, UPDATED 11:00 a.m. ET)--The data security breach at Home Depot stores in September cost credit unions nearly $60 million to reissue cards, deal with fraud and cover other costs, according to the results of a new survey of credit unions, released today by the Credit Union National Association.

The Home Depot breach was reported on Sept. 18.

The CUNA survey, which asked credit unions to report the effects of the Home Depot breach, found that 7.2 million credit union debit and credit cards were affected. The survey shows that the cost per card reissued by credit unions was $8.02, which included costs for reissuing, as well as fraud and other costs such as additional staffing, member notification, account monitoring and others).

Conducted from Oct. 1 to Oct. 24, the CUNA survey is the second this year by the nation's largest trade group for credit unions to gauge the impact of data breaches on credit unions.

In January, CUNA conducted a similar survey in the wake of the massive information leak at Target stores in December. That survey found that the Target breach cost credit unions nearly $30 million. The Home Depot breach costs--at $57.4 million nearly twice as much as the Target breach--affected more credit union debit and credit cards and the cost per affected card was considerably higher than even in the Target breach.

Further, the most recent CUNA survey found that, to date, credit unions have not been reimbursed for the costs they incurred as a result of the Target breach. 

"The cost to credit unions of data breaches--which seem to be occurring with increasing regularity--is rising, as the CUNA surveys clearly demonstrate," said CUNA President/CEO Jim Nussle. "The bottom line is that credit union members end up paying the costs--despite the fact that the credit unions they own had nothing to do with causing the breach in the first place."

Nussle added that all participants in the payment process have a shared responsibility to protect consumer data. "However, the law and the incentive structure today allow merchants to abdicate that responsibility, making consumers vulnerable," Nussle said.

"Congress has a role to play in addressing the issue of merchant data breaches by making sure all of the participants are playing by the same set of data security rules, and that merchants who hold consumer data and allow that data to be breached, are responsible for the costs incurred by others.

"Congress must act to protect consumers by taking steps to enhance data security standards for merchants," the credit union leader said.

CUNA Chief Economist Bill Hampel, who conducted the survey, said the results show that more than four in every five (80.1%) of credit unions affected by the breach have reissued or will reissue all affected cards. Nearly one in five (18.5%) will reissue or have selectively reissued cards in response to member requests or other factors. The remainder (1.4%) do not plan to reissue any cards.

"Card reissuance is an expensive proposition, representing about a quarter of the total costs to credit unions of these breaches," Hampel, who is also CUNA chief policy officer, said. "But our latest survey found that fraud is the most expensive component of costs, amounting to $4.89 for each card, or 60% of the total costs."

Credit unions responding to the survey (835 total) have issued a total of 20.1 million cards outstanding, comprised of 14.9 million debit cards and 5.2 million credit cards. The total represents 28.2% of the 53 million debit cards issued by credit unions, 32.5% of the 16 million credit cards outstanding, and 29.2% of the total of 69 million cards outstanding.

Click here to see a "Preliminary Results" sheet for additional information. ReadMore

Other Resources

Post QE, Fed concerns still linger, says CUNA's Schenk

WASHINGTON (10/30/14)--Given that the Federal Open Market Committee (FOMC) said in the middle of 2013 that it was planning to retire its asset-purchase program, it was no surprise Wednesday when, at the conclusion of its two-day monetary policy meeting, the FOMC announced the program's official end.

Therefore, neither the announcement nor the actual termination of the quantitative easing program should have an effect on markets or the economy, according to Mike Schenk, vice president of economic and statistics for the Credit Union National Association.

"The fact that the economy has been growing and labor markets have been improving over most of the wind-down period is a good sign," Schenk told News Now.

But with the bond-buying program now a thing of the past, the Federal Reserve's monetary-policy making body must turn its attention to the short-term interest rates that it has kept near 0% for the past few years to help stimulate the economy.

As the FOMC said in its policy statement that it does not anticipate it will raise short-term rates for a "considerable time" after the end of the purchase program, and potentially not even for some time after inflation and unemployment reach levels that align with the committee's longer-run goals, it seems there's concern among the Fed about the prospects for the economy.  

"The breadth of labor market recovery is not what the Fed would like it to be," Schenk said. "Wage gains have been fairly weak, and the housing market is recovering, but not robustly. That in addition to a weak Eurozone and obvious geopolitical uncertainties.

