Compliance Automation at Harvard, Oklahoma CUs
Money from around the world pours into Harvard University, and into the accounts of members of Harvard University Employees Credit Union.
Ensuring that what moves in and out follows U.S. rules and regulations falls under Craig Leonard’s jurisdiction. The executive vice president and chief financial officer of the 30,000-member, $365 million credit union in Cambridge, Mass. is now using automation to help keep up.
For the past two years, Harvard University Employees CU has been a user of the AML Manager solution from Fiserv Inc., which is also the provider of the credit union’s Spectrum core processing system. The AML Manager operates as an anti-money laundering solution and also checks for other forms of potential fraud as it runs tests against transaction data, according to Leonard.
“We have a large population of international students. We also have professors getting grant money from around the world. It’s a very diverse and interesting membership,” Leonard said.
Harvard University Employees CU employs about 65 people and one of the staffers has the title of compliance and research representative. But what used to be a manual process deep in the back shop could no longer be handled by hand in the face of growing demands from the Patriot Act, the Bank Secrecy Act, Federal Financial Institutions Examination Council guidance and more, Leonard said.
“Prior to this implementation, one person could spend an entire day just going through a multitude of different reports. We’ve streamlined the process, essentially bringing all the information into just one core system and having it evaluated there,” Leonard said. “That allows me to use that person for more responsibilities than just BSA work.”
After getting through a learning curve, there’s been minimal updating required to work with AML Manager, Leonard said.
“We started more conservative and then asked Fiserv for best practices, and adjusted our parameters based on their advice and on the patterns we were seeing,” he said.
Regulator agency examiners have been satisfied with the results, Leonard noted.
“They look at you differently when you’re using a technology solution like this. They feel we’re doing our due diligence,” he said.
As another AML Manager user, the $428 million, 33,000-member Oklahoma Central Credit Union said it has already saved lost money and lost time through due diligence.
In the two years since the credit union, on the advice of auditors, automated its risk management processes, the AML Manager solution has helped thwart about 10 international lottery scams that could have resulted in large losses as criminals attempted to access members’ accounts, according to the Tulsa-based cooperative.
The system integrates to the credit union’s XP2 core platform and alerted managers in time to stop the heists. On a daily basis, it provides an audit trail that provides documentation of any suspected money laundering or similar nefarious activity, the credit union said.
“The real time reports alert our compliance department to potential activity that appears high risk in nature,” said Brynda Moss, BSA compliance manager at Oklahoma Central CU. “Obviously, these are just reports, so additional investigation is necessary, but if it’s determined to be a fraud then the attempt is thwarted, such as with stolen checks or lost debit cards.”
Proving compliance with managing risk also has become less cumbersome, Moss said.
“We were manually pulling reports and making determinations by reviewing histories,” Moss said. “Now we spend focused time on areas such as transaction monitoring to identify potential fraudulent activity instead of pulling reports and hunting for possible transactions that meet specific behavioral patterns.”
Transaction testing also allows Moss’ staff to review specific alerts under high risk areas such as wire transfers and cross-border transactions. She also used to have one person spend about half of each day manually looking through reports.
“Now that takes one person less than 25% of their day to look at exceptions and decide what to take action on,” she said.
Like Leonard, Moss said compliance demands helped drive her credit union’s decision to automate the process. In the mean time, regulatory changes kept coming. Just a few weeks ago, For instance, the FFIEC issued a sweeping update of its 2005 online banking and transaction guidance. The new guidelines aim to help vendors such as Fiserv, which now provides the AML Manager system to 85 credit unions. FFIEC compliance can be facilitated, especially in terms of better risk assessments and fraud awareness on the part of employees, the company said.
“We’re seeing increased demand for risk management tools like AML Manager, in part because examiners are expecting credit unions to demonstrate more consistent scrutiny of their transaction activity,” said Darris Edge, a consulting manager for risk and compliance with Fiserv.
“In many credit unions, risk is handled by various departments, making it difficult to gain a complete and holistic view,” he pointed out adding the AML Manager solution addresses this issue by providing “a holistic view of the member from a risk standpoint.”
Both Leonard and Moss also noted that the AML Manager is only part of their strategy for addressing risk as efficiently and compliantly as they can.
“AML Manager is one of the keys to our compliance program, especially in day to day monitoring of account transactions for BSA, kiting and fraudulent activity,” Moss said. “However, it’s not the only resource we use to manage and monitor compliance risk.”
Oklahoma Central CU’s compliance program includes risk assessments as new vendors are considered for the credit union, due diligence on new and existing vendors, and monitoring the latest regulatory rules, Moss said.
Leonard added that while compliance is “a necessary evil, you’ve got to take it seriously and keep up with it. We also engage some consultants to make sure we’re doing that, because it just seems like there’s always something new in the compliance world, that’s for sure.”