July « 2008 « Credit Union and Mutual Law Blog

July 9, 2008

AML/CTF compliance tips

Although UK credit unions are different from their Australian counterparts, the UK Financial Services Authority has published a report on its review on AML/CTF compliance by 32 UK credit unions which is of interest.

Some key points:

staff were not clear about who was responsible for what AML issues;
staff often relied on trust and personal knowledge rather than formal policies and procedures;
In some cases the credit unions used formal money laundering reporting forms to update the MLRO, others used informal notes;
some credit unions still rely on personal knowledge of new members and do not make adequate identity checks. Checks on junior savers were inadequate in a number of cases. Some credit unions did not perform any checks at all on juniors;
training in all aspects of anti money laundering controls and financial crime
prevention was weak;
data security varied: "For example, paper files should be locked in secured cabinets with the keys locked in a safe or other secure place; we did see instances where keys were simply left on top of the cabinet…We saw examples during visits where passwords were shared..Some credit unions visited did not know what levels of access had been agreed for third parties needing to interrogate customer records, be it paper or IT based. ..In some instances credit unions had not considered the secure disposal of electronic data and the need to review systems regularly to dispose of records that are no longer relevant."

The FSA also has examples of good and poor AML practice.

Print This Post

Posted 9th July 2008 by David Jacobson in Legal

July 8, 2008

Differentiating credit unions and mutuals from banks

Comparative advertising is always risky. Every service organisation is looking for a point of difference from its competitors and this especially applies in financial services (eg the Commonwealth Bank "determined to be different" ads).

So this parody of the famous Mac/PC ads using credit unions in the Mac role and banks as PC’s is pretty brave. What do you think? (via bankerspank).

Print This Post

Posted 8th July 2008 by David Jacobson in Credit unions

Risk management tools

The US National Credit Union Administration is the federal agency that supervises US credit unions. It has published its Examiner’s Guide which sets out guidance for its examiners and provides many useful tools.

Chapter 2 (pdf) contains tables with indicators for assessing:

Credit risk
Interest Rate risk
Liquidity risk
Transaction risk
Strategic risk
Reputation risk and
Compliance risk.

These are worth discussing at board level and building them into your risk assessment model.

Print This Post

Posted 8th July 2008 by David Jacobson in Credit unions, Risk management

July 7, 2008

First Home Saver Accounts: too complex and no fun?

Rules for First Home Saver Accounts are still being developed but it is worthwhile looking at some research done in USA about encouraging savings in difficult times by low- and moderate-income families.

In "Using Financial Innovation to Support Savers: From Coercion to Excitement," [PDF] Harvard Business School professor Peter Tufano attempts to explore the various reasons why people don’t save and reviews a wide variety of programs that support savings by families.

These programs range from ones that literally compel families to save, to those that make it hard not to save, make it easier to save, provide financial incentives to induce savings, leverage social networks to support savers, and finally, to programs that excite people to saving. He describes examples of each program and provide some information on their economics and effectiveness.

In order to support people who want to
save (not to force someone to save who doesn’t want to) he concludes that the most interesting ideas try to make savings a fun or satisfying experience.

Interview with Tufano

Print This Post

Posted 7th July 2008 by David Jacobson in Mutuals

July 4, 2008

Requirements for making a declaration under APS 310

Under APS 310 (pdf), within 4 months of its annual balance date, a mutual ("non-disclosing") ADI should provide APRA with a risk management “declaration” from the chief executive, endorsed by the board.

The “declaration” should attest that, for the past financial year:
(a) the board and management have identified the key risks facing the ADI;
(b) the board and management have established systems to monitor and manage those risks including, where appropriate, by setting and requiring adherence to a series of prudent limits, and by adequate and timely reporting processes;
(c) these risk management systems are operating effectively and are adequate having regard to the risks they are designed to control; and
(d) the risk management systems descriptions provided to APRA are accurate and current.

But what is the basis for the CEO making such a declaration or for the board’s endorsement?

Unless the ADI has a risk management system and a compliance framework in place which are reviewed and tested each year the CEO cannot say that they are operating effectively. What independent reviews and tests do you have in place?

And if the review report contains qualifications then the declaration should contain the same qualifications (similar to those given by auditors in FS71).

Print This Post

Posted 4th July 2008 by David Jacobson in Credit unions, Legal

Dealing with regulators

Your compliance framework needs to have a designated officer as the primary contact for dealing with your regulators.

You may have other staff who deal with regulators on a day to day basis but your CEO and other senior managers should have an ongoing relationship and dialogue with key regulators on current matters affecting your organisation.

