The Pulse (02-08-13)
Feb. 8, 2013 ● Volume 02, Issue 06
View 02-08-13 issue of The Pulse
Products & Services News
Policies even more important with frequent changes to regulations
With the increasing frequency of changes to the laws and regulations affecting credit unions comes the increased need to amend or create new credit union policies.
Last year the Minnesota Credit Union Network partnered with PolicyAid to provide credit unions a comprehensive, online policy library that helps them develop and maintain internal policies. This resource provides credit unions sample policies they can use to ensure compliance with current rules and regulations.
The PolicyAid documents are updated on a quarterly basis and reflect any new and amended regulations. These policies are available in Word format, allowing credit unions to adapt them to fit their needs. PolicyAid's trained professionals study the regulations and review the footnotes and fine print so that credit unions don't have to spend time reading these complex regulations.
Some of the policies available through PolicyAid include:
- Courtesy Pay/Overdraft Protection Act Policy;
- Truth-in-Savings Act Policy;
- Allowance for Loan and Lease Loss (ALLL) Policy;
- Asset-Liability Management Policy;
- Liquidity Policy;
- Home Mortgage Disclosure Act Policy;
- Real Estate Lending Policy;
- Bank Secrecy Act Policy;
- Disaster Recovery Policy;
- Vendor Management Policy; and
- Social Media Policy.
For additional information please visit the PolicyAid page of the Network website. An annual subscription to PolicyAid is $299 and can be used by all staff. With questions, contact MnCUN Vice President – Network Services Corporation John Ferstl or by phone at (651) 288-5505.
6 steps to prepare for cyber attacks
Cyber attacks against U.S. financial institutions are nothing new. In 2012, cyber criminals claiming to be politically motivated conducted several well-publicized, large-scale attacks on national banks – and two credit unions were victims of the attacks. Defense Secretary Leon Panetta has said that the scale and speed of these attacks was unprecedented.
While these cyber attacks were designed to disrupt online service at financial institutions, CUNA Mutual Group has six steps credit unions can take to prepare for cyber attacks.
- Don't underestimate the threat of cyber attacks.
It's true that most credit unions don't face the same risk as national banks from attacks by high-profile cyber criminal groups. However, the first thing to understand about cyber attacks is that we can't predict the next type of attack to come along. Don't assume that your credit union isn't big enough to be a target.
- Mitigate the risk of service interruptions caused by "distributed denial of services” (DDoS).
You may not be able to prevent DDoS attacks, but you can establish a process to identify them. For example, you can monitor bandwidth usage, use firewall logs to determine what is being attacked, and use an intrusion detection system to identify the type of traffic.
- Perform due diligence on third-party service providers.
Ensure that third parties such as internet service providers and web-hosting vendors address website problems caused by DDoS attacks. Confirm that the providers have a contingency plan for these types of attacks.
- Be prepared to provide timely and accurate information to members.
Have you ever run a drill at your credit union to simulate how you would communicate to members that your website has been disabled or compromised? Have a plan in place to get the word out. The faster you do so, the better you can control the message and counter any rumors or misconceptions about what's going on. Prepare your staff to monitor social media and search engine results to find out what's being said in cyberspace about any interruption to your online services.
- Check transfers initiated via online banking when an attack occurs.
When a DDoS attack occurs, the financial institution's employees may be busy answering calls from customers who cannot access the institution's website, as well as performing other damage control steps. During the chaos, the institution may fail to notice fraudulent transactions initiated through online banking. When a DDoS occurs, be sure to review transactions initiated through online banking to identify suspicious transfers. If necessary, delay executing the transfers until you verify their legitimacy with the members.
- Have a strong multi-factor authentication method in place for online banking systems.
Be sure your authentication process complies with the Federal Financial Institution Examination Council's (FFIEC's) updated authentication guidance issued in 2011. The FFIEC expects all financial institutions to have a fraud monitoring system in place to detect anomalies related to the initial login and authentication of members requesting access to the online banking system, and initiating fund transfers to other parties.
To learn more about CUNA Mutual Group, contact MnCUN Director of Business Development Vickie Ganrude by email or at (651) 288-5515.