Whistleblowing and Fraud Prevention; New HMDA Resources Available from the CFPB
Written by Elizabeth M. Young LaBerge, Senior Regulatory Compliance Counsel
The NAFCU Compliance Team has seen an uptick in questions about various internal fraud prevention issues, like whistle blower information, fraud policies and NCUA's Fraud Hotline. This isn't necessarily surprising since NCUA indicated that internal controls and fraud prevention are one of their primary areas of supervisory focus in 2017.
Section 1790b of the Federal Credit Union Act has a provision protecting whistleblowing employees against retaliation:
§1790b. §213
Credit union employee protection remedy.
(a) In general.
(1) Employees of credit unions. No insured credit union may discharge or otherwise discriminate against any employee with respect to compensation, terms, conditions, or privileges of employment because the employee (or any person acting pursuant to the request of the employee) provided information to the [NCUA] Board or the Attorney General regarding any possible violation of any law or regulation by the credit union or any director, officer, or employee of the credit union. FCU Act, section 1790b(a)(1) (Emphasis and clarification added).
Some laws, like the Sarbanes-Oxley Act which applies to publicly traded companies, require a hotline be available for whistleblowing purposes. NCUA does not have a provision explicitly requiring that credit unions make a hotline available for whistleblower employees. NCUA has established a Fraud Hotline for the reporting of suspicious or illegal activity directly to NCUA. Reports are confidential and can be anonymous.
While there may not be federal regulation from NCUA requiring credit unions to make a hotline available or post information about NCUA's Fraud Hotline, many credit unions internal policies and procedures, such as the Fraud Policy, may contain requirements to do so. These policy requirements implement the FCU Act's provisions and mitigate risk by facilitating or encouraging employees to report illegal acts or internal fraud. Lastly, there may be state law or human resource management requirements that might require a whistleblower policy or the availability of a hotline for reporting insider abuse.
NCUA does require that credit union management develop and implement a fraud policy. Chapter 14 of the NCUA's Examiner's Guide states "[t]he board of directors should adopt the policy and require that staff given written acknowledgement of receiving and reviewing that policy". See, page 14-5. In the AIRES Examination Questionnaire on Red Flags, the failure to have a fraud policy is considered an indication of a material weakness in internal controls. NCUA recommends that credit unions require employees to review and acknowledge the Fraud Policy on an annual basis. See, NCUA's Help Deter, Detect and Report Insider Fraud website. Further, a Fraud Policy may be required to obtain fidelity bond coverage for the credit union.
For more information on internal controls and fraud prevention, see the below resources:
- NCUA's IRPS 87-1 regarding the Bank Bribery Act and codes of ethics
- Federal Credit Union Act
- AIRES Examination Questionnaires on Red Flags and Internal Controls Management
- NCUA's Fraud Prevention Center website
- The Supervisory Committee Guide for Federal Credit Unions, Chapter 22
- NCUA Examiner's Guide
- Chapter 14, Fraud and Forgery and Internal Control Structure sections, p. 14-5
- Chapter 7, Conflicts of Interest section, p. 7-24
- NCUA's Help Deter, Detect and Report Insider Fraud website
- The NCUA Fraud Hotline website
- NCUA's Fraud Series video series
- NAFCU Compliance Blog Post - Safeguarding Against Insider Fraud
- FFIEC's BSA/AML Examination Manual, Suspicious Activity Reporting-Overview
New HMDA Resources Available from the CFPB
Earlier this month, the CFPB issued some additional resources on new HMDA, including a webinar discussing data points and a chart illustrating options for collection and reporting. These new resources can be found on the CFPB's HMDA Rule Implementation webpage. For more information about HMDA compliance under the new rule, see NAFCU's HMDA Compliance webpage.