CHICOPEE, Mass. - About once a year, the senior managers at Polish National Credit Union and their counterparts at credit unions and banks from across the Bay State get together for a little quality time with the folks in charge of making sure these financial institutions hew to the complex rules of regulatory compliance in these days of PATRIOT Act and OFAC attempts to thwart the financing of terrorism and other nefarious activities. The gatherings are called "fireside chats," a term hearkening back to the days when FDR chatted by radio with a nation at war. They're put on by COCC, the core processing provider to about 125 credit unions and banks through a service bureau setting that puts the client-owned company in charge of not only their clients' core business technology, but their IT security as well. "We don't have a full-time MIS department," says Jim Gardner, president/CEO of the $340 million community CU serving western Massachusetts. "Everything we do on that side is in service bureau relationships." Polish National's three locations have about 40 or 50 work stations. Service bureau functions at COCC, about 45 miles away in Avon, Conn., include core system upgrades to meet new regulations, automated software patching to PC stations, network intrusion monitoring and reporting, secure email services, Web site hosting and hot site and business recovery services. It also now includes OFAC/FinCEN scans and an automated anti-money laundering database through a partnership COCC has with a third-party expert in that process. "What our service bureau has done is totally automate the monitoring of lists for us," says Tony Ogonis, vice president of operations for the 30,000-member Polish National. "Files are downloaded and compared with our database, eliminating any type of manual inquiries we would have been doing, and when opening up new accounts on the Internet, they can do identity checks in real time." The relationship, which dates back to 1987 with the former Connecticut Online, also deals with compliance with the new rules of the game, and that's where the "fireside chats" come in. Once a year for the past three years, COCC has held the "fireside chats," gatherings at a neutral location with its clients, state regulators and representatives from the NCUA, FDIC, OTS and others. "In each of the `fireside chats' so far, we've had a minimum of 35 written questions submitted in advance and at least as many more from the floor on the day of the meeting," says Joseph Lockwood, COCC's chief technology officer. "The fireside chats are marked by strong attendance from our client institutions and by a strong spirit of give-and-take," Lockwood says. The sessions allow clients to ask questions about the rules and their application during regulatory examinations in a "low-stakes" setting, he says. "It also helps to reduce the natural tension between regulators and the regulated. After all, we are all trying to protect the money supply! Viewing regulators as partners in this effort is in everybody's interest," the COCC executive says. Of course, compliance issues are more than just an annual chat for credit unions dependent on their core technology provider for staying current. "They stay in contact with regulators throughout the year, and with other service bureaus, so they keep up with changes and we don't find ourselves out of compliance and paying the penalty," says Darlene White, Polish National's chief operating officer. "And, another thing I like is that they don't charge us for all this stuff separately. I've worked with other service bureaus and you usually pay separate fees for everything," she says. "With this, the only time we pay anything extra is for actual core processing enhancements, or going to OFAC for new data, things like that, and that cost is spread over a lot of users." Does that mean the credit union has given up some sense of control of its infrastructure's destiny, or that it might look like it's taking the easy way out in the eyes of regulators? Hardly. "From a regulatory perspective, information security is at the top of their list these days. And you get instant credibility with most regulators when they find out you have a well-regarded service bureau taking care of all this," says Gardner at Polish National. "And from my perspective as CEO, my job is to think globally and about our future strategically. Having a service bureau as such a strategic partner wrapping themselves around security issues takes care of things that would normally keep me up at night." -

[email protected]