we care buiding best practices

CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited © CUNA Mutual Group

CUP-CARE4CUS-0912

Building Best Practices

We Care for Credit Unions Workshop

2

Agenda Items

• Internal Controls

• Record Keeping

• Robbery

• Fraudulent Deposit and Forgery or Alterations

3

Internal Controls

4

Internal Controls Overview

• Establish safety and soundness

• Protect assets in order to produce reliable financial statements and comply with the laws

• Follow Best Practices

5

Internal Controls - Overview

Areas of Internal Threat

• Check deposits/cash• Loans• Employee/family member accounts• Dormant/closed accounts• Reconciliation of accounts• GL accounts • Expenses

6

Internal Controls

Assets that need to be secured:• Cash• Deposits• Checks, on-us and off-us • Raffle tickets/amusement park tickets

Types of security:• Safe/Vaults • Keys/Combinations• Storing of keys - after hours - employee take them home• Spare key - additional employee or volunteer • Dual Control over the safe/vault

7

Internal Controls

Night Depository/Drop Box Considerations:

• Key or combination box or safe– Fish and trap resistant

• Dual Control when opening the box and deposits• Logging/recording all deposits/payments

8

Internal Controls

Mitigation Techniques:

• Daily balancing• Accountability• Establish policies and procedures• Surprise cash counts• Dual Controls over cash and night deposit• Audit all cash

– Including raffle tickets/amusement park tickets/deposits

9

Internal Controls

Loans - Credit Union’s Largest Asset

Mitigation Techniques:• Fictitious/unauthorized loans

– Select sample loans from each loan officer– Test legitimacy of loan - call or mail member

• Look for paid ahead loans• Watch for high amount of interest due but loan is current• Original loan amount is similar to current loan amount• Report Reviews• Segregation of loan duties• Loan approval is not exceeded as stated in loan policy

10

Internal Controls

Employee and Family Member Accounts

The account review should confirm the following:

• Employees are not performing transactions– on their own accounts– family member accounts– individuals living at the same address as employees

• Loan payments are made in the proper amount and frequency• Collateral requirements are met and documentation available• Perform a review of override reports and file maintenance reports

11

Internal Controls - Financial

Reconciliation of Accounts/Cash Letter Deposits

Reconciliation can be used to conceal a shortage and cash letter deposits can be manipulated.

Mitigation techniques:

• Review bank reconciliation to ensure deposits are posted on the next months statement timely • Watch for returned items - this may be a sign of kiting• Are additions and subtractions being resolved in a timely manner• Separation of duties of reconciling accounts and cash letter

12

Internal Controls

Dormant/Closed Accounts

Frequently used to perform unauthorized transactions

Mitigation Techniques:

• Establish procedures to verify transactions• Review Dormant/Closed account reports• Contact member to confirm transaction if something appears

suspicious

13

Supervisory Committee Role

Main Role and Objectives:

• Meet financial reporting objectives• Safeguard member’s assets

How to meet these objectives:

• Establish and enforce internal controls• Financial records are reported accurately and promptly• Establish internal audits• Establish and enforce policies that safeguard member’s

assets from errors, fraud or conflicts of interest

14

Supervisory Committee Role

Duties include:

• Establish and enforce policies• Review of nonfinancial Transaction Reports• Require segregation of duties• Surprise cash counts• Audit employee and family member transactions• Confirmation of member loans• Review and oversight of expenses

15

Internal Controls

Questions?

16

Robbery

17

Robbery

• Can not be stopped• But can be deterred• Employee safety is top priority

18

Robbery

Main objectives of robbery procedures should:

• Prevent harm to members and employees by establishing sound practices to follow before, during, and after a robbery

• To get the robbers out of the financial institution as quickly as possible without causing panic, and with minimal cash losses

• To assist law enforcement in identification of the robbers

19

Robbery - Before

Opening Procedures• External and internal inspections of the credit union

location to identify any irregularities that may exist, and could signal possible danger.

• All windows and doors should be inspected from the outside for evidence of tampering before entering.

• If evidence is found, entry should not be made. Go to nearest phone while keeping credit union in sight (if possible) and contact the authorities. – Do not make any phone calls from the credit union parking lot, or

near entry doors

20

Robbery - Before

Opening Procedures - Continued

• After outside inspection is completed and all entry ways examined, enter the credit union. Make sure all doors are locked immediately upon entering.