"With this as a backdrop, it's not surprising the Fed also stated its intention to keep its short-term interest rate target near zero for an extended period," Schenk said. "The Fed funds futures market reflects expectations of a first Fed move at a July 2015 FOMC meeting.

"In the meantime we expect labor and housing markets to continue to improve, and that should translate into continued high loan demand at credit unions in the coming months." ReadMore

Other Resources

CUNA urges CFPB to use all authority to exempt CUs from HMDA provisions

WASHINGTON (10/30/14)--Changes by the Consumer Financial Protection Bureau to Home Mortgage Disclosure Act (HMDA) rules would be yet another layer of expense and burden on credit unions already struggling to meet a suffocating overall compliance burden, the Credit Union National Association warns in its most recent comment letter.
CUNA urges the CFPB to use a surgeon's precision in meeting Dodd-Frank Act requirements to change HMDA--and go no further than the act mandates. CUNA also charged the CFPB with doing all it can to exempt credit unions from as many provisions of the proposal as is permissible.
The CFPB unveiled HMDA revisions in July--changes it said are intended to improve the information reported about the residential mortgage market under HMDA.
The proposal also is meant to simplify the reporting process for credit unions and other financial institutions. However, by the CFPB's own estimates, the changes would represent a compliance burden of 4.7 million hours annually for all regulated entities required to report under HMDA.
CUNA strongly urges the bureau to increase a proposed threshold that would exempt a depository institution from reporting HMDA data if it originates fewer than 25 closed-end mortgage loans in the year--which would include closed-end, reverse mortgages.
"As a practical matter, very few credit unions involved in mortgage lending originate less than 25 covered loans, so the relief contemplated by the proposal would likely be very small, if at all," CUNA writes.
CUNA urges the bureau to increase the exemption threshold to 500 loans to more appropriately exempt smaller financial institutions that have no track record of discriminatory lending--or redlining--or fair-lending violations.
In its letter, CUNA also advocates that the CFPB drop its plan to require mandatory reporting of home equity lines of credit (HELOCs)--calling that provision "a chief concern."
CUNA explains that HELOCs often are administered in consumer lending functions of a credit union, rather than in mortgage functions. This means HELOCs are maintained on entirely separate computer operating systems and platforms than their first mortgage counterparts, making it extremely difficulties and significantly expensive to compile and aggregate the required HMDA data points for HELOCs if the bureau's rule is finalized as currently proposed.
CUNA further urges adoption of a sufficient implementation time. 
"The data collection requirements outlined within the bureau's proposal are, at best, overwhelming for a vast majority of HMDA-reporting credit unions," CUNA writes and continues:
"As previously discussed in this letter, systems will need to be reprogrammed, staff will need to be trained and retrained, existing application forms will need to be amended, and over thirty-seven new data elements will also need to be developed, programmed, implemented and staff will also need to be trained according to the policies and procedures surrounding each of these additional data point disclosures, which will also have to be developed."
Another key area of concern, CUNA notes, is that the bureau does not state within the proposal what, if any, of the new data collection points would or would not be made available to the public, but indicates that the agency is reviewing the matter.

Much of the HMDA data, such as credit scores and property addresses, raise significant privacy issues because if made publicly available  it could conceivably allow a person to piece together the financial picture of a borrower, their place of residence, their income and their livelihood, thereby significantly intruding on credit union members' privacy.

CUNA urges the CFPB not to proceed until this issue is resolved and then to provide  an additional comment period for credit unions and other stakeholders to weigh in on the specifics of the privacy plan.

Additionally, the Government Accountability Office (GAO) recently released a report indicating concerns regarding the privacy and security procedures for data collection by the CFPB, and making numerous recommendations to improve the protection and security of consumer financial data.

