COLUMBIA, S.C. – Ready or not, the USA PATRIOT Act's Section 326 deadline for creation of a Customer Identification Program will be here soon – Oct. 1 – and credit unions will need to be able to prove they're in compliance. At the heart of all that is keeping track of reams of member data, so technology will have to play its part. But just how much and who depends on who you ask. For instance, NCUA has no authority to regulate vendors, so credit unions themselves will have to document that their service providers are in compliance. And credit unions will need to learn how to verify the authenticity of documents they don't typically handle, as well as how to authenticate online applicants. Michael Ivezic, director of internal audit services at Wescom Credit Union says he feels that the technological challenges will be fairly limited. While Wescom can't speak for the credit unions it serves (NCUA puts the onus on the credit union themselves), its Wescom Resources Group and Wescom IDS operations have already implemented several products to help those CUs on its service bureau core processing system comply. As for $2.4 billion Wescom and its 200,000-plus members itself, Ivezic says, "We feel we already are in compliance. The one item that may need to be finalized is approval of our CIP by the board of directors. However, this is more of a formality and will not entail any major new changes or additions to our existing procedures." He sees companies like Primary Payment Systems and eFunds (identity and check fraud solutions), Bridger Systems and others benefiting from a niche market for their services. Some believe however that software specific to compliance won't be the focus at first, and certainly won't be a problem to get down the line. Jim Morrell, vice president of IS at Clark County Schools Employees Credit Union in Vancouver, Wash., as well as chairman of the CUNA Technology Council, feels the technological challenges at his $250 million institution will be fairly limited. "We will incorporate a couple of additional fields within our account opening process that indicate that we verified an approved identification," he says, noting that it will be part of an already planned overhaul of its account opening procedures. The work will be done internally on the CU's Episys core system from Symitar, and Morrell, like many others, sees the potential for other software solutions to be needed later, and that would be the source of any additional expenses. He also says that CTC members had the chance to provide input on the rules as they were being formulated and will be helping each other adjust as they come to fruition. Credit union core processors obviously play an important role in compliance and they seem up for it. Credit union data processor Symitar Systems will be providing its credit unions tools to ensure that their staff follows procedures implemented in the credit unions' CIP. Zandy Reinshagen, director of product delivery for San Diego-based Symitar, feels that core vendors can handle most of the heavy lifting for CIP creation and compliance. He said the only additional costs credit unions will have should relate to documentation, archiving and any third-party services utilized for additional identification tools. Over at core processor FedComp, Carolyn Warden, director of education, believes core processors shouldn't be making CUs jump through hoops for the instruction and service needed to comply. "Every full-featured data processor should include this," she says. She notes that the leading OFAC list-checking vendor lists 1,476 credit union clients, and says, "Why should anybody need to pay good money for this? The information is free! That's just sad." Warden also expresses frustration with the time it took federal regulators to come up with rules and with the "government's lack of technology use." But, she says, "The biggest compliance challenge is changing human behavior. Always is. Credit unions have been opening accounts and servicing members expertly for decades. Now they have to change their mind set from `what can our credit union do for you?' to `What might you do to my credit union?' That's unfortunate." Warden, who lost a cousin on 9/11, is strongly committed to helping credit unions "build a path to USA PATRIOT Act compliance" and, to those who she says might not think they'd be a target, she says: "Don't tell me terrorists and drug dealers are not going to use modest or non-community credit unions. One FedComp credit union had a match the first time they used our OFAC feature." Mary Dunn, senior vice president of regulatory advocacy at CUNA, says the rules are manageable. "I think NCUA and Treasury did try to take a look at what already was in place rather than create wholesale new requirements. It could have been far more onerous." "You come to my credit union and open an account and I rely on your driver's license for identification. I just need to note that I did that. You only have to keep a record of what documents you used, not copies of the document themselves." The input, in terms of technical challenges, costs and other factors, needs to continue, she adds, and in response to a request from Treasury Department officials, "we're going to work to quantify the costs to our industry and get a good answer back to them." Dan Loritz, an attorney in Glendale, Calif., whose firm Styskal, Wiese & Melchione is helping CUES create a new policy manual to help its members with compliance, notes the role third-party providers of "interdiction software" are playing in helping credit unions check against OFAC lists and says they also may play a part in CIP compliance. "Because some people may not apply for membership and open an account in a face-to-face transaction, such as when a person applies for a credit union loan at a car dealership, the Final Rule permits credit unions to use agents to perform their CIP procedures. "However, credit unions remain ultimately responsible for CIP compliance. As such, we may see a niche industry develop in the area of auditing third-party compliance," says Loritz. Software solutions are a major tool in the effort to comply with the rules, new and old, said John Zasada, senior manager of regulatory compliance at RSM McGladrey. But they're not the end all and be all. "Banker Systems has a whole host of solutions to help credit unions with their compliance, and there's nothing wrong with that, but you have to make sure to tailor those templates to your actual, individual procedures," he says. "If you rely completely on a turnkey solution, you could find yourself facing problems down the road," he says, adding that he advises clients to form a "team of people who are really thinking this thing out, and to make sure the staff is trained." -

[email protected]