League InfoSight

North Carolina Credit Union League InfoSight Home » InfoSight eNewsletters » InfoSight eNewsletter Archive » InfoSight Newsletter, Vol 6, Issue 9 (3/2/12)

Security Channel Updated
The Security channel was recently reviewed and updated. As part of those updates, the FFIEC Online Banking Risk Assessment topic was added.

Credit unions and other financial institutions must maintain an ongoing information security risk assessment program that effectively:

Gathers data regarding the information and technology assets of the organization, threats to those assets, vulnerabilities, existing security controls and processes, and the current security standards and requirements
Analyzes the probability and impact associated with the known threats and vulnerabilities to their assets
Prioritizes the risks present due to threats and vulnerabilities to determine the appropriate level of training, controls, and assurance necessary for effective mitigation

The FFIEC Online Banking Risk Assessment topic provides the information you need to maintain your information security risk assessment program, including related links for the following:

FFIEC Information Examiner Workbook
NCUA Letter 11-CU-09 - Online Member Authentication Guidance
Supplement to Authentication in an Internet Banking Environment

Treasury to Stop Paying Savings Bond Fees in April
Having discontinued over-the-counter sales of U.S. savings bonds earlier this year, the U.S. Treasury Department now has announced it will discontinue paying fees to credit unions, banks and all U.S. Savings Bond agents for redeeming savings bonds as of April 11. Treasury estimates that the move from paper to electronic bonds will save $70 million in taxpayer funds over five years.

Savings Bond agents are currently paid 30 cents for each redeemed savings bond they submit.

The Treasury is shifting redeemed bond processing from the EZ Clear Program to image-enabled bond processing on April 16, and the EZ Clear Program will be decommissioned following the transition, Treasury said.

Click here to read the Treasury release in its entirety.

Source: CUNA News Now

FinCEN Reports Going Paperless
In an effort to improve efficiency, reduce government and industry costs, and enhance the ability of investigators, analysts, and examiners to gain better and more timely access to important financial information, the Financial Crimes Enforcement Network (FinCEN) recently re-affirmed its requirement, with some extensions and exemptions allowed, that FinCEN reports be filed electronically, beginning on July 1, 2012.

Although almost all FinCEN reports fall within the E-Filing mandate, Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) are the primary focus of this initiative.

Additionally, FinCEN encourages individuals to E-File FBARs (Reports of Foreign Bank and Financial Accounts). However, the deadline for mandatory FBAR E-Filing is not until June 30, 2013, to allow time for practical adaptation and notice.

For technology-related questions specific to E-Filing, please call the BSA E-Filing Help desk at 1-866-346-9478, Option 1.

Source: FinCEN

Important Notice about Mandatory Electronic Filing of Reports to FinCEN
On February 23, 2012, the Financial Crimes Enforcement Network (FinCEN) announced that financial institutions must electronically file all reports except the Report of International Transportation of Currency or Monetary Instruments (CMIR) and the Report of Cash Payments Over $10,000 Received in a Trade or Business (Form 8300) by July 1, 2012. FinCEN had previously announced on December 20, 2011, that it was extending the deadline for financial institutions’ mandatory use of FinCEN’s new Currency Transaction Report (CTR) and Suspicious Activity Report (SAR) to March 31, 2013.

FinCEN will grant a very limited number of temporary exemptions to institutions that follow the below procedures and that demonstrate a substantial hardship in meeting the July 1, 2012, requirement.

Financial institutions must contact FinCEN by following the procedures set forth below in order to be considered for a temporary exemption from the requirement to file electronically from July 1, 2012.

FinCEN understands there are a limited number of small credit unions that do not have Internet connectivity within their financial institution. As a group, these credit unions file a minimum number of reports to FinCEN each year. These institutions may submit a hardship exemption request for additional accommodation to arrange for the electronic submission of reports to FinCEN. No temporary exemption granted to a credit union in this situation will extend beyond March 31, 2013.

How to Submit an Exemption Request
FinCEN requests, but does not require, that institutions use the template and submit the exemption request to ExemptionRequest@fincen.gov. Use of the template will enable faster processing by FinCEN of your exemption request.

Alternatively, institutions may mail exemption requests to: Attn: E-Filing Exemption Request, Financial Crimes Enforcement Network, Regulatory Policy and Programs Division, P.O. Box 39, Vienna, VA 22813. Please direct any questions regarding this notice to the Regulatory Helpline at (800) 949-2732.

Source: FinCEN

FTC Report Raises Privacy Questions about Mobile Applications for Children
Says Mobile Apps Offer Opportunities but Lack Information on Data Being Collected
The Federal Trade Commission recently issued a staff report showing the results of a survey of mobile apps for children. The survey shows that neither the app stores nor the app developers provide the information parents need to determine what data is being collected from their children, how it is being shared, or who will have access to it.

The report says the survey focused on the largest stores, the Apple App Store and the Android Market, and evaluated the types of apps offered to children, the disclosures provided to users, interactive features such as connectivity with social media, and the ratings and parental controls offered for such apps.

The report recommends:

All members of the "kids app ecosystem"—the stores, developers and third parties providing services—should play an active role in providing key information to parents.
App developers should provide data practices information in simple and short disclosures. They also should disclose whether the app connects with social media, and whether it contains ads. Third parties that collect data also should disclose their privacy practices.
App stores also should take responsibility for ensuring that parents have basic information. "As gatekeepers of the app marketplace, the app stores should do more." The report notes that the stores provide architecture for sharing pricing and category data, and should be able to provide a way for developers to provide information about their data collection and sharing practices.

The agency will host a public workshop in 2012, in connection with its efforts to update the FTC's "Dot Com Disclosure" guide, about how to provide effective online disclosures, including mobile privacy disclosures. The FTC, which enforces the Children's Online Privacy Protection Rule, is expected to conduct an additional review to determine whether certain mobile apps violate COPPA. The Rule requires operators of online services, including interactive mobile apps, to provide notice and get parental consent prior to collecting information from children under 13.

Source: FTC

Annual Escrow Statements and Bankruptcy
Q. One of our mortgage borrowers has gone into bankruptcy. Do we still have to provide an annual escrow account statement for this mortgage?

A. No. The RESPA Regulation (Reg X) includes an exemption from submitting annual escrow account statements in the case of default, foreclosure, or bankruptcy (§3500.17(i)(2)).

However, if the credit union does not issue an annual statement due to this exemption, and the loan subsequently is reinstated or otherwise becomes current, the credit union must provide a history of the account since the last annual statement (which may be longer than 1 year) within 90 days of the date the account became current.

Source: CUNA Compliance Blog