CUNA feels that until all of these recommendations are acted upon, expanding the data provided to the agency would place credit union members at greater risk of financial harm, exposing credit unions and their members to possible misuse of their sensitive and personal financial information, including fraud and identity theft.  ReadMore

Other Resources

Widget FCU: Real-life crime busters, CEO tells story (Part I)

LAS VEGAS (10/30/14)--As she walked through her branch in December 2012, Gail Cook, CEO of Widget FCU, overheard a branch manager comment about a strange new account, words that would spark an investigation that would span more than a year and involved tens of millions of dollars in fraud.
In this two-part series, News Now will cover the Widget FCU case, how Cook and her staff helped bring down a conspiracy and what credit unions can learn from it. Cook told her story to the nearly 300 credit union representatives that particpated in the Credit Union National Association-National Association of State Credit Union Supervisors Bank Secrecy Act Conference, which ended here Wednesday.
Cook and Widget FCU, Erie, Pa., with $264 million in assets, eventually found they helped shed light on a group of fraudsters
Click to view larger imageGail Cook, CEO of Widget FCU, says she overheard a branch manager comment about a strange new account, words that would spark an investigation that would span more than a year and involved tens of millions of dollars in fraud. (CUNA Photo)
responsible for tens of millions of dollars worth of phony IRS refunds, opening a minimum of 3,000 fraudulent accounts and identity theft affecting as many as 20,000 consumers. 
Back in December 2012, Cook heard a branch manager remark that another online account based in Providence, R.I., had just been opened. Widget opens 300 to 400 online accounts per month, so while nothing seemed suspicious on the surface, Cook told her manager to mention it to the compliance department. 
A few days later, the vice president of branches said he got a call from a man who did not have an account, but had received account information and materials from Widget. 
"At this time, I started feeling a little nervous. Most of our accounts are based in Erie and the surrounding areas," Cook said. "So I quietly went to our IT department and asked them to do a search of all accounts opened through online channels that didn't seem to have any connection to Pennsylvania. And they got back to me a few days later with eight accounts, and said, 'You're not going to like what we found.'"
The eight accounts had been opened over an eight-month period from November 2011 to September 2012. Four were based in Inwood, N.Y., three based in Providence, R.I., and one based in Brooklyn, N.Y. Cursory examination into those accounts revealed some odd similarities.
All the accounts listed the account holder's occupation as some kind of technician. All the accounts from each town had similar phone numbers and street addresses. All used Yahoo e-mail accounts. And all of the accounts said they met Widget's field of membership requirement through a brother who lived in the Erie area. 
So Cook contacted a National Credit Union Administration examiner, who told her to contact the FBI. 
"When I called the FBI, I wanted all the documentation I could get my hands on, anything we had on file from these accounts to give to the FBI," Cook said. "And that's when we started seeing the real red flags."
Those red flags included:
  • All listed their monthly income in account documents as being between $40,000 and $80,000 per month;
  • The driver's licenses of all the accounts from each state had the same height, weight and eye color listed, and the signatures were all the same. All the photos were slightly fuzzy, and the subjects were dressed similarly;
  • All account holders had used utility bills to provide proof of address, and all bills were from the same amount and had the same handwriting. A call to the utility companies revealed no such accounts;
  • All the accounts were accessed within minutes of each other from the same IP addresses; and
  • All account activity involved ATM transactions in public places and the sending and receipt of postal money orders. 
After giving the information to the FBI, Special Agent Michael Thoreson brought a few IRS special agents to speak to Cook, and then she didn't hear anything. 
Until she got a call earlier this year. 
"In April of this year, Agent Thoreson called me and went on and on and on thanking us for the work we had done. He said they had uncovered the largest fraud conspiracy of its kind to date," Cook said.
"It kind of blew us away when he called. We had called them and given them our information, and then we get this phone call. He just went on and on about how this information we gave him allowed them to crack the case."
See Friday's News Now for Part Two of the story, including how the case was cracked, and what credit unions can learn from Widget FCU. ReadMore

Other Resources

Hispanic programs tied to loan growth: CUNA/Coopera study

CU System

MADISON, Wis. (10/30/14)--Credit unions with Hispanic outreach programs saw significant increases in loan growth within just three years of implementation, according to a just-released study by the Credit Union National Association and Coopera.
Results of the CUNA/Coopera National Hispanic ROI study were discussed during a Wednesday webinar where it was revealed that credit unions experienced a 3.51% increase in loan growth from the year of implementation to three years after, coming in at a rate of 8.62%.
Three years prior to implementing a Hispanic-focused program, credit unions reported an average membership gain of 2.07% compared with an average of 5.09% three years after the program's launch.
The study of 86 credit unions analyzed the effects of a Hispanic outreach program on operating performance and balance sheet growth. It scoped a time frame of three years prior to launch, year of implementation and three years post-launch for credit unions that had programs between 2000 and 2013.
During the webinar, Coopera CEO Miriam De Dios said credit unions that want to implement or enhance a Hispanic outreach program need to do three things:

CUNA and Coopera also will be releasing a white paper on the study's results.

