The policy outlines what a data breach event is and defines consumer-level ACH data as including a bank account number or a customer's name together with their Social Security number. The ODFI is responsible for ensuring the protection of the data and that it and its third-party providers implement commercially reasonable policies, procedures and systems to detect the occurrence of a data breach within their respective organizations.

If a breach is detected, the ODFI is expected to "immediately commence and diligently pursue" an investigation. This pursuit should aim to determine (i) if a data breach has actually occurred, (ii) the scope of the data breach, including the type and amount of data affected, (iii) the risk that the affected data will be misused, and (iv) what steps are necessary to prevent further unauthorized access to Consumer-Level ACH Data, NACHA said. While the ODFI is required to report various aspects to NACHA, such as the cause and scope of the breach, NACHA may withhold the names of the organizations involved in the breach at the request of the ODFI.

SBA Designates Travis CU As Preferred Lender

VACAVILLE, Calif. — Travis Credit Union has earned the Small Business Administration's Preferred Lender status.

The $1.7 billion credit union will now be able to process SBA loans much faster including a one-day turnaround on applications. According to SBA, financial institutions must show a proficiency in processing and servicing SBA-guaranteed loans in order to earn the Preferred Lender status.

Dave Purcell, vice president of business services and real estate lending at Travis CU, said the new designation will go a long way in improving service to business members.

Travis CU rolled out its business lending program in October 2004.

Organizers Releasing Pandemic Exercise Results Oct. 24

NEW YORK — The organizations hosting the financial sector Pandemic Flu Exercise have called a press conference to discuss the results Oct. 24.

The Securities Industry and Financial Management Association, the Financial Services Sector Coordinating Council for Critical Infrastructure Protection and Homeland Security (FSSCC) and the Financial and Banking Information Infrastructure Committee (FBIIC) have slated a press briefing to release the results of the exercise. SIFMA Vice President of Business Continuity Howard Sprow, FSCC Chairman George S. Hender, and Treasury Director of the Office of Critical Infrastructure Protection and Compliance Policy Valerie Abend will speak at the press event in New York City. Oct. 12 was the last scheduled day of the virtual pandemic outbreak exercise.

Nearly 3,000 financial services providers participated in the program, including hundreds of credit unions. CUNA and NAFCU are FSSCC members.

Director Freis Unveils SAR Filing Guidance at MSB Conference

WASHINGTON — During a speech at the recent Money Transmitter Regulators Association Annual Conference, Financial Crimes Enforcement Network Director James Freis announced a new reference tool for common errors on Suspicious Activity Report filings.

The guidance, Suggestions for Addressing Common Errors Noted in Suspicious Activity Reporting, is the compilation of information the agency derived from an analysis of Money Services Business SARs but thought would be helpful to all filers. It provides tips for avoiding common mistakes and suggestions for establishing more efficient and effective anti-money laundering programs.

"The data derived from analyzing SARs is only as good as the information submitted in the actual SAR form. FinCEN is not proposing any new requirements, we are just trying to ensure, through continual outreach and education, that compliance officials accurately report the information that they already possess. We are committed to offering feedback and useful advice to help our partners protect the financial system from abuse," Freis said.

FinCEN has begun providing SAR filers with more information on how accurate filings can be useful to law enforcement and regulatory authorities to detect and disrupt potentially illegal activities such as money laundering and terrorist financing. Several banks have received million-dollar fines for inadequate Bank Secrecy Act programs, which the filings fall under. A couple of credit unions have been slapped with administrative orders but no fines in the last few years.

The reference material is available at www.fincen.gov.

NCUA Bans Four from Insured Financial Institution Involvement

ALEXANDRIA, Va. — NCUA recently announced that it had issued four prohibition orders, including one against former Nor-Car Federal Credit Union President/CEO Michael J. Symons.

Symons previously pleaded guilty to one count of credit union fraud and one count of filing false tax returns. He was arrested in January channeling money from the credit union into his own companies. He was ordered to pay restitution of more than $1.8 million to NCUA. This situation and a separate $1.5 million fraud by Betty Jean Barachie led to the credit union's closing in 2004.

NCUA also issued a prohibition order for Cindy Diana Hastie, a former employee at State Employees Credit Union in Jacksonville, Fla., who pleaded guilty to embezzlement and was sentenced to 21 months in prison, 5 years of supervised release and ordered to pay $212,143 in restitution to the credit union.

