Like many of its small peers, Ohio HealthCare Federal Credit Union knows how expensive it can be to ensure that it is up to speed on being compliant with the litany of required regulations.
"It’s tough to say how much we spend each year but it can get very costly," said Bill Butler, president/CEO of the $45 million credit union in Dublin, Ohio.
On top of the costs, Butler said meeting compliance has also taken away work hours from staff who unfortunately have to push aside some of their other duties to devote endless time to keeping up with regulatory changes.
Frustrated with it all, Butler knew it was time for a change. The credit union recently moved in a new direction when it signed on with CU Rx, a newly launched risk management and compliance service credit union service organization based in Jackson, Mich. Ohio HealthCare is the CUSO’s first client.
CU Rx was formed through CP Financial Services LLC, an affiliate of the $339 million CP Federal Credit Union. The CUSO offers review and audit services for credit union risk management, fraud, compliance, and regulatory best practices.
Ohio HealthCare signed on for 100 hours consulting services as part of CU Rx’s risk management and compliance retainer program. The service assists in scrutinizing existing and new regulations to determine regulatory requirements and the compliance approach that best suits the credit union and its operations.
Butler said what sold him on CU Rx was the CUSO’s knowledge of the Ultradata core processing system. Ultradata is used by CP FCU, CU Rx’s parent company. Ohio HealthCare will work with the system through the CUSO’s risk management and compliance retainer program, said Bryanna Tapley, CU Rx’s vice president of sales and service.
Through the retainer program, the credit union receives a complimentary evaluation of their risk management and compliance needs. A tailored retainer option is then developed detailing a specific block of work time, from ten hours to one hundred hours for CU Rx to deliver the right mix of products, services, or training required for improvement. The program also provides a way to mitigate and manage risk by strengthening the CU’s compliance program, policies and controls while preparing for NCUA and state examinations, Tapley said.
Butler recalled an overdraft protection project last year that took six months to complete to make sure existing structures could accommodate any updates from another vendor it was working with. While the firm did a great job with overdraft protection securing a 92% opt-in ratio, Butler said getting to tools for regulations such as red flag, customer identification, Bank Secrecy Act and Office of Foreign Asset Control proved challenging because of some incompatibilities within the systems. Meeting suspicious activity reports and currency transaction reporting regulations are two of the biggest issues for the credit union.
"We literally had tools in place that we could not get to," Butler said.
Ohio Healthcare has used a CPA firm to conduct its audits. A recent ACH audit took two days and was quite expensive, Butler noted. He likes CU Rx’s retainer program because it can address the needs of a credit union with a smaller asset size.
"I honestly believe we’re getting a tailored retention option. Not to take a dig at my CPA firm, but some of the audit methodologies they used would fit a $450 million credit union," Butler said. "CU Rx came in and said there are some materiality thresholds that are not going to be the same. You have to take that into account when doing compliance."
The new alliance will certainly free up time for Ohio HealthCare’s chief financial officer, who is also the vice president of member services, and the assistant vice president of finance to devote their energies to others operational projects, Butler said. Both senior staffers were getting bogged down with compliance, he added. As a result, other areas of the credit union were losing value. To assist in keeping up, the two attend league functions and training sessions. The assistant vice president is a heavy reader of compliance blogs, Butler pointed out.
"These are talented individuals. I consider them to be the best of the brightest," Butler said. "But this was a decision I had to make. I had to mentally declare that we needed to do some things differently with compliance because it became very costly."
Partnering with a CUSO, Butler said the expenses will be less and there will be more offsets rather than savings. . He did not say how much Ohio HealthCare paid for CU Rx’s services but was sure the return on investment will be significant. Butler said he is confident that the credit union will gain efficiency right at the teller line.
It was important to align with an entity that was familiar with the workings of credit union, he added. Butler said he was aware of a few compliance CUSOs, CPA firms and examiners but what CU Rx brought to the table was a thorough understanding of the Ultradata system.
How the two came together is a true tale of collaboration. One of Ohio HealthCare’s staffers was attending an Ultradata networking group in Ohio. She happened to be sitting next to a staffer from CP FCU, CU Rx’s owner. In a side conversation, the person mentioned the compliance CUSO and how the credit union had experience using Ultradata. That talk led to a meeting between Tapley and Butler and the rest is history.
Ohio HealthCare officially signed on in mid-May. Since then, Butler said there has been a flurry of activity with policy reviews. He and his team will be meeting with CU Rx over the course of July to move to the next phases.
Tapley said CU Rx recently signed on two more credit unions. Paying the expenses to ensure compliance continues to be a problem for many smaller cooperatives, she reiterated. So far, the smallest she has talked to had $13 million in assets; the largest was $200 million. While the CUSO is seeing most interest from those under $50 million, Tapley said CU Rx is open to working with credit unions of all sizes.
"I have told my board how stressful it is to deal with the changes," Butler said. "Rather than moan and groan about it, we wanted to make [compliance] a core competency and incorporate it into our daily business."