  • Determine your credit union's readiness. "Understand your credit union's readiness to serve a new market," she said, adding that surveyed credit unions made the program part of their strategic plans;
  • Build the right organizational mindset. A "culture of embracement" is often the most important part, De Dios said. "It helps to have a champion from an executive or board standpoint;" and
  • Adapt to the market. Don't force the market to adapt to you, she said. Credit unions should look at the "great things" they do today, then target the message and appeal to meet the market needs.

Other Resources

Reimagined branches shift to member, not CU, needs: Council white paper

CU System
MADISON, Wis. (10/30/14)--Two CUNA councils have teamed up to help redefine what, exactly, a credit union branch needs to be these days.

In a paper called "Re-Imagining the Branch: Optimizing your Brick-and Mortar for Sales, Services and Branding Strategies," CUNA's Operations, Sales and Service Council and the Marketing and Business Development Council dig into trends in the evolution of the branch.

What they found is that it's becoming more common than ever to encounter branch facilities that are designed with members' needs in mind first.

"Historically, branches were developed from the credit union's perspective, with the credit union considering ease of operations, efficiencies, security and things like that before anything else," said Raja Bose, vice president of branch transformation and advisory services for Diebold, a CUNA Strategic Services alliance provider.

 "Now, more enlightened credit unions are starting by looking at things from the perspective of their members, which is key because doing so changes the resulting branch experience and makes it more intuitive and even enjoyable," Bose said.

Despite the migration by members from the physical branch to the convenient mobile channel, Bose says it's still vital that credit unions maximize their branches, as he says 75% or more of all new financial relationships begin at the branch.

"While branches are expensive and are becoming increasingly less relevant to customers and members, they're still where banks and credit unions get most of their sales," Bose said. "That's still where most accounts are opened."

That's why reimagining the credit union is a must, the paper argues.

The paper details several examples of how several credit unions are doing just that:
  • Replacing the teller line with remote teller systems: Coastal FCU, Raleigh, N.C., with $2.3 billion in assets, has made the transition to personal teller machines (PTMs), and the move has cut costs for the credit union while also improving the member experience. "Instead of having a branch with 10 people--half or more of which were tellers--we've now got PTMs plus three or four of what we call account managers, or relationship managers, who open accounts and make loans;"
  • A less-transactional and more-social branch experience: Element FCU, Charleston, W.Va., with $23 million in assets, built cafes in its branches to make them feel more casual and inviting. In addition to creating a space for members to have coffee or tea, the cafes provide places for credit union staffers to sit with members when closing a loan or having some other kind of financial conversation; and
  • Ditching the bank brand for a retail feel: Trailhead CU, Portland, Ore., with $96 million in assets, has designed its branches in several retail-feeling ways. At one branch, the front of the store is a glass garage door that is kept open when weather permits. The idea is to create an "anti-corporate, casual relaxed and authentic" motif that looks and feels more like a coffee shop than a financial institution. The result? The average age of the members who use that branch location is 33.
CUNA Council members are eligible to receive free copies of the white paper, which can be found at ReadMore

Other Resources

NCUA's Graham shares BSA compliance tips, common violations

LAS VEGAS (10/30/14)--An adequate Bank Secrecy Act (BSA) compliance program makes life easier for everybody--for credit unions, their staff, their members and the National Credit Union Administration, said the agency's Judy Graham.
Click to view larger imageJudy Graham, left, a program officer in the NCUA's Office of Examination and Insurance who comes each year to answer compliance questions from the audience at the CUNA Bank Secrecy Act Conference, talks to credit union representatives about some of the complexities involved. (CUNA Photo)
Speaking at the Credit Union National Association BSA Conference Wednesday, Graham, a program officer in the NCUA's Office of Examination and Insurance, gave an update about what the agency expects to see from credit union BSA programs.

