Download - We Care buiding best practices
CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited © CUNA Mutual Group
CUP-CARE4CUS-0912
Building Best Practices
We Care for Credit Unions Workshop
2
Agenda Items
• Internal Controls
• Record Keeping
• Robbery
• Fraudulent Deposit and Forgery or Alterations
3
Internal Controls
4
Internal Controls Overview
• Establish safety and soundness
• Protect assets in order to produce reliable financial statements and comply with the laws
• Follow Best Practices
5
Internal Controls - Overview
Areas of Internal Threat
• Check deposits/cash• Loans• Employee/family member accounts• Dormant/closed accounts• Reconciliation of accounts• GL accounts • Expenses
6
Internal Controls
Assets that need to be secured:• Cash• Deposits• Checks, on-us and off-us • Raffle tickets/amusement park tickets
Types of security:• Safe/Vaults • Keys/Combinations• Storing of keys - after hours - employee take them home• Spare key - additional employee or volunteer • Dual Control over the safe/vault
7
Internal Controls
Night Depository/Drop Box Considerations:
• Key or combination box or safe– Fish and trap resistant
• Dual Control when opening the box and deposits• Logging/recording all deposits/payments
8
Internal Controls
Mitigation Techniques:
• Daily balancing• Accountability• Establish policies and procedures• Surprise cash counts• Dual Controls over cash and night deposit• Audit all cash
– Including raffle tickets/amusement park tickets/deposits
9
Internal Controls
Loans - Credit Union’s Largest Asset
Mitigation Techniques:• Fictitious/unauthorized loans
– Select sample loans from each loan officer– Test legitimacy of loan - call or mail member
• Look for paid ahead loans• Watch for high amount of interest due but loan is current• Original loan amount is similar to current loan amount• Report Reviews• Segregation of loan duties• Loan approval is not exceeded as stated in loan policy
10
Internal Controls
Employee and Family Member Accounts
The account review should confirm the following:
• Employees are not performing transactions– on their own accounts– family member accounts– individuals living at the same address as employees
• Loan payments are made in the proper amount and frequency• Collateral requirements are met and documentation available• Perform a review of override reports and file maintenance reports
11
Internal Controls - Financial
Reconciliation of Accounts/Cash Letter Deposits
Reconciliation can be used to conceal a shortage and cash letter deposits can be manipulated.
Mitigation techniques:
• Review bank reconciliation to ensure deposits are posted on the next months statement timely • Watch for returned items - this may be a sign of kiting• Are additions and subtractions being resolved in a timely manner• Separation of duties of reconciling accounts and cash letter
12
Internal Controls
Dormant/Closed Accounts
Frequently used to perform unauthorized transactions
Mitigation Techniques:
• Establish procedures to verify transactions• Review Dormant/Closed account reports• Contact member to confirm transaction if something appears
suspicious
13
Supervisory Committee Role
Main Role and Objectives:
• Meet financial reporting objectives• Safeguard member’s assets
How to meet these objectives:
• Establish and enforce internal controls• Financial records are reported accurately and promptly• Establish internal audits• Establish and enforce policies that safeguard member’s
assets from errors, fraud or conflicts of interest
14
Supervisory Committee Role
Duties include:
• Establish and enforce policies• Review of nonfinancial Transaction Reports• Require segregation of duties• Surprise cash counts• Audit employee and family member transactions• Confirmation of member loans• Review and oversight of expenses
15
Internal Controls
Questions?
16
Robbery
17
Robbery
• Can not be stopped• But can be deterred• Employee safety is top priority
18
Robbery
Main objectives of robbery procedures should:
• Prevent harm to members and employees by establishing sound practices to follow before, during, and after a robbery
• To get the robbers out of the financial institution as quickly as possible without causing panic, and with minimal cash losses
• To assist law enforcement in identification of the robbers
19
Robbery - Before
Opening Procedures• External and internal inspections of the credit union
location to identify any irregularities that may exist, and could signal possible danger.
• All windows and doors should be inspected from the outside for evidence of tampering before entering.
• If evidence is found, entry should not be made. Go to nearest phone while keeping credit union in sight (if possible) and contact the authorities. – Do not make any phone calls from the credit union parking lot, or
near entry doors
20
Robbery - Before
Opening Procedures - Continued
• After outside inspection is completed and all entry ways examined, enter the credit union. Make sure all doors are locked immediately upon entering.
