Washington State Department of Financial Institutions

DIVISION OF CREDIT UNIONS

BULLETINS 2003

 

DCU Bulletin

Division of Credit Unions
Washington State Department of Financial Institutions
Phone: (360) 902-8701 FAX: (360) 704-6901

January 8, 2003
No. B-03-01

List of Division Opinions Issued in 2002

During the year the Division issues written opinions in response to questions about how a statute or rule should be applied to a particular factual situation.  In order to make these opinions available generally to credit unions, we publish a list of new opinions each year.  The Division will provide “redacted” copies of the opinions upon request.  Included is a list of opinions issued in 2002.  Opinions are also available on our web site at www.dfi.wa.gov/cu

Please be aware that the opinions are limited to their facts; we may reach a different conclusion if presented with different facts or conditions.

Please call or fax your request to Diane Moye (at the Division office at the numbers above) if you would like a copy of an opinion from the enclosed list.

DCU - 2002 Opinions List

Number

Subject

Date

O-02-1

State Credit Unions May Close for Four Consecutive Days After Appropriate Mitigation of Risks

 

January 17, 2002

O-02-2

A Director May Not Hold More Than One Board Officer Position, Except For Board Treasurer And Secretary

 

April 8, 2002

O-02-3

Credit Unions Arrangements Possess Authority To Enter Into Arrangements with Third Parties To Sell Investment and Insurance Products To Members, Subject To Compliance With Applicable Regulatory Pronouncements
 

April 8, 2002

 

O-02-4

New Field of Membership (FOM) Rules Effective March 8, 2002

April 30, 2002

O-02-5

Whether Washington State Chartered Credit Unions Can Sell and Finance Debt Cancellation Contracts

June 4, 2002


DCU Bulletin

Division of Credit Unions
Washington State Department of Financial Institutions
Phone: (360) 902-8701 FAX: (360) 704-6901

January 13, 2003  
No. B-03-02

New Director of Credit Unions Division

Linda Jekel has been appointed Director of the Division of Credit Unions, effective December 2, 2002. The Seattle native has been the Division’s Program Manager since 1995 and was in charge of managing the examination and supervision program.  She is a leader at the National Association of State Credit Union Supervisors (NASCUS), recently speaking on the innovator panel at the September 2002 NASCUS conference.  Prior to working for Washington State, Linda was a vice president at Heritage Federal Savings and Loan Association, now called Heritage Savings Bank.  From her background as a thrift manager, she understands what it is like to sit across the desk from a regulator examining financial services.  Linda earned both her undergraduate and graduate Business Administration degrees from Pacific Lutheran University and achieved a graduate banking certificate from Pacific Coast Banking School in 1997. 

Helen Howell, the Director of Department of Financial Institutions, described the selection process as “grueling.” The top candidates were interviewed by an internal agency panel, a stakeholder panel, and finally by the Director.

Mike Delimont to Serve as Acting Program Manager
Mike Delimont has been named Acting Program Manager of the Division, effective December 2, 2002.  Formerly with the Division of Banks, Mike has been with the Division since 1996. In 1999, he became the Examiner Supervisor for the Division and successfully implemented many of the award-winning quality projects in place at the Division.  In addition, Mike has over 8 years experience in banking and securities working as the financial officer at an Alaska commercial bank.  A graduate of Kansas State University, he earned a graduate banking certificate from Pacific Coast Banking School.  Mike will serve for about six months in an acting capacity while DCU completes an executive recruitment to fill the position permanently.  Mike is also eligible to compete for the permanent Program Manager position.

New phone and fax numbers
Both Linda Jekel and Mike Delimont have new numbers.

Linda Jekel, Director of Credit Unions
Phone (360) 902-8778
Fax  (360) 704-6978
Mike Delimont, Acting Program Manager
Phone  (360) 902-8753
Fax  (360) 704-6