The annual conference is co-sponsored by the National Association of State Credit Union Supervisors.
The NCUA is required by law to conduct a review of the BSA compliance program at each examination of a federally insured credit union. 
Part 748 of the agency's rules and regulations describes the requirements of such a program, which must:
  • Establish a system of internal controls;
  • Provide for independent testing;
  • Designate a BSA compliance officer who will monitor day-to-day compliance;
  • Establish a customer identification program; and
  • Establish a BSA training program for appropriate employees and volunteers.
According to Graham, the regulation itself requires credit unions to provide training, but does not set a specific time frame for how often it should be conducted. 
"The general rule of thumb is every 12 to 18 months, but that depends on your risk profile, your products, your services," she said.
"Some of the larger credit unions that may be taking on higher-risk products and services might be doing periodic or ongoing training on a quarterly basis. Some of our smaller, lower-risk institutions without a lot of products and services might consider a year, up to 18 months." But, Graham warned her audience, "Our examiners aren't going to let anyone go on much longer than that."
The cornerstone of internal controls for a credit union is customer due diligence. 
"Customer due diligence is part of the foundation of your BSA compliance program. If you don't do your customer due diligence when you open accounts and ongoing customer due diligence, how can you adequately monitor those accounts for suspicious activities?" Graham said.
She emphasized, "If you don't know what the norm is for the account, how can you tell when something suspicious is happening?"
So what are credit unions doing wrong? According to the NCUA, the most common violations found during examinations involve:
  • Training that is not recent, not documented, does not cover credit union policies and procedures and does not include the institution's board of directors;
  • Failure to check the Financial Crimes Enforcement Network's 314(a) lists, which are generally sent every other Tuesday to inform financial institutions of consumers who are the subject of current investigations;
  • Independent testing that does not cover all credit union operations, has not been done within the last 12 to 18 months or is not fully independent; and
  • Internal controls failures such as an out-of-date risk assessment or a suspicious activity monitoring system that is inadequate.
"This all might sound pretty heavy, and pretty onerous for a credit union, but a lot of the information you're gathering is not just for BSA compliance, it's going to help you with other day-to-day operations, such as making sure you have current phone numbers and other contact information," Graham said. "This will help you out in those other areas."
Graham also recommended several "enhanced due diligence" strategies, including recording the purpose of an account and the source of a member's funds; tracking beneficial owners signatories of guarantors; noting the proximity of a member's residence, place of employment or business to the credit union; and keeping on file a description of a member's business operations, anticipated volume and activity.

Graham is a regular speaker, bringing the NCUA and examiners' perspective each year to the BSA Conference, which draws hundreds of credit union representatives. This year's conference ended Wednesday. ReadMore

Other Resources

CU builds new branch to serve Okla. 'boomers'

CU System
DUNCAN, Okla. (10/30/14)--Combine a burgeoning population, remote access and no credit union presence, and you have a situation ripe for a new credit union branch.
That's what Halliburton Employees' FCU, Duncan, Okla., did when it opened its newest branch in western Oklahoma Monday.
The Elk City branch is the only credit union in Beckham County--population 22,000--said Jackie Haines, marketing and business development associate at the $144 million-asset credit union.
The nearest credit union is nearly an hour's drive south, and Halliburton Employees' own main branch is 2 1/2 hours away, Haines told News Now.
Elk City, which is home to a major natural gas reserve as well as historic Route 66, has been named one of the fastest-growing cities in the United States. With 7.7% population growth, it has outpaced Oklahoma's population growth rate of 2.6% between 2010 and 2013.
The idea of being a credit union pioneer in Beckham County is appealing to Haines. "Nobody knows what a credit union is," she said. "I want them to know credit unions truly care about people."
She also wants them to learn about the lower loan rates that credit unions can offer. The credit union is currently running an auto-loan refinancing program that has a rate 1.25% lower than local banks.
And in its first day, the credit union had two online applications for refis and opened 15 unique accounts in a community that previously didn't know what a credit union was, Haines said. ReadMore

Other Resources

RSS print
News Now LiveWire
Of $1.3B in payments through mobile devices, 90% occurred at @Starbucks stores
8 hours ago
.@LoveBethpage 1st to launch mobile debit/credit card control from @COOPFS
9 hours ago
A booming W Okla county gets its first #creditunion @TheHEFCU See #NewsNow
12 hours ago
Mortgage interest rates continue slide in September @FHFA
14 hours ago
Reimagined branches shift to member, not #creditunion, needs: @cunacouncils white paper
15 hours ago