Cost of Compliance Becomes Cost of Doing Business; How Are CUs Dealing?

WASHINGTON - While credit unions and other financial services providers continue to work to lighten their regulatory load, complying with a myriad of regulations has become a cost of doing business, and the burden has grown in recent years.

"The annual privacy notice requirement is a good example of how costs get built into the cost of doing business," CUNA Associate General Counsel for Compliance Kathy Thompson said. The requirement for annual privacy notices for credit unions began under the Gramm-Leach-Bliley Act in 2001.

Hershey Federal Credit Union President and CEO Diana Roberts explained that her credit union is saving money by actually printing its privacy notice annually in its newsletter and the notice is posted on its Web site (www.hersheyfcu.org) as well. The Pennsylvania-based credit union does keep some printed copies internally in addition.

Members can agree to electronic notices, but it would likely take more time and expense to sort them out rather than just sending all paper notices, Thompson observed.

However, the common complaint now is: "I don't think they're doing a whole lot of good," Clinchfield Federal Credit Union (Erwin, Tenn.) President and CEO Sandy Lingerfelt remarked.

Thompson said that is the complaint she is hearing from most credit unions. She added that CUNA is hopeful the requirement will be eliminated in regulatory relief legislation for institutions that do not share member information and where the policy has not changed. "Eliminating annual privacy notices is the one thing where everyone will say, somebody actually provided regulatory relief," Thompson commented.

NAFCU Director of Compliance Anthony Demangone pointed out that the Federal Trade Commission recently developed a draft model privacy notice in an attempt to simplify them and make them more useful to consumers. He suggested that a cost/benefit analysis should be done, "but to be quite honest, we're not hearing many complaints about it." It is part of the cost of doing business, he surmised.

Recent focus on Bank Secrecy Act compliance has raised the expenses and the eyebrows of some in the credit union community. An NCUA spokesperson pointed out that the PATRIOT Act upped the ante on training and tracking, but the underlying reporting remains materially unchanged. "The requirements that a more robust system of training and tracking-with more stringent oversight by the regulators, with resultant penalties and fines-have resulted in additional resources needing to be expended by financial institutions," he said.

While NCUA has not attempted to track credit union expenditures on compliance, NCUA estimated during its 2006 budgetary process that the increased focus on BSA would bump up examination hours by approximately 16,000 for the year.

Roberts, head of Hershey FCU, started out talking about BSA's impact stating, "I can't say that it has really impacted us that much." She explained that the $37 million credit union has begun running all new accounts through Check Systems and performing Office of Foreign Assets Control matching. As she continued, she began realizing Hershey had spent $2,500 for software and $1,500 for training for all 20 employees, and 80-plus hours of staff time a year on BSA compliance. Now the credit union is looking into an independent audit of its BSA compliance, which could carry a price tag as high as $2,500.

Lingerfelt's credit union is located in the small town of Erwin, Tenn. where they know most of their members. "I don't see where it's improved the everyday lives of our consumers," she said.

Clinchfield, with $54 million in assets, "upgraded and updated" when it switched over to a new system, but that was not directly related to BSA, she explained. "The biggest thing we've seen with all this is calling and verifying checks of other institutions," Lingerfelt said. Before, occasionally banks would request verification but now she is seeing more credit unions asking for it as well. One bank even asked them to fax a copy of the check to them, she said.

CUNA's Thompson said she is hearing, particularly from the larger credit unions, that it is a "tremendous expenditure of staff time."

State Employees Federal Credit Union (N.Y.) President Michael Castellana agreed whole-heartedly. "BSA is no longer simply preventing money laundering-the enemy has changed and today it's about preventing terrorist financing," he said. SEFCU has hired two new staffers to help manage the compliance function, spends thousands annually on software licensing agreements, and has customized its core processing system to manage the Currency Transaction Report process with filings up almost 260% between 2003 and 2006. Suspicious Activity Report filings have doubled at the credit union in the past year with 41 of the 47 for structuring to avoid CTRs, seven requiring further investigation by law enforcement and the IRS resulting in two arrests.

The $1.3 billion credit union is working to leverage technology wherever possible, but manual processes still take place, including account risk assessments and wire transfer activity monitoring, Castellana explained. "While technology continues to evolve, it is still challenging to review and analyze the vast amounts of member data to keep up with the demands of law enforcement and government agencies," he commented.

Castellana said that while the FFIEC Manual has helped, SEFCU would like to see better definitions and clearer guidance of what is considered a documented incident and clarification and consistency between the regulators as to what they are looking for when they conduct examinations.

And with BSA, according to Demangone, there is "no one size fits all for compliance.That being said, there is no small credit union exemption. So if a small credit union wanted to offer a real complex product line, they would have to follow the same rules as Bank of America, theoretically."

Lingerfelt stated, "I wish the people passing the laws would get out in the real world." They need to put themselves in the place of the credit union member. "I think [compliance cost/burden] is why you're seeing a lot of smaller credit unions go away." -scooke@cutimes.com