Preventing fraud and taking charge of risk management is mission critical for credit unions, but luckily, they don't have to go it alone.
Currently, federal regulators are attempting to clamp down on the fraud prevention holes in financial institution infrastructures. On March 30, the Federal Financial Institutions Examination Council released statements about ways financial institutions can identify and mitigate cyberattacks that compromise user credentials or use destructive software. In addition, the FFIEC provided information on what institutions can do to prepare for and respond to these threats.
In December, the FFIEC released updated guidance on Bank Secrecy Act compliance and money-laundering risks. Then, on Feb. 6, the council added a 16-page appendix to its Business Continuity Planning Booklet, "Strengthening the Resilience of Outsourced Technology Services," which mentions key cybersecurity risks such as distributed denial-of-service attacks, and notes the necessity for greater due diligence of third parties and infrastructural interdependencies.
Complying with these requirements will no doubt be time-consuming and expensive for institutions of all sizes, but they can mitigate the costs associated with compliance and security by looking to their core vendors, experts say.
"Credit unions that outsource their core systems benefit from the provider's security resources and scalable security infrastructure investment," Mike Urban, director of financial crime risk management solutions at the Brookfield, Wis.-based Fiserv, said. "This is a key benefit for credit unions that may not have the resources or technical know-how to develop and maintain a robust security infrastructure. Credit unions that choose in-house deployments need to make appropriate security investments and ensure ancillary systems will integrate with the core to provide a single view of risk."
The FFIEC's recommendations in its new guidance include ensuring Bank Secrecy Act/Anti-Money Laundering staff is involved with all new product deployments as well as the review or termination of customer relationships. The FFIEC also said it expects financial institutions to take reasonable and prudent steps to combat money laundering and terrorist financing, and to minimize their vulnerability to risks associated with such activities.
Regulators are also pushing for more monitoring of ACH transactions, Urban explained, because criminals know that a small institution's resistance may not be as sophisticated as a larger financial institution's.
"Credit unions need a consolidated view of their financial crime risks," Urban said. "This view should span monitoring members, transactions and behavior to identify money laundering activity and fraudulent behavior. Core providers are in a unique position to tie together all of the information, which enables a consolidated risk view and the connectivity to interdict transactions before they go out the door."
Fiserv, for example, offers a Financial Crime Risk Management platform with solutions to protect against check and payment fraud, and customer and AML risks.
Risk monitoring isn't just an IT issue – credit union boards also share responsibility. In a March speech before the Institute of International Bankers, Comptroller of the Currency Thomas J. Curry held that senior executives are accountable for BSA compliance.
"When we look at the issues underlying BSA infractions, they can almost always be traced back to decisions and actions of the institution's board and senior management," Curry said. "They involve the culture of compliance within an organization, the resources committed to BSA compliance, the strength of the organization's information technology and monitoring process, and the quality of risk management."
With the NCUA and the FFIEC closely scrutinizing vendor management as well, credit unions face pressure to tighten their project management and installation requirements. The Monett, Mo.-based Jack Henry & Associates' Symitar® division introduced a consultancy, SymAdvisor, which provides on-site consultants to help credit union managers develop strategies for effectively utilizing their systems and integrating third-party vendor products.
The $3 billion Wright-Patt Credit Union in Beavercreek, Ohio used SymAdvisor to gain an outside perspective on how its business and IT units can further maximize efficiencies with its Episys® platform. Aaron Vaubel, one of the credit union's IT managers, said in a press release, "The SymAdvisor process gave us a new view of how to better leverage the technology we already have, and fresh ideas for changing key operating procedures."
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
