regulatory and compliance issues and considerations
regulatory and compliance issues and considerations
regulatory and compliance issues and considerations
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Procedures<br />
60. Training Policy See St<strong>and</strong>ard NCUA<br />
Bylaws – Article VI.<br />
Section 6.<br />
64. Vendor<br />
Management Policy<br />
<strong>and</strong> Procedures<br />
65. Vendor Risk<br />
Assessment<br />
General: See NCUA<br />
Letter Nos.: 00-FCU-<br />
11; 07-FCU-13; 01-<br />
FCU-20; <strong>and</strong> 08-FCU-<br />
09 03-FCU-06;<br />
02-FCU-13; Mortgage<br />
Brokers: 08-FCU-19<br />
Technology Vendors:<br />
02-FCU-13;<br />
Information System<br />
Service Providers 98-<br />
FCU-11; Brokers<br />
(Investments) See<br />
NCUA Letter No. 157<br />
Copyright©1994-2010 by Credit Union Resources & Educational Services, LLC. All rights reserved.<br />
Revised February 2010<br />
NA<br />
May address<br />
applicable provisions<br />
in depth via<br />
procedures vs. policy<br />
as long as in accord<br />
with what can be a<br />
very brief policy.<br />
Production of<br />
Information to avoid<br />
Privacy Violations in<br />
light of the many<br />
situations a Credit<br />
Union faces in this<br />
regard.<br />
We include this in the<br />
General Compliance<br />
Policy. See Above.<br />
This is incredibly<br />
important as Credit<br />
Union place<br />
themselves in<br />
significant peril by<br />
entering into contracts<br />
that do not address<br />
“before – during <strong>and</strong><br />
after.” From a legal<br />
<strong>and</strong> <strong>compliance</strong> point<br />
of view – this is an<br />
absolute must – with<br />
proper <strong>and</strong> intelligent /<br />
experienced legal due<br />
diligence-contract<br />
reviews upon which to<br />
negotiate <strong>and</strong> assess<br />
contractual<br />
relationships (what we<br />
refer to a the<br />
“prenuptial” in the<br />
contractual marriage).<br />
NCUA Supervisory Letter No.: 07-01: Third Party Vendor /<br />
Outsourcing: “Risk assessments for less complex third party<br />
arrangements may be part of a broader risk management program or<br />
documented in board minutes.” NCUA Letter to Credit Unions No. 08-<br />
FCU-09.<br />
NOTE A: Generally the policy should address the overall program or reference the program in a<br />
short policy. For the most part we address the details of BSA/AML in procedure, but recommend<br />
the policy refer to <strong>and</strong> incorporate approval of same. Also, be sure the appointment of the BSA<br />
Officer empowers the BSA Officer to delegate tasks/duties to others as this is common in the<br />
industry as long as the BSA Officer maintains oversight.<br />
NOTE B: Procedures will address the following<br />
NOTE C: The BSA/AML Manual (FFIEC) provides that it is “sound practice to update the risk<br />
assessment every 12-18 months” or as needed. This risk assessment <strong>and</strong> updates should be<br />
specifically documented <strong>and</strong> noted in the Board Minutes.<br />
NOTE D: See NCUA Letter to Credit Union No. 00-FCU-10 for Examination Procedure Summary.<br />
Also, Chapter 13 of the NCUA Field Examiner’s Guide Provides: “However, no requirement exists for a<br />
separate IRR (“interest rate risk”) or ALM policy independent of other policies, even for large, complex<br />
credit unions. Credit unions have the option of either creating a separate IRR or ALM policy or<br />
37