ARTICLE
Compliance Update with Amy K by Amy Kleinschmit, Chief Compliance Officer Cybersecurity Awareness Month October is Cybersecurity Awareness Month! Now in its 18th year, government agencies and private companies continue to raise awareness about the importance of cybersecurity, ensuring that all Americans have the resources they need to be safer and more secure online. The Cybersecurity & Infrastructure Security Agency (CISA) has a number of resources and is promoting the theme “Do Your Part. #BeCyberSmart” with the National Cyber Security Alliance (NCSA). The CISA resources include partner toolkit, tip sheets and even translated resources. This is an excellent time to spread awareness to both staff and your members. One of the CISA tips for week 1 reminds us that - Businesses face significant financial loss when a cyber-attack occurs. In 2020, a sharp increase was reported in cyberattacks that target businesses using stolen logins and passwords. Cybercriminals often rely on human error—employees failing to install software patches or clicking on malicious links—to gain access to systems. From the top leadership to the newest employee, cybersecurity requires the vigilance of everyone to keep data, customers, and capital safe and secure. #BeCyberSmart to connect with confidence and support a culture of cybersecurity at your organization. The FBI also as a number of tips and resources to promote cybersecurity awareness month, which can be found here. Among them, the FBI’s Safe Online Surfing program is aimed at helping keep kids safe online. Cannabis eSchool For credit unions interested in learning more about providing financial services to the cannabis and hemp industry, be sure to check out the upcoming CUNA eSchool which will run November 12 to December 10. Topics will include Cannabis Banking 101; Anatomy of a compliance centric CRB deposit services program; HR related issues; and lending issues. Find additional information and registration here. Debt Collection Final Rule FAQs The Consumer Financial Protection Bureau (CFPB) issued frequently asked questions relating to its Debt Collection Final Rule that is set to take effect on November 30, 2021. These FAQs, along with the small entity compliance guide, can be found here. As a reminder - the Debt Collection Rule covers debt collectors and debts, as those terms are defined in the Fair Debt Collection Practices Act (FDCPA). Thus, the Rule does not alter which debt collectors and debts are covered under the FDCPA. For example, the Rule does not expand coverage to first-party debt collectors that are not debt collectors under the FDCPA. Therefore, an officer or employee of a creditor while the officer or employee that is collecting debts for the creditor in the creditor’s name, is excluded from the definition of “debt collector.” However, the term debt collector includes any creditor that, in the process of collecting its own debts, uses any name other than its own that would indicate that a third person is collecting or attempting to collect such debts. CU PolicyPro Updates The following policies have been updated/revised within CU Policy Pro. The redlined documents related to this update can be found in the Resources area of CU PolicyPro (under Content Update Archives > September 2021). Remember – updates are only made to the model policies. Credit unions should review these updates and tailor your adopted policies as necessary. A video tutorial that reviews the best practices for updating policies and provides tips for documenting the updates for auditing purposes is available on the Training Videos page of the Support area in CU PolicyPro. Policy 1515 – Families First Coronavirus Response Act (FFCRA) Policy. This policy was revised to reflect the extension of the availability of the FFCRA tax credits, as extended by the American Rescue Plan Act of 2021. If the Credit Union is not taking advantage of the tax credits, this policy can be retired. (Revision Recommended) Policy 2225 – Digital Banking. **Policy Name Change** This policy was revised to take into consideration the new guidance issued by the FFIEC related to “Guidance on Authentication and Access to Financial Institution Services and Systems.” Note: while a redlined version of this policy is provided, the changes are very extensive. Credit unions may find it easier to re-import the policy and re-customize it rather than using the redlined version. (Revision Recommended) Policy 4120 – Information Security. This policy was revised to take into consideration the new guidance issued by the FFIEC related to “Guidance on Authentication and Access to Financial Institution Services and Systems.”(Revision Recommended) 7250 – Truth-in-Lending Disclosure for Open-Ended Credit. This policy was reviewed and Section #2(D) was revised to provide clarity that when a consumer accesses a credit card application or solicitation electronically, the card issuer must provide the disclosures in electronic form in order to meet the requirement to provide disclosures in a timely manner on or with the application or solicitation. (Revision Recommended) 9120 – Fair Debt Collection Practices Act. This policy was completely rewritten to comply with the significant amendments to the Fair Debt Collection Practices Act that become effective on November 30, 2021. Note: while a redlined version of this policy is provided, the changes are very extensive. Credit unions may find it easier to re-import the policy and re-customize it rather than using the redlined version. (Revision Required for Credit Unions using this policy after November 30, 2021) 9600 – TCPA, JFPA and CAN-SPAM. **Policy Name Change** This policy was revised to include the provisions of the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM). Additional definitions and clarity were added along with coverage and applicability of requirements for commercial email communications. (Revisions Recommended) As always, DakCU members may contact Amy Kleinschmit at akleinschmit@dakcu.org with any compliance related questions.
