Post on 13-Jan-2016
Audit Link Focus Group
November 5, 2010
Revised on November 5, 2010
Agenda
• Introduction and Formalities
• What Audit Link Does vs. What CU Does
• Wrap-up of 2010
– Findings, business status, etc.
• Plans for 2011
– Jim’s Dirty Dozen
– Compliance Outlook
• Audit Link Advisor Site
Joe Spenski – Audit Link Associate
• Bachelor’s Degree in Business Management
• 1 year Credit Union experience
• 1.5 years experience with CU*Base and Client Services
• Great attention to detail
• Strong desire to become current with all compliance issues
• Ext. 253 or Jspenski@xtendcu.com
Andrew VanDerSchaaf– Audit Link Associate
• Bachelor’s Degree in Accounting
– 9 Credit Hours in Forensic Accounting
• 4 Months Experience as a Bookkeeping Specialist
• 6 Months Experience as an Audit Link Associate
• Ext. 211 or Avanderschaaf@xtendcu.com
BSA
• What We Do…
• Review transactions and affiliated accounts
• Verify audit trackers
• What You Do….
• Add to audit trackers
• Submit SAR’s to Audit Link for review
• Flag and monitor High Risk accounts
• BSA/SAR Reports
Dormant Accounts
• Work dormant accounts on a regular basis, otherwise the Activity on Dormant Accounts report is inaccurate
• Do not delete accts from dormancy monitoring due to fees
• ACH postings are considered activity
Goals for Dormancy
• Survey your members
• Mitigate Risk
• Send no money to the State
File Maintenance
• Verify Changes
• Expect Impropriety
• New field changes
– PAYFRQ (Payment frequency)
– PAYMNT (Payment changes)
– DQCNTR (Delinquency control)
• - HBPIN (Home Banking Pin Disabled)
Teller Reversals
• What we are looking for
– Impropriety
– Coaching
– Possibly procedural changes
• What you should be doing
– Pulling receipts
Employee Audit
• What are we looking for
– Unusual transactions outside the norm
– Delinquency and negative balances
– File maintenance
– Transactions on own accounts
• What should you be doing
– Review highlighted accounts
– Annual and ongoing notifications to audit team of new accounts
Wire Transfer
• What we are looking for
– Complete address information
– Any large wires out of the norm
• What you should be doing
– Filling in missing data if needed
OFAC
• Follow Through on New Matches
• Real time and Batch scans are now exactly the same
• Will be updating OFAC scans to scan against Date of Birth
– Reduces suspect matches
Stale Dated Checks
• What we do
– List all stale dated checks
• What you should be doing
– Review all those listed on Run Sheet
Questions
Sample High-Risk Checking Accts
Sample High-Risk Transactions
Findings from daily Audit work• Washington (State)
– Money Store
• $90,400.00 deposits (Oct 2010)
• $76,200.00 Withdrawals (Oct 2010)
• Missouri
– Money Store
• $300,000.00 Deposits (Oct 2010)
• $302,018.00 Withdrawals (Oct 2010)
Findings from daily Audit work• BSA: 12,424
• Dormancy: 5,301
• Reversals: 8,289
• Wires: 1,022
• Employee Accts Reviewed: 4,222
• OFAC Scans Run: 434
• Stale Dated Checks: 449
• Reg D Transactions: 510
Software Developments
• Credit Card Act Statement Updates – Release 9.7, 10.0
• Wrong Address Flag Turns off Automatically – Release 10.0
• Reg. D Counter Warning for Phone Transfers – Release 10.0
• OFAC Changes – Release 10.0
• Reg. E Opt In/Opt Out – Release 10.1
• Reg. DD Disclosures on Statements – Release 10.1
Software Developments
• Reg. Z Statement Change – Release 10.2
• Enhancements to MFOEL – Release 10.2
• Reg. E Opt In/Opt Out Posting Program – July 7, 2010
• Opt In/Opt Out Notices – Release 10.3
• OFAC Enhancements – Release 10.3
Business Status
• 33 upfront contacts completed
– 21 on daily monitoring
• 4 additional clients reviewing contracts
• 8 additional credit unions expressed
interest
Findings of First Contacts
• Reg. Z
– Credit card disclosure
– Regulation Z - Farleigh Wada Witt
• Reg. DD
– Transaction descriptions for Federally chartered Credit unions
• Dormancy
• Employee security & segregation of duties
• Reg. CC disclosures
Audit Link in 2011
• Suspicious Activity Monitoring for 2011– Vilker’s Dirty Dozen
• Compliance Outlook for 2011
• New services from Audit Link
Vilker’s Dirty Dozen
• Excessive Abnormal Activity– ACH– Pay-Pal– Large withdrawals
w/corresponding deposits• Identity Theft
– Ex. Line of Credit loans/Visa
Vilker’s Dirty Dozen
• Check Kitting– Traditional check kitting– Excessive use of online banking
• OFAC scans: Corporate Drafts & A/P Vendor Names– Scan against SDN list
Vilker’s Dirty Dozen
• Detecting debit/credit card fraud– Compromised cards
• BSA – ATM Activity– All deposits/withdrawals made at
ATM
Vilker’s Dirty Dozen
• BSA – Joint Owner– Transactions involving multiple
accounts
• BSA – Layering – LOCs, wires, gift cards, or cash
Vilker’s Dirty Dozen
• Accounts with wrong address– Transactions on flagged accounts
• Critical field Monitoring– 15 critical fields
Vilker’s Dirty Dozen
• New Notice Events: Compliance Related– Dormant notices
• FinCen– Visually compare FinCen report
2011 Compliance Outlook
• Dodd – Frank• Privacy
– Model Privacy Notice from the FDIC
• RESPA• SAFE Act• FACT Act
Compliance Outlook Article
New Services from Audit Link
• BSA Audits
• Ad hoc
• ACH Audits
• Audit Link Lite
• Tune Up
• Concentration Risk
Audit Link on the Web
• Audit Link Advisor site
– http://Advisor.cuanswers.com/
Audit Link on the Web
• The addition of three new categories
– Best Practices
– Policy Sharing
– Regulation Interpretation
• New core compliance group
http://Advisor.cuanswers.com/