Credit Union and Mutual Law Blog

July 16, 2008

Lessons from the Financial Turmoil of 2007 and 2008

The Reserve Bank has published papers from a recent conference:

The Unfolding Turmoil: Lessons and Responses of 2007–2008 – PDF 50K
Ben Cohen and Eli Remolona, Bank for International Settlements

Financial Innovation: What Have We Learnt? – PDF 89K
Nigel Jenkinson, Adrian Penalver and Nicholas Vause, Bank of England

The Subprime Crisis: Causal Distortions and Regulatory Reform – PDF 405K
Adrian Blundell-Wignall, OECD and Paul Atkinson, Group d’Economie Mondiale de Sciences Po, Paris

Liquidity, Financial Crises and the Lender of Last Resort – How Much of a Departure is the Sub-prime Crisis? – PDF 88K
E Philip Davis, Brunel University

Promoting Liquidity: Why and How? – PDF 275K
Jonathan Kearns and Philip Lowe, Reserve Bank of Australia

Recent Developments in Federal Reserve System Liquidity and Reserve Operations – PDF 232K
Spence Hilton, Federal Reserve Bank of New York

Print This Post

Posted 16th July 2008 by David Jacobson in Risk management

July 15, 2008

Do you really want to know what your members think?

If an organisation wants to improve customer service, you have to think and act from your customers’ viewpoint

Many Australian financial service organisations pay third parties to survey their customers.

Some use mystery shoppers to check on customer service by staff and compliance with procedures.

Why not ask your customers directly what they think?

Some (eg Savings & Loans, Rabo Plus) have blogs by their executives which invite comment. Opening yourself to direct customer feedback is "brave"; witness the comments when Savings & Loans announced a fee review.

America First Credit Union have gone a step further and are inviting customers to review individual products and are allowing those reviews to be read publicly.

Opening communication channels with your members is important for mutuals. Having a relationship is 2 ways: so only ask their opinion if you intend to do something about it.

Print This Post

Posted 15th July 2008 by David Jacobson in Credit unions

July 14, 2008

What is involved in legally “clearing” an ad?

You have developed a new product or are launching a new campaign. So what’s involved in “clearing” an ad?

You need to check the content carefully: something that seems funny may be offensive or discriminatory.

Check that you haven’t infringed someone else’s copyright or trademark (eg by using a photo or expression belonging to someone else).

Make sure you have registered your own trade marks and domain names.

Avoid comparative advertising unless you are truly comparing "like for like".

Leaving out an important condition may be misleading. If there are conditions, highlight them. Keep your message simple and clear.

Do you have the resources to do what you offer? If you are offering prizes for a competition, check the conditions carefully. Remember the Pepsico Points case.

Does your pricing model take into account different scenarios?

Have you considered tax issues?

Have you done full “specifications” of the product?

What are the pros and cons? Costs/benefits?

What are your most important objectives?

Can compromises be made?

Is there any ambiguity? Have you conducted usability testing to see that an outsider understands what you are saying?

Are the product terms and advertising goals fully documented?

Have you considered the effect of the ad in different media? How will it look and sound on TV, the radio or internet as opposed to print? Is the ad legible, the voiceover clear?

And of course check for Credit Code and FSR compliance, as applicable.

If you haven’t properly planned your advertising and it does not achieve the intended effect, you may have to withdraw the new product.

Print This Post

Posted 14th July 2008 by David Jacobson in Legal

July 13, 2008

Physical security: a privacy risk

In my reviews of organisations I often find that a lack of physical security is the most likely compliance risk. For example files left on desks, filing cabinet keys left on top of the cabinet and even passwords left on post-its stuck on PC’s represent privacy and AML risks.

A recent US survey (reported in Computerworld) revealed that computer laptops are most often stolen at airports, along with hotels and parked cars.

"Some of the largest and medium-size U.S. airports report close to 637,000 laptops lost each year, according to a Ponemon Institute survey. Laptops are most commonly lost at security checkpoints, according to the survey.

Close to 10,278 laptops are reported lost every week at 36 of the largest U.S. airports, and 65% of those laptops are not reclaimed, the survey said. Around 2,000 laptops are recorded lost at the medium-size airports, and 69% are not reclaimed. The institute conducted field surveys at 106 airports in 46 states and surveyed 864 business travelers….

The U.S. Federal Trade Commission recommends people treat laptops "like cash." Like a wad of money, a laptop in public view, such as in the back seat of a car or at the airport, could attract unwanted attention. The FTC also recommends using tracking devices such as Absolute Software Corp.’s LoJack, which can help track down a stolen laptop by reporting its location once it is connected to the Internet."

Print This Post

Posted 13th July 2008 by David Jacobson in Risk management

July 9, 2008

AML/CTF compliance tips

Although UK credit unions are different from their Australian counterparts, the UK Financial Services Authority has published a report on its review on AML/CTF compliance by 32 UK credit unions which is of interest.