Former Aegis Credit Union Teller Alisa Marie Ryan also pleaded guilty to forgery and theft and was sentenced to 5 years in prison and ordered to pay $15,240 in restitution, which was suspended. She is serving 5 years of supervised release.

Finally, to avoid the time and expense of litigation and without admitting or denying fault, former Florida Health Systems Federal Credit Union CEO David A. Call agreed to a prohibition order from NCUA.

These individuals are barred from participating in the affairs of any federally insured financial institution. Violation of a prohibition order is a felony offense punishable by imprisonment and a fine of up to $1 million.

NCUA enforcement orders are online at http://www.ncua.gov/administrative_orders/Admin/administrative.html, and may be inspected at NCUA's Office of General Counsel at its Alexandria, Va. headquarters.

NCUA Brings Management Interlocks Rule in Line With Reg Relief

ALEXANDRIA, Va. — In the Oct. 15 edition of the Federal Register, NCUA announced that it approved a final rule regarding management interlocks.

The technical update increased the asset threshold that to determine whether an executive can serve two institutions at the same time from $20 million to $50 million. The rule reflects a change made in the Financial Services Regulatory Relief Act.

The rule was effective upon publication; the Administrative Procedures Act allows agencies to forego a notice and comment period if a rule change is technical in nature.

NAFCU Launches Blog to Aid CU Compliance

ARLINGTON, Va. — He does not have super powers but NAFCU Director of Compliance Anthony Demangone is the group's "Compliance Guy."

NAFCU unveiled its new compliance blog Oct. 16 offering useful regulatory and compliance information. For example, the launch day tip was the Google U.S. Government Search, which only searches federal, state, and local government sites, filtering out much of the unwanted items found on regular Google searches.

The blog is the latest in NAFCU's compliance arsenal that features compliance assistance service, Regulatory Compliance Newsletter, BSA Blast, and "The Book of Answers."

Trades Commend Voluntary Nature of Proposed Subprime Illustrations; Clarification On ARMs Needed

WASHINGTON — CUNA and NAFCU supported the voluntary nature of the recently proposed Illustrations of Consumer Information for Subprime Mortgage Lending but urged agencies to steer clear from equating subprime with adjustable rate mortgages.
"CUNA urges the National Credit Union Administration (NCUA) and the financial institution regulators to continue to emphasize that these disclosures are voluntary, and this should also be clearly communicated to the examiners who will be reviewing each institution's compliance with the subprime loan guidance," CUNA Senior Assistant General Counsel Jeff Bloch wrote.
Both credit union trades also pointed out that the proposed illustrations appear to imply that all ARMs are subprime. NAFCU Senior Vice President of Government Affairs Dan Berger suggested, "The Proposed Illustrations, while helpful, should be clarified so that both the industry and borrowers do not make an automatic connection between all ARM products and subprime lending. To promote understanding of the products and practices in question, we recommend two actions: 1) that the Agencies change the Federal Register title to Illustrations of Consumer Information for Adjustable Rate Mortgages; and 2) that the agencies clarify that not all ARM products are sub-prime"
In addition, CUNA suggested consumer testing, a recent regulatory trend, of the proposed illustrations as well as real-life examples.
Specifically on the illustrations, CUNA said the narrative provided a better approach but the chart form in Illustration 2 could be improved in it clarified the interest rate applied to each payment in an ARM.
NAFCU expressed concern that the narrative could discourage consumers from ARMs even if they would be the best option for them. Berger added that the illustrations should eliminate the mention of prepayment penalties, which credit unions are statutorily barred from applying, to avoid confusion.

NCUA Alerts CUs to DoD Rule Effective Date

ALEXANDRIA, Va. — NCUA posted a Regulatory Alert to its Web site on Oct. 9, alerting credit unions to the fact that the Department of Defense's (DoD) recent final rule to curb predatory lending practices to the military went into effect Oct. 1.
The rule establishes a 36% Military APR with the aim of keeping predatory payday loans, car title loans, and tax refund anticipation loans out of the hands of the generally young, financially na??ve servicemembers and their families. The DoD rule also prohibits loan terms such as mandatory arbitration or prepayment penalties.
NCUA wrote in the alert, "Creditors offering any covered transactions are subject to criminal and civil penalties if they violate the rule. Moreover, consumer credit contracts that are not in compliance with the rule will be deemed void from inception." DoD developed the new rule as required by the John Warner National Defense Authorization Act for Fiscal Year 2007.