• After the interior of credit union has been searched and nothing unusual found, the alarm should be disabled. – In the event the employee is forced to open, or encounters a threat

once inside the branch, the alarm pad should be equipped with an ambush/distress code

21

Robbery - Before


• Then consider the use of one or two types of an “All Clear Signal”

– Visual - Allows other employees or designated individual who arrive after first employee to know that the employee has entered safely, and the branch is safe to enter.

– Verbal - Allows an employee or designated individual to call, or be called by the employee opening the branch to let them know they have entered safely, and the branch is safe to enter.

22

Robbery - Before


• Other employees or designated individuals should know and look for these signals prior to entering the building.

– If signal is not displayed, or verbal cue not made, the other employees or designated individual should go to nearest safe phone and call the office or law enforcement. This should be an agreed upon practice prior to opening each morning.

23

Robbery - Before

Teller/Work Areas

• Keep neat and clear• No potential weapons• Secure cash deliveries and deposits• Only count cash out of view• Mindful of wearing expensive jewelry • Keep cell phones or other personal technology devices off

workstations

24

Robbery - Before

Awareness is Essential

• Be alert and report any suspicious individuals• Greet all strangers• Request removal of dark glasses and hats• Consider requesting members not use cell phones

25

Robbery - Before

Confidentiality

• Never discuss work procedures– Opening Procedures – Cash on hand– Cash delivery schedules or procedures– Security equipment– Employee scheduling

Refrain from posting updates to social media while working alone.

26

Robbery - During

Remain calm - don’t be a hero

• Follow instructions exactly, nothing more, nothing less• No sudden moves• Explain every move you make• Avoid eye contact

27

Robbery - During

Be observant - very important to be a good witness

• Height and weight• Eye and hair color• Clothing, build, accent• Right or left handed• Type of weapon

28

Robbery - During

• Include the bait money–Should be easily incorporated with regular teller cash

• Activate the alarm–When to activate should be discussed prior to robbery

occurring

29

Robbery - After

• Lock all perimeter doors• Contact Law Enforcement• Note the direction and means of escape• Secure any remaining currency• Safeguard any evidence for the police• Ask any members to remain inside the credit union

• Do not attempt to follow the robber

30

Robbery - After

• Address the needs of employees and members• Provide water

–Do not give caffeine or alcohol• Do not leave unattended

–Call family–Escort home

• Provide victim assistance information

31

Robbery

Questions?

32

Records Management

33

Records Management

• Assess

• Collect

• Store

34

Assess

Types of documents collected

• Loan applications• Deposit slips• Check deposit• Loan payments• Membership / signature cards

35

Collect

• Determine which documents to keep• Retention of documents - have a tickler file• Proper disposal of confidential documents• Disclosure of nonpublic personal information

36

Store

• Safeguarding important / confidential documents• Clean desk policy• Locking storage files• Essential documents needed in case of disaster• Type of storage container - Fire resistant safes / filing cabinets

37

Records Management

Questions?

38

Fraudulent Deposit and Forgery

39


Reasons check fraudis still problem:

• Availability of high-quality / low cost technology• Increased access to consumer information• Effects of Federal Reserve Regulation CC (Reg CC)• More organized and sophisticated crime groups• Increased focus on member service• Employee turnover

40


Forms of Check Fraud

• Counterfeit checks• Forged checks

– Drawer signatures– Endorsements

• Altered checks

41


Counterfeit ChecksCounterfeit Checks and Technology

• Check printing software• Scanners and color copy machines• Historically, business checks have been the most

common form of counterfeit• Today’s problem is counterfeit cashier’s checks

42

Personal check MICR line:• Routing number of paying institution• Account number• Check number

Business check MICR line:• Check number• Routing number of paying institution• Account number

The Basics – Personal vs. Business Checks


43

Routing Number Basics• Nine digit number between colon brackets in the Magnetic

Ink Character Recognition (MICR) line– Identifies the paying financial institution


44

Telltale Signs of Counterfeit Checks

• Location of paying financial institution does not correspond to the Federal Reserve District for that institution

• Lack of or incorrect fractional routing number– Fractional routing number in upper right hand corner of check– Bears a direct relationship with routing number in MICR line


45


Fractional routing number: xx-yyyy/zzzz• ‘xx’ in the numerator represents the city/region where the paying

financial institution is located.

• ‘yyyy’ in the numerator is the Institution Identifier and should match the 5th through 8th digits of the routing number in the MICR line.

• ‘zzzz’ in the denominator should match the first four digits of the routing number in the MICR line.

• Leading zeroes in the MICR line are dropped for the fractional routing number.

Telltale Signs of Counterfeit Checks - continued

46

• First two digits represent the Federal Reserve District where paying financial institution is located

Location

Fed District #

Banks CU’s & Thrifts

BostonNew YorkPhiladelphiaClevelandRichmondAtlantaChicagoSt. LouisMinneapolisKansas CityDallasSan Francisco

010203040506070809101112

212223242526272829303132

Federal Reserve District Map


Routing Number Basics

http://www.frbsf.org/

http://www.minneapolisfed.org/

http://www.kansascityfed.org/

http://www.dallasfed.org/

http://www.stlouisfed.org/

http://www.chicagofed.org/

http://www.clevelandfed.org/

http://www.frbatlanta.org/

http://www.rich.frb.org/

http://www.federalreserve.gov/

http://www.phil.frb.org/

http://www.newyorkfed.org/

http://www.bos.frb.org/

47


Fractional Routing Number: 70-5678/734• 70 = Region code• 5678 = 5th through 8th digits of routing number• 734 = First four digits of routing number• Leading 0’s are dropped for the fraction


48

Counterfeit Check Example

Check number in MICR line does not agree with check number in upper right hand cornerRouting number: :111000753:Fractional routing number: 32-76/1110The fractional routing number is incorrect. It should be 32-75/1110

MICR Line: 393177 = Check number; :111000753: = Routing number; Account number


49

Counterfeit Check Example

93-516 / 939

Routing # :092905168:Fractional Routing #: 93-516/939The fractional routing # is incorrect. The denominator should be 929


50


• Lack of perforations• Mistakes

– Misspelled preprinted words– Check number in MICR line does not match check number in upper

right hand corner– Missing or incorrect fractional routing number

• Color smudges• Glossy and slightly raised MICR line


51

Forged Checks – Drawer’s Signature

• Stolen blank checks

• Drawn on the credit union (e.g., member share drafts) or another financial institution

• Thief forges drawer’s signature


52

Altered Checks

• Unauthorized changes to check– Dollar amount– Payee

• Chemical alterations (check washing)– Wash dollar amount (courtesy and legal amount) and payee– Fill in the blanks

• Write-over’s• Add a second payee


53

Telltale Signs of Altered Checks

• Cloudy or bleached areas on the check

• Erasure marks• Different handwriting

styles• Inconsistent or irregular

printing• Payees / dollar amounts

don’t line up• Write over’s


54

Check Fraud - New Account Fraud

• Criminals often target credit unions with community charters

• Often involves identity theft– Fraudster joins credit union under someone else’s name and Social

Security Number– Account opened with fake ID

• Opened with good money• Negotiates fraudulent checks within 6 to 12 months of

account opening• May apply for a loan rather than pass fraudulent checks


55

Check Fraud - New Account Fraud Controls

• Verify eligibility• Verify identity

– Government issued photo ID and identity verification service– Be alert for counterfeit ID’s

• ChexSytems inquiry or evaluate creditworthiness to qualify new members for: – Checking accounts – ATM / debit cards– Shared branch access


56

Check Fraud New Account Fraud – Check Holds• Most fraudulent deposit schemes are perpetrated on new

accounts within the first 6 to 12 months• Focus check holds on newer accounts for the first 6

months or until account becomes established• Use holds up to the limits allowed by Reg CC including

extended holds during 1st 30 days• Use longer holds on deposits to savings accounts

– Subject to state law– Subject to Regulation D’s transfer limitations for savings accounts


57

Questions?


CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited © CUNA Mutual Group

CUP-CARE4CUS-0912

Thank YouCarlos Molina, Risk Management Consultant

Credit Union Protection Risk ManagementCUNA Mutual Group

[email protected], ext. 6655096

Holly Spiczenski, Risk Management AnalystCredit Union Protection Risk Management

CUNA Mutual [email protected]

800.356.2644, ext.6657561

mailto:[email protected]

mailto:[email protected]

we care buiding best practices

Documents