Some key points:

staff were not clear about who was responsible for what AML issues;
staff often relied on trust and personal knowledge rather than formal policies and procedures;
In some cases the credit unions used formal money laundering reporting forms to update the MLRO, others used informal notes;
some credit unions still rely on personal knowledge of new members and do not make adequate identity checks. Checks on junior savers were inadequate in a number of cases. Some credit unions did not perform any checks at all on juniors;
training in all aspects of anti money laundering controls and financial crime
prevention was weak;
data security varied: "For example, paper files should be locked in secured cabinets with the keys locked in a safe or other secure place; we did see instances where keys were simply left on top of the cabinet…We saw examples during visits where passwords were shared..Some credit unions visited did not know what levels of access had been agreed for third parties needing to interrogate customer records, be it paper or IT based. ..In some instances credit unions had not considered the secure disposal of electronic data and the need to review systems regularly to dispose of records that are no longer relevant."

The FSA also has examples of good and poor AML practice.

Print This Post

Posted 9th July 2008 by David Jacobson in Legal

July 8, 2008

Differentiating credit unions and mutuals from banks

Comparative advertising is always risky. Every service organisation is looking for a point of difference from its competitors and this especially applies in financial services (eg the Commonwealth Bank "determined to be different" ads).

So this parody of the famous Mac/PC ads using credit unions in the Mac role and banks as PC’s is pretty brave. What do you think? (via bankerspank).

Print This Post

Posted 8th July 2008 by David Jacobson in Credit unions

Risk management tools

The US National Credit Union Administration is the federal agency that supervises US credit unions. It has published its Examiner’s Guide which sets out guidance for its examiners and provides many useful tools.

Chapter 2 (pdf) contains tables with indicators for assessing:

Credit risk
Interest Rate risk
Liquidity risk
Transaction risk
Strategic risk
Reputation risk and
Compliance risk.

These are worth discussing at board level and building them into your risk assessment model.

Print This Post

Posted 8th July 2008 by David Jacobson in Credit unions, Risk management

July 7, 2008

First Home Saver Accounts: too complex and no fun?

Rules for First Home Saver Accounts are still being developed but it is worthwhile looking at some research done in USA about encouraging savings in difficult times by low- and moderate-income families.

In "Using Financial Innovation to Support Savers: From Coercion to Excitement," [PDF] Harvard Business School professor Peter Tufano attempts to explore the various reasons why people don’t save and reviews a wide variety of programs that support savings by families.

These programs range from ones that literally compel families to save, to those that make it hard not to save, make it easier to save, provide financial incentives to induce savings, leverage social networks to support savers, and finally, to programs that excite people to saving. He describes examples of each program and provide some information on their economics and effectiveness.

In order to support people who want to
save (not to force someone to save who doesn’t want to) he concludes that the most interesting ideas try to make savings a fun or satisfying experience.

Interview with Tufano

Print This Post

Posted 7th July 2008 by David Jacobson in Mutuals

July 4, 2008

Requirements for making a declaration under APS 310

Under APS 310 (pdf), within 4 months of its annual balance date, a mutual ("non-disclosing") ADI should provide APRA with a risk management “declaration” from the chief executive, endorsed by the board.

The “declaration” should attest that, for the past financial year:
(a) the board and management have identified the key risks facing the ADI;
(b) the board and management have established systems to monitor and manage those risks including, where appropriate, by setting and requiring adherence to a series of prudent limits, and by adequate and timely reporting processes;
(c) these risk management systems are operating effectively and are adequate having regard to the risks they are designed to control; and
(d) the risk management systems descriptions provided to APRA are accurate and current.

But what is the basis for the CEO making such a declaration or for the board’s endorsement?

Unless the ADI has a risk management system and a compliance framework in place which are reviewed and tested each year the CEO cannot say that they are operating effectively. What independent reviews and tests do you have in place?

And if the review report contains qualifications then the declaration should contain the same qualifications (similar to those given by auditors in FS71).

Print This Post

Posted 4th July 2008 by David Jacobson in Credit unions, Legal

Dealing with regulators

Your compliance framework needs to have a designated officer as the primary contact for dealing with your regulators.

You may have other staff who deal with regulators on a day to day basis but your CEO and other senior managers should have an ongoing relationship and dialogue with key regulators on current matters affecting your organisation.

Who are the key regulators for financial service mutuals?

prudential supervision: APRA
AFS licensing and consumer protection: ASIC
competition and fair trading: ACCC and State Fair Trading Offices
AML and sanctions: AUSTRAC
Privacy and credit reporting: Privacy Commissioner

Depending on your size and areas of business you’ll also deal with RBA (payment system including purchased payments such as smart card etc) the ATO and other regulators (such as PHIAC for health funds).

Print This Post

Posted 4th July 2008 by David Jacobson in Legal