Audit Link Focus Group

November 5, 2010

Revised on November 5, 2010

Agenda

• Introduction and Formalities

• What Audit Link Does vs. What CU Does

• Wrap-up of 2010

– Findings, business status, etc.

• Plans for 2011

– Jim’s Dirty Dozen

– Compliance Outlook

• Audit Link Advisor Site

Joe Spenski – Audit Link Associate

• Bachelor’s Degree in Business Management

• 1 year Credit Union experience

• 1.5 years experience with CU*Base and Client Services

• Great attention to detail

• Strong desire to become current with all compliance issues

• Ext. 253 or Jspenski@xtendcu.com

Andrew VanDerSchaaf– Audit Link Associate

• Bachelor’s Degree in Accounting

– 9 Credit Hours in Forensic Accounting

• 4 Months Experience as a Bookkeeping Specialist

• 6 Months Experience as an Audit Link Associate

• Ext. 211 or Avanderschaaf@xtendcu.com

BSA

• What We Do…

• Review transactions and affiliated accounts

• Verify audit trackers

• What You Do….

• Add to audit trackers

• Submit SAR’s to Audit Link for review

• Flag and monitor High Risk accounts

• BSA/SAR Reports

Dormant Accounts

• Work dormant accounts on a regular basis, otherwise the Activity on Dormant Accounts report is inaccurate

• Do not delete accts from dormancy monitoring due to fees

• ACH postings are considered activity

Goals for Dormancy

• Survey your members

• Mitigate Risk

• Send no money to the State

File Maintenance

• Verify Changes

• Expect Impropriety

• New field changes

– PAYFRQ (Payment frequency)

– PAYMNT (Payment changes)

– DQCNTR (Delinquency control)

• - HBPIN (Home Banking Pin Disabled)

Teller Reversals

• What we are looking for

– Impropriety

– Coaching

– Possibly procedural changes

• What you should be doing

– Pulling receipts

Employee Audit

• What are we looking for

– Unusual transactions outside the norm

– Delinquency and negative balances

– File maintenance

– Transactions on own accounts

• What should you be doing

– Review highlighted accounts

– Annual and ongoing notifications to audit team of new accounts

Wire Transfer

• What we are looking for

– Complete address information

– Any large wires out of the norm

• What you should be doing

– Filling in missing data if needed

OFAC

• Follow Through on New Matches

• Real time and Batch scans are now exactly the same

• Will be updating OFAC scans to scan against Date of Birth

– Reduces suspect matches

Stale Dated Checks

• What we do

– List all stale dated checks

• What you should be doing

– Review all those listed on Run Sheet

Questions

Sample High-Risk Checking Accts

Sample High-Risk Transactions

Findings from daily Audit work• Washington (State)

– Money Store

• $90,400.00 deposits (Oct 2010)

• $76,200.00 Withdrawals (Oct 2010)

• Missouri

– Money Store

• $300,000.00 Deposits (Oct 2010)

• $302,018.00 Withdrawals (Oct 2010)

Findings from daily Audit work• BSA: 12,424

• Dormancy: 5,301

• Reversals: 8,289

• Wires: 1,022

• Employee Accts Reviewed: 4,222

• OFAC Scans Run: 434

• Stale Dated Checks: 449

• Reg D Transactions: 510

Software Developments

• Credit Card Act Statement Updates – Release 9.7, 10.0

• Wrong Address Flag Turns off Automatically – Release 10.0

• Reg. D Counter Warning for Phone Transfers – Release 10.0

• OFAC Changes – Release 10.0

• Reg. E Opt In/Opt Out – Release 10.1

• Reg. DD Disclosures on Statements – Release 10.1

Software Developments

• Reg. Z Statement Change – Release 10.2

• Enhancements to MFOEL – Release 10.2

• Reg. E Opt In/Opt Out Posting Program – July 7, 2010

• Opt In/Opt Out Notices – Release 10.3

• OFAC Enhancements – Release 10.3

Business Status

• 33 upfront contacts completed

– 21 on daily monitoring

• 4 additional clients reviewing contracts

• 8 additional credit unions expressed

interest

Findings of First Contacts

• Reg. Z

– Credit card disclosure

– Regulation Z - Farleigh Wada Witt

• Reg. DD

– Transaction descriptions for Federally chartered Credit unions

• Dormancy

• Employee security & segregation of duties

• Reg. CC disclosures

Audit Link in 2011

• Suspicious Activity Monitoring for 2011– Vilker’s Dirty Dozen

• Compliance Outlook for 2011

• New services from Audit Link

Vilker’s Dirty Dozen

• Excessive Abnormal Activity– ACH– Pay-Pal– Large withdrawals

w/corresponding deposits• Identity Theft

– Ex. Line of Credit loans/Visa

Vilker’s Dirty Dozen

• Check Kitting– Traditional check kitting– Excessive use of online banking

• OFAC scans: Corporate Drafts & A/P Vendor Names– Scan against SDN list

Vilker’s Dirty Dozen

• Detecting debit/credit card fraud– Compromised cards

• BSA – ATM Activity– All deposits/withdrawals made at

ATM

Vilker’s Dirty Dozen

• BSA – Joint Owner– Transactions involving multiple

accounts

• BSA – Layering – LOCs, wires, gift cards, or cash

Vilker’s Dirty Dozen

• Accounts with wrong address– Transactions on flagged accounts

• Critical field Monitoring– 15 critical fields

Vilker’s Dirty Dozen

• New Notice Events: Compliance Related– Dormant notices

• FinCen– Visually compare FinCen report

2011 Compliance Outlook

• Dodd – Frank• Privacy

– Model Privacy Notice from the FDIC

• RESPA• SAFE Act• FACT Act

Compliance Outlook Article

New Services from Audit Link

• BSA Audits

• Ad hoc

• ACH Audits

• Audit Link Lite

• Tune Up

• Concentration Risk

Audit Link on the Web

• Audit Link Advisor site

– http://Advisor.cuanswers.com/

Audit Link on the Web

• The addition of three new categories

– Best Practices

– Policy Sharing

– Regulation Interpretation

• New core compliance group

http://Advisor.cuanswers.com/