National Credit Union Administration (NCUA)
NCUA Opening 2024 CDRLF Grant Round May 1
The NCUA announced that low-income-designated credit unions can apply for the 2024 Community Development Revolving Loan Fund grants between May 1 and July 1.
The 2024 CDRLF grant round is open to credit unions with a low-income designation. Minority depository institution credit unions are not eligible for funding in this year’s grant round if they do not have the low-income designation.
The agency will administer more than $3.4 million in CDRLF grants to the most qualified applicants, subject to the availability of funds, and will host a webinar in May to explain the grants process. Grants will be awarded in five categories and one pilot initiative:
Underserved Outreach (maximum award of $50,000) — Helping credit unions expand access to underserved communities and improve the financial well-being of their members.
MDI Capacity Building (maximum award of $50,000) — Preserving MDI credit unions and increasing their ability to thrive and serve minority populations.
Consumer Financial Protection (maximum award of $10,000) — Ensuring credit unions have the resources and expertise to protect credit union members and consumers, raise awareness of potential frauds, and facilitate access to fair and affordable financial services.
Digital Services and Cybersecurity (maximum award of $10,000) — Helping credit unions to modernize information and security systems to better protect themselves and members from cyberattacks.
Training (maximum award of $5,000) — Strengthening credit unions through succession planning, leadership development, and staff education.
Impact Through Innovation (maximum award of $100,000) — Providing Phase II funding for this pilot initiative to credit unions that received Phase I grants in 2023.
___________________________________________________________________________________
Consumer Financial Protection Bureau (CFPB)
CFPB Report Identifies Financial and Privacy Risks to Consumers in Video Gaming Marketplaces
The CFPB issued a report which examines the growth of financial transactions in online video games and virtual worlds. These platforms increasingly resemble traditional banking and payment systems that facilitate the storage and exchange of billions of dollars in assets, including virtual currencies. However, consumers report being harmed by scams or theft on gaming platforms and not receiving the protections they would expect under federal law.
The report identifies several trends and risks associated with gaming assets, including:
Gaming products and services resemble conventional financial products: Games and virtual worlds enable players to store and transfer valuable assets, including in-game currencies and virtual items such as cosmetic skins or collectibles. For example, the largest reported sale of a cosmetic skin was for $500,000. Games and virtual worlds act as a real-world marketplace that enables players to store and transfer valuable assets. To leverage that value, gaming companies have begun incorporating financial products and services such as proprietary payment processors and
money transmitters.
Gaming companies provide little customer support when consumers experience financial harm: The increased value of in-game assets has fueled a rise in scams, phishing attempts, and account thefts. Attackers use phishing tactics or compromised user credentials to break into accounts and access game currency or virtual items, and then sell these assets off the platform for other currency. Consumers report having little recourse with gaming companies when they suffer losses, and game publishers claim to have no obligation to compensate the players for financial losses,
including when service to a game is suspended or a consumer’s account is closed.
Gaming companies are assembling gamers’ personal and behavioral data: Publishers are collecting large amounts of data on players, including behavioral details such as financial data, purchasing history and spending thresholds. Gaming platforms can also track players’ location data, which can generate an accurate portrait of a player’s daily routines, such as their home address, places of employment or worship, and health and medical status. And with the advent of virtual- and mixed-reality gaming, the information gathered by headsets may include biometric
data such as iris scans, eye movement, pupil response, and gait analysis, which may pose medical privacy risks.
CFPB Finds Americans are Paying Upfront Fees Seeking to Lower Interest Rates on Mortgages
The CFPB issued a report which shows that more borrowers paid “discount points” upfront as overall interest rates rose. The percentage of homebuyers paying discount points roughly doubled from 2021 to 2023. The increase was even greater among borrowers with lower credit scores. While discount points may provide advantages to some borrowers, the financial tradeoffs are complex.
CFPB Supervisory Highlight Finds Violations of Credit Report Accuracy Requirements, Including for Survivors of Human Trafficking
The CFPB published the 32nd edition of Supervisory Highlights which covers select examinations in connection with credit reporting and furnishing completed from April 1, 2023, through December 31, 2023.