Compliance Update with Amy K
by Amy Kleinschmit, Chief Compliance Officer
Cybersecurity Awareness Month
October is Cybersecurity Awareness Month! Now in its 18th year, government agencies and private companies continue to raise awareness about the importance of cybersecurity, ensuring that all Americans have the resources they need to be safer and more secure online. The Cybersecurity & Infrastructure Security Agency (CISA) has a number of resources and is promoting the theme “Do Your Part. #BeCyberSmart” with the National Cyber Security Alliance (NCSA). The CISA resources include partner toolkit, tip sheets and even translated resources.
This is an excellent time to spread awareness to both staff and your members.
One of the CISA tips for week 1 reminds us that - Businesses face significant financial loss when a cyber-attack occurs. In 2020, a sharp increase was reported in cyberattacks that target businesses using stolen logins and passwords. Cybercriminals often rely on human error—employees failing to install software patches or clicking on malicious links—to gain access to systems. From the top leadership to the newest employee, cybersecurity requires the vigilance of everyone to keep data, customers, and capital safe and secure. #BeCyberSmart to connect with confidence and support a culture of cybersecurity at your organization.
The FBI also as a number of tips and resources to promote cybersecurity awareness month, which can be found here. Among them, the FBI’s Safe Online Surfing program is aimed at helping keep kids safe online.
Cannabis eSchool
For credit unions interested in learning more about providing financial services to the cannabis and hemp industry, be sure to check out the upcoming CUNA eSchool which will run November 12 to December 10. Topics will include Cannabis Banking 101; Anatomy of a compliance centric CRB deposit services program; HR related issues; and lending issues. Find additional information and registration here.
Debt Collection Final Rule FAQs
The Consumer Financial Protection Bureau (CFPB) issued frequently asked questions relating to its Debt Collection Final Rule that is set to take effect on November 30, 2021. These FAQs, along with the small entity compliance guide, can be found here.
As a reminder - the Debt Collection Rule covers debt collectors and debts, as those terms are defined in the Fair Debt Collection Practices Act (FDCPA). Thus, the Rule does not alter which debt collectors and debts are covered under the FDCPA. For example, the Rule does not expand coverage to first-party debt collectors that are not debt collectors under the FDCPA.
Therefore, an officer or employee of a creditor while the officer or employee that is collecting debts for the creditor in the creditor’s name, is excluded from the definition of “debt collector.” However, the term debt collector includes any creditor that, in the process of collecting its own debts, uses any name other than its own that would indicate that a third person is collecting or attempting to collect such debts.
CU PolicyPro Updates
The following policies have been updated/revised within CU Policy Pro. The redlined documents related to this update can be found in the Resources area of CU PolicyPro (under Content Update Archives > September 2021).
Remember – updates are only made to the model policies. Credit unions should review these updates and tailor your adopted policies as necessary. A video tutorial that reviews the best practices for updating policies and provides tips for documenting the updates for auditing purposes is available on the Training Videos page of the Support area in CU PolicyPro.
Policy 1515 – Families First Coronavirus Response Act (FFCRA) Policy. This policy was revised to reflect the extension of the availability of the FFCRA tax credits, as extended by the American Rescue Plan Act of 2021. If the Credit Union is not taking advantage of the tax credits, this policy can be retired. (Revision Recommended)
Policy 2225 – Digital Banking. **Policy Name Change** This policy was revised to take into consideration the new guidance issued by the FFIEC related to “Guidance on Authentication and Access to Financial Institution Services and Systems.” Note: while a redlined version of this policy is provided, the changes are very extensive. Credit unions may find it easier to re-import the policy and re-customize it rather than using the redlined version. (Revision Recommended)
Policy 4120 – Information Security. This policy was revised to take into consideration the new guidance issued by the FFIEC related to “Guidance on Authentication and Access to Financial Institution Services and Systems.”(Revision Recommended)
7250 – Truth-in-Lending Disclosure for Open-Ended Credit. This policy was reviewed and Section #2(D) was revised to provide clarity that when a consumer accesses a credit card application or solicitation electronically, the card issuer must provide the disclosures in electronic form in order to meet the requirement to provide disclosures in a timely manner on or with the application or solicitation. (Revision Recommended)
9120 – Fair Debt Collection Practices Act. This policy was completely rewritten to comply with the significant amendments to the Fair Debt Collection Practices Act that become effective on November 30, 2021. Note: while a redlined version of this policy is provided, the changes are very extensive. Credit unions may find it easier to re-import the policy and re-customize it rather than using the redlined version. (Revision Required for Credit Unions using this policy after November 30, 2021)
9600 – TCPA, JFPA and CAN-SPAM. **Policy Name Change** This policy was revised to include the provisions of the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM). Additional definitions and clarity were added along with coverage and applicability of requirements for commercial email communications. (Revisions Recommended)
As always, DakCU members may contact Amy Kleinschmit at akleinschmit@dakcu.org with any compliance related questions.