• After the interior of credit union has been searched and nothing unusual found, the alarm should be disabled. – In the event the employee is forced to open, or encounters a threat
once inside the branch, the alarm pad should be equipped with an ambush/distress code
21
Robbery - Before
Opening Procedures - Continued
• Then consider the use of one or two types of an “All Clear Signal”
– Visual - Allows other employees or designated individual who arrive after first employee to know that the employee has entered safely, and the branch is safe to enter.
– Verbal - Allows an employee or designated individual to call, or be called by the employee opening the branch to let them know they have entered safely, and the branch is safe to enter.
22
Robbery - Before
Opening Procedures - Continued
• Other employees or designated individuals should know and look for these signals prior to entering the building.
– If signal is not displayed, or verbal cue not made, the other employees or designated individual should go to nearest safe phone and call the office or law enforcement. This should be an agreed upon practice prior to opening each morning.
23
Robbery - Before
Teller/Work Areas
• Keep neat and clear• No potential weapons• Secure cash deliveries and deposits• Only count cash out of view• Mindful of wearing expensive jewelry • Keep cell phones or other personal technology devices off
workstations
24
Robbery - Before
Awareness is Essential
• Be alert and report any suspicious individuals• Greet all strangers• Request removal of dark glasses and hats• Consider requesting members not use cell phones
25
Robbery - Before
Confidentiality
• Never discuss work procedures– Opening Procedures – Cash on hand– Cash delivery schedules or procedures– Security equipment– Employee scheduling
Refrain from posting updates to social media while working alone.
26
Robbery - During
Remain calm - don’t be a hero
• Follow instructions exactly, nothing more, nothing less• No sudden moves• Explain every move you make• Avoid eye contact
27
Robbery - During
Be observant - very important to be a good witness
• Height and weight• Eye and hair color• Clothing, build, accent• Right or left handed• Type of weapon
28
Robbery - During
• Include the bait money–Should be easily incorporated with regular teller cash
• Activate the alarm–When to activate should be discussed prior to robbery
occurring
29
Robbery - After
• Lock all perimeter doors• Contact Law Enforcement• Note the direction and means of escape• Secure any remaining currency• Safeguard any evidence for the police• Ask any members to remain inside the credit union
• Do not attempt to follow the robber
30
Robbery - After
• Address the needs of employees and members• Provide water
–Do not give caffeine or alcohol• Do not leave unattended
–Call family–Escort home
• Provide victim assistance information
31
Robbery
Questions?
32
Records Management
33
Records Management
• Assess
• Collect
• Store
34
Assess
Types of documents collected
• Loan applications• Deposit slips• Check deposit• Loan payments• Membership / signature cards
35
Collect
• Determine which documents to keep• Retention of documents - have a tickler file• Proper disposal of confidential documents• Disclosure of nonpublic personal information
36
Store
• Safeguarding important / confidential documents• Clean desk policy• Locking storage files• Essential documents needed in case of disaster• Type of storage container - Fire resistant safes / filing cabinets
37
Records Management
Questions?
38
Fraudulent Deposit and Forgery
39
Fraudulent Deposit and Forgery
Reasons check fraudis still problem:
• Availability of high-quality / low cost technology• Increased access to consumer information• Effects of Federal Reserve Regulation CC (Reg CC)• More organized and sophisticated crime groups• Increased focus on member service• Employee turnover
40
Fraudulent Deposit and Forgery
Forms of Check Fraud
• Counterfeit checks• Forged checks
– Drawer signatures– Endorsements
• Altered checks
41
Fraudulent Deposit and Forgery
Counterfeit ChecksCounterfeit Checks and Technology
• Check printing software• Scanners and color copy machines• Historically, business checks have been the most
common form of counterfeit• Today’s problem is counterfeit cashier’s checks
42
Personal check MICR line:• Routing number of paying institution• Account number• Check number
Business check MICR line:• Check number• Routing number of paying institution• Account number
The Basics – Personal vs. Business Checks
Fraudulent Deposit and Forgery
43
Routing Number Basics• Nine digit number between colon brackets in the Magnetic
Ink Character Recognition (MICR) line– Identifies the paying financial institution
Fraudulent Deposit and Forgery
44
Telltale Signs of Counterfeit Checks
• Location of paying financial institution does not correspond to the Federal Reserve District for that institution
• Lack of or incorrect fractional routing number– Fractional routing number in upper right hand corner of check– Bears a direct relationship with routing number in MICR line
Fraudulent Deposit and Forgery
45
Fraudulent Deposit and Forgery
Fractional routing number: xx-yyyy/zzzz• ‘xx’ in the numerator represents the city/region where the paying
financial institution is located.