Key findings in the report include:
Consumer reporting companies failed to block or remove information related to identity theft and human trafficking: Examiners found that companies refused to honor consumer requests to block information associated with identity theft based on overbroad criteria; failed to inform consumers when blocks were denied or rescinded; failed to provide victims of identity theft with summaries of rights; and failed to timely block all information resulting from human trafficking identified by consumers.
Consumer reporting companies accepted information from unreliable furnishers: Examiners found companies accepted information from furnishers that may have been no longer providing reliable, verifiable information about consumers. For example, consumer reporting companies continued to include information from furnishers that failed to respond to all or nearly all disputes or that issued the same responses to all disputes.
Furnishers provided information to consumer reporting companies they knew was false: Examiners found that auto loan furnishers continued to share incomplete or inaccurate information for several months or even years after learning the information was false, incomplete, or inaccurate. In other instances, furnishers provided information even after they determined the information was fraudulent or due to identity theft.
Furnishers did not follow requirements for dispute investigations and identity theft: Examiners found that some furnishers continued to furnish information that consumers were disputing without indicating the information was in dispute. In other instances, furnishers failed to conduct investigations into the accuracy of information consumers disputed.
____________________________________________________________________________________
Consumer Compliance Outlook: First Issue 2024
Compliance Spotlight: Resources to Combat Increased Check Fraud
The Federal Reserve recognizes that check fraud is a top concern for financial institutions. In 2023, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) noted that financial institutions reported 680,000 suspicious activity reports for possible check fraud in 2022, a significant increase from 2021. While the Federal Reserve actively monitors trends in check fraud, it generally does not intervene in fraud disputes between banks, including banks over which it may not be the primary federal banking regulator. The Federal Reserve is sharing resources and sound practices to help financial institutions respond to check fraud.
___________________________________________________________________________________
Washington State Department of Financial Institutions Division of Credit Unions (DCU)
Succession Planning
The DCU issued DCU Bulletin B-24-02 to highlight the importance for credit unions to focus on succession planning. During recent examinations, examiners are identifying more credit unions with staffing shortages in key management positions because of planned retirements and an active job market. While it has always been important for credit union Boards of Directors and management teams to plan for the potential departure of Chief Executive Officers (CEOs), it is increasingly important to identify and plan for the potential departure of other key management positions.
|
League InfoSight Highlight: Regulatory Spotlight - Controls Testing
Over the last year, we have been seeing an examiner focus on “Controls Testing” – a term that has caused some confusion and stress in our credit union community. This Spotlight article is aimed at demystifying the term and providing context about what it is, why it is important, and how Recovery Pro helps support the Controls Testing process.
Controls Testing
Controls Testing is a component of the Validation and Maintenance portion of your Business Continuity Planning effort but is not exclusive to it. For example, if you have a Clean Desk Policy (which is a Control) to protect sensitive/confidential data and you periodically do a walk-around clean desk check – that is a Controls Test.
In the Business Continuity world, there are a number of Controls Tests you likely already do but that you do not always associate with Business Continuity Testing. Examples include:
Brainstorming with your team (especially your Facilities team) is an excellent way to identify and capture these.
The Risk Assessment
More controls will be discovered in your Risk Assessment (another Recovery Pro component) because Mitigation Factors you identify that help reduce the risk of the various threats identified in your Risk Assessment are Controls.
Let’s use the Fire threat from a sample Risk Assessment as an example. In the Mitigation Factors (Controls) in place, the credit union sampled included the following:
“The HQ facility is equipped with fire sprinklers, fire extinguishers (Type-based on the nature of each space), IT spaces are equipped with fire suppression systems, HVAC have sensors and dampers to automatically restrict or stop airflow to affected areas. Fire alarm systems will alert the monitoring company, who will notify the fire department. Sites are also equipped with dedicated lines for calling out to 911. Evacuation plans are in place for all locations. Site maps with evacuation routes are posted throughout the facility and rally points are identified for all locations.”
All of the listed items in Red are Controls. Are they tested regularly? If not, could they be? These, along with Mitigation Factors from other Threats in your Risk Assessment, can be added to your Controls Inventory and your Controls Testing plans.
We hope this helps you understand the concept of Controls Testing, why it is important, and how you can utilize the tools in Recovery Pro to help you identify and develop your Controls Testing plans.
Bill Ashland,
AVP of Business Continuity Planning, Synergent
|
