Compliance Blog

Blog Home
Apr 30, 2010
Categories: BSA Consumer Lending Home-Secured Lending

Copiers and Part 748; FFIEC BSA Manual; NCUA Board Recap

Posted  by Anthony Demangone


CBS news has done a wonderful job of increasing my blood pressure.  It isn't their fault, mind you.  They tell the news - they don't make it.

CBS has highlighted a major security issue that involves copiers.  Yes, copiers.  See their video story here. They have an old-fashioned, print version as well.  

In short, CBS points out that modern copiers have hard drives that store digital versions of the copies the machine creates.  If you make a copy of your federal tax return, the copier will store a digital version on its hard drive.  The CBS video takes you to a warehouse in New Jersey where thousands of used copiers are stored.  Many of those copiers still contain digital versions of all the copies the original owner made.

For credit unions, that is bad news.  Think about the copies your credit union makes.  Or better yet, think of all the copies your credit union  made during  the past five years. Are they sitting in a warehouse?

Why is this a compliance issue?  Part 748 of NCUA's regulations, that's why.   We must protect member data from unauthorized access.  Also, there's Part 717, which includes the Identity Theft Red Flags regulation. 

Here's what I would do:
  1. I'd inventory each copier your credit union owns.  Then contact the service provider or read the owner's manual to see if it stores all of its copies digitally. 
  2. If the copier does store all of the copies digitally, I'd want to know my options. First, do you need that function?  In my 6 years at NAFCU, I never needed to retrieve a copy from a copier's hard drive.  If your credit union doesn't need that function, see if you can turn it off.  If you do need that function, find out how you can periodically purge that data.  I mean really purge it - so that an identity thief with hi-tech capabilities can't recover your member data.  (I mention this because I watch NCIS.  The characters on that wonderful TV series always retrieve data from computers after the criminal du jour thought he had wiped the hard drive clean.)
  3. What happened to your old copiers?  When you replace an old copier, do you have procedures to clean its hard drive?   Or does your servicing company do this?
  4. Here's the tough question - if you can't answer question three in the affirmative, would you be able to track down old copiers?  Perhaps the company that services your copiers can help you.
  5. Why stop at copiers?  You have fax machines.  Computers, both of the desk an lap varieties.  Do you give them away to staff or trade them in?  Either way, are those hard drives clean?   
***

RESPA changed. Reg Z changed.  And changed.  And then changed again. Reg E changed as well.  So why not BSA.  Yesterday, the FFIEC announced that it has updated its BSA manual.  Details to follow!

***

In yesterday's NCUA Board meeting, the Board approved a very interesting proposal.

Proposed Rule – Section 701.21(c) of NCUA’s Rules and Regulations, Short-term, Small-dollar Loans

The proposed rule would amend NCUA’s general lending rule to enable more federal credit unions to offer short-term, small amount loans.  This amendment would allow federal credit unions to charge an APR of 28 percent, which is higher than the maximum APR permitted under the general lending rule.  (The proposal details how NCUA can do this legally, under the Federal Credit Union Act.) Additionally, credit unions would be able to charge a maximum application fee of $20.  The proposed rule also identifies “best practices” federal credit unions should incorporate into their individual short term, small amount lending programs.

The proposal sets a minimum maturity of one month and a maximum maturity of six months for these loans.  The loans must be for at least $200 and no more than $1,000.  Credit unions may only make one such loan at a time to a member and no more than three loans in a six month period may be made to the same member.  Further, the rule prohibits credit unions from rolling over the loan.  In order to ensure the loans to not threaten safety and soundness, credit unions would be required to include in their written lending policies a cap on both the total number and total dollar amount of STS loans. 

The proposed rule will be published in the Federal Register with a 60-day comment period.

Note: NCUA did other stuff as well, so take a look at the agenda for all the lovely details. 

Categories