• ‘yyyy’ in the numerator is the Institution Identifier and should match the 5th through 8th digits of the routing number in the MICR line.
• ‘zzzz’ in the denominator should match the first four digits of the routing number in the MICR line.
• Leading zeroes in the MICR line are dropped for the fractional routing number.
Telltale Signs of Counterfeit Checks - continued
46
• First two digits represent the Federal Reserve District where paying financial institution is located
Location
Fed District #
Banks CU’s & Thrifts
BostonNew YorkPhiladelphiaClevelandRichmondAtlantaChicagoSt. LouisMinneapolisKansas CityDallasSan Francisco
010203040506070809101112
212223242526272829303132
Federal Reserve District Map
Fraudulent Deposit and Forgery
Routing Number Basics
47
Telltale Signs of Counterfeit Checks
Fractional Routing Number: 70-5678/734• 70 = Region code• 5678 = 5th through 8th digits of routing number• 734 = First four digits of routing number• Leading 0’s are dropped for the fraction
Fraudulent Deposit and Forgery
48
Counterfeit Check Example
Check number in MICR line does not agree with check number in upper right hand cornerRouting number: :111000753:Fractional routing number: 32-76/1110The fractional routing number is incorrect. It should be 32-75/1110
MICR Line: 393177 = Check number; :111000753: = Routing number; Account number
Fraudulent Deposit and Forgery
49
Counterfeit Check Example
93-516 / 939
Routing # :092905168:Fractional Routing #: 93-516/939The fractional routing # is incorrect. The denominator should be 929
Fraudulent Deposit and Forgery
50
Telltale Signs of Counterfeit Checks
• Lack of perforations• Mistakes
– Misspelled preprinted words– Check number in MICR line does not match check number in upper
right hand corner– Missing or incorrect fractional routing number
• Color smudges• Glossy and slightly raised MICR line
Fraudulent Deposit and Forgery
51
Forged Checks – Drawer’s Signature
• Stolen blank checks
• Drawn on the credit union (e.g., member share drafts) or another financial institution
• Thief forges drawer’s signature
Fraudulent Deposit and Forgery
52
Altered Checks
• Unauthorized changes to check– Dollar amount– Payee
• Chemical alterations (check washing)– Wash dollar amount (courtesy and legal amount) and payee– Fill in the blanks
• Write-over’s• Add a second payee
Fraudulent Deposit and Forgery
53
Telltale Signs of Altered Checks
• Cloudy or bleached areas on the check
• Erasure marks• Different handwriting
styles• Inconsistent or irregular
printing• Payees / dollar amounts
don’t line up• Write over’s
Fraudulent Deposit and Forgery
54
Check Fraud - New Account Fraud
• Criminals often target credit unions with community charters
• Often involves identity theft– Fraudster joins credit union under someone else’s name and Social
Security Number– Account opened with fake ID
• Opened with good money• Negotiates fraudulent checks within 6 to 12 months of
account opening• May apply for a loan rather than pass fraudulent checks
Fraudulent Deposit and Forgery
55
Check Fraud - New Account Fraud Controls
• Verify eligibility• Verify identity
– Government issued photo ID and identity verification service– Be alert for counterfeit ID’s
• ChexSytems inquiry or evaluate creditworthiness to qualify new members for: – Checking accounts – ATM / debit cards– Shared branch access
Fraudulent Deposit and Forgery
56
Check Fraud New Account Fraud – Check Holds• Most fraudulent deposit schemes are perpetrated on new
accounts within the first 6 to 12 months• Focus check holds on newer accounts for the first 6
months or until account becomes established• Use holds up to the limits allowed by Reg CC including
extended holds during 1st 30 days• Use longer holds on deposits to savings accounts
– Subject to state law– Subject to Regulation D’s transfer limitations for savings accounts
Fraudulent Deposit and Forgery
57
Questions?
Fraudulent Deposit and Forgery
CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited © CUNA Mutual Group
CUP-CARE4CUS-0912
Thank YouCarlos Molina, Risk Management Consultant
Credit Union Protection Risk ManagementCUNA Mutual Group
[email protected], ext. 6655096
Holly Spiczenski, Risk Management AnalystCredit Union Protection Risk Management
CUNA Mutual [email protected]
800.356.2644, ext.6657561
59