Who are the key regulators for financial service mutuals?

prudential supervision: APRA
AFS licensing and consumer protection: ASIC
competition and fair trading: ACCC and State Fair Trading Offices
AML and sanctions: AUSTRAC
Privacy and credit reporting: Privacy Commissioner

Depending on your size and areas of business you’ll also deal with RBA (payment system including purchased payments such as smart card etc) the ATO and other regulators (such as PHIAC for health funds).

Print This Post

Posted 4th July 2008 by David Jacobson in Legal

July 3, 2008

UK credit union law reform

The UK Economic Secretary to the Treasury, Kitty Ussher MP has announced a Legislative Reform package for credit unions that will include:

liberalising membership criteria, and radically changing the
‘common bond’, so that they can provide their services to a wider range
of people;
making it possible for groups, rather than just individuals, to become members; and
allowing Credit Unions to pay interest on members’ deposits, provided certain conditions are met.
allowing them to charge market rates for providing ancillary services to their members;
lowering the minimum age for being an Officer of a Credit Union to 16, to align it with the minimum for Company Directors;
allowing Credit Unions to publish unaudited interim accounts; and
removing the statutory limit on non-qualifying members, but allowing Credit Unions to set their own limits if they wish.

Website review checklist

Most credit unions and building societies have a website. Are you up to date with recent changes in the law?

Have you included the right legal terms
and conditions of use?

Have you included the required disclosures under the Consumer Credit Code (for your credit products) and under the Corporations Act (for your deposit and advice products)?

Are you aware of the changes in the law that will allow you to streamline your customer processes?

Doing business on-line requires compliance with e-business rules as well as the standard laws.

In managing a website, you need legal advice on a range
of issues:

ownership and protection of your domain name, logo and trade mark;
ownership of the design and content of your Website;
contracting with a developer and Internet Service Provider;
rights to use software and ordering and billing processes;
terms of use of your Website;
privacy policy and collection of personal information;
dealing with search engines and linking;
advertising arrangements;
liability issues;
consumer rights;
security issues;
jurisdictional issues;
defamation issues;
disclosure of your business details;
the enforceability of on-line contracts.

Companies put a lot of effort into making sure that their web
site is effective. But in addition to
making the site look and work properly, it’s equally important that you
comply with the wide range of laws imposed on web sites in Australia.

If you are APRA-regulated then in addition to the other applicable
laws your website needs to satisfy the corporate governance standards
and have regard to the ASX Governance Council Corporate Governance Principles and Recommendations.

If you are fundraising online then you need to comply with ASIC’s policies.

And from the end of the September 2008 quarter you need to make website disclosures about capital and credit management issues under APS 330.

Print This Post

Posted 3rd July 2008 by David Jacobson in Legal, Web/Tech

July 2, 2008

Website disclosures about your organisation’s capital management: APS 330

Whilst credit union and mutual websites are generally good at disclosing product information, a review of websites shows that the amount of corporate information disclosed (usually under the "About Us" link) varies.

Information typically ranges from only recent newsletters to copies of annual reports and, less frequently, disclosure of corporate governance policies and director and management information. ADI’s are now required to report on their capital adequacy and credit risk exposures.

APS 330 (pdf) requires locally incorporated Australian -owned ADI’s, including credit unions and building societies, to report by 25 November 2008 on their basic capital information for the quarter ending 30 September 2008 and then within 40 business days after the end of each subsequent quarter. (see Attachment B for reporting details).

The disclosures required in Table 15 of Attachment B must be published (if the ADI is not listed on a stock exchange) on an annual basis as soon as practicable after the lodgement date for the ADI’s annual financial reports as required under the Corporations Act 2001.

The reporting requirements include:

An ADI must publish its Prudential Disclosures on its website, in full in a clearly identifiable location.
An ADI, in making a disclosure, must decide which Prudential Disclosures are material. An ADI is not required to make a Prudential Disclosure if the matter to be disclosed is not material. Information is regarded as material if its omission or misstatement could change or influence the assessment or decision of a user relying on that information for the purpose of making economic decisions.
the ADI will not have to disclose those specific items that are proprietary and/or confidential in nature subject to APRA’s prior written approval . However, it must disclose more general information about the subject matter of the requirement, together with the fact that, and the reason why, the specific items of information have not been disclosed.

To ensure appropriate accountability, an ADI’s Chief Executive Officer must attest to the reliability of the Prudential Disclosures in the ADI’s annual declaration to APRA required under Prudential Standard APS 310 Audit and Related Arrangements for Prudential Reporting.

Print This Post

Posted 2nd July 2008 by David Jacobson in Legal