Many credit unions grappling with complex regulatory issues are relying on CUSOs to save time, money, and stress over ensuring their operations and policies follow the letter of the law. For this issue of CUSP, Callahan & Associates sat down with Lucy Ito, CEO of CURoots Cooperative; Todd Mason, COO of League InfoSight; and Jim Vilker, vice president of professional services at CU*Answers, for a roundtable discussion on how credit unions can leverage CUSO support to meet today’s new wave of compliance needs.
When should a credit union consider outsourcing compliance services to a CUSO?
Lucy Ito: Our user size ranges from $7 million in assets to $1.3 billion in assets, so that’s quite a range. We’ve generally found that credit unions with less than $100 million do not have a full-time compliance officer. In this case, [working with a CUSO] saves staff time.
Credit unions with more than $100 million might or might not have a full-time compliance officer. For larger institutions that don’t completely outsource to us, we supplement what they are doing.
But even large credit unions can use additional help, particularly in response to exam findings when they have a time window within which they need to respond. They call us to fill in for a temporary or a prolonged contract without having to hire another full-time individual.
Jim Vilker: I’m not aware of any CUSO that serves as the full compliance department for a credit union in the country. There are a lot of reasons for that. Credit unions are simply not allowed to subrogate the duties of an individual to a third party in areas such as the Bank Secrecy Act.
We come into play more in filling the gaps: daily work, employee reviews, file maintenance, policy adherence, internal policy development, and regulatory tracking. Our goal is to augment and round out a credit union’s compliance division. We have credit unions from $7 million in assets to almost $1 billion.
Click Here To View The CUSO Roundtable Participants
We’re aggregating our collective knowledge across the network so credit unions can communicate with one another and then fill the gaps. We do that because, from a cooperative principle standpoint, we guarantee the patronage of the individuals who are using us. This way we gain scale.
Todd Mason: Credit unions for the most part are taking a hybrid approach. They can never fully get away from having to do some compliance themselves.
Credit unions need to look outside their own four walls to get education they cannot do themselves. There are no other sources like leagues and CUNA to get education, whether it’s on BSA or whatever compliance issue. Leagues can go in and help credit unions specifically with their own compliance needs on an individual credit union basis.
What trends are you seeing in compliance demands right now?
LI: We are seeing continued burden on credit unions that are trying to catch up with, say, FAS and Reg D lending changes. With all the new regulations coming, this year loan modifications are a challenge area. There is a zero tolerance attitude on the part of examiners for repeat findings.
JV: The dramatic increase of regulatory changes that Dodd-Frank precipitated is troubling credit unions. The big ones, like Reg C and Reg E are behind us. It’s coming to the point where a credit union is supposed to read a 1,099-page document and then implement all the recommendations that are in it.
The dramatic increase of regulatory changes that Dodd-Frank precipitated is troubling credit unions.
Another thing, NCUA is conducting a lot of risk-based examinations. The expectation is that the credit union will have an enterprise risk management system focusing on those seven pillars of risk [editor’s note: credit, liquidity, operational, reputation, interest rate, strategic, and compliance]. For the past six months, that’s been one of our largest investments here in our queue. We are developing a full enterprise risk management guidance document. It will allow credit unions to push a button and literally say, “This is what credit risk looks like in our organization right now.”
LI: Enterprise risk management is also something we are developing to launch in 2013.
TM: The amount of regulation is not going to stop anytime soon. The level of complexity is not going to stop anytime soon. Systems and processes and technologies to help manage the flow are going to be increasingly important.
We might not always know what regulations are coming down the line, but we need to be flexible and nimble enough and have the right systems in place to manage whatever is coming. Technology is going to have an increasingly larger role in identifying where the risks are within a credit union. Technology enterprise — or risk management — systems designed specifically for compliance are going to be very important.
What are credit unions most concerned about for 2013?
JV: The remittance rule. My hope is we will find credit unions offering remittance services to other credit unions, and those credit unions offering it to other credit unions will have the capability to understand what that receipt needs to look like, understand what the upfront disclosure needs to look like, and then help other credit unions — potentially smaller credit unions — meet that.
Credit unions are also concerned about the changes NCUA promulgated through Part 741 as it relates to troubled debt and loan workouts. A lot of that change flew under the radar. There’s a lot of concern in the industry about that. But it hasn’t been taken to task in the field. It’s too new. And I think a lot of credit unions are wondering, “How do I actually do this?”
TM: I feel the same way. And I think what’s coming with the CFPB and Dodd-Frank are also going to be major concerns.
What should credit unions know when searching for an organization to assist them? What kind of questions should they be asking?
TM: That’s a good question. It starts with understanding their needs. To a degree, it’s Business 101. You’ve got to have a frame of reference of where your gaps are and where you need help filling them. Based on that, you’ve got to look at the level of depth and credibility of the individuals behind the CUSO. There are a number of CUSOs to choose from, but I think it’s important to understand who the principle players are and whether they have the experience that’s needed to take care of compliance needs.
LI: A couple things. We’ve found that many credit unions are leery of committing to one CUSO for an extended contract. So we launched a la carte specialty audit services. For credit unions, it seems to be beneficial to have the opportunity for a one-off trial, where they can do something small. They can break down their compliance challenges instead of trying to fight everything off at once. They can take the highest priority ones, and if they’re able to find a CUSO that gives them the opportunity to work just on one small project, then they can test whether that CUSO is a good match for their credit union.
I would stay away from the mentality of putting all of one’s CUSO-compliant service eggs in one basket. Credit unions have choices, and it might be that just one provider is not going to be the solution.
JV: Credit unions should make sure that whatever CUSO they’re considering has a community of professionals who are willing to share best practices and policies. That’s vital. They must have the capability to fill in the gaps, but because it is a CUSO and it is a co-op, they also have to have the ability to say, “We can build these business designs and we can build these models, but we can give them freely back to you if you ever want them back.” The CUSOs can fill a gap for a specific period of time, but they need to be willing to transfer the knowledge back into the credit union.
Want to learn more? Click on the articles in the Subscriber Package below for a deeper dive into Cooperative Solutions To Address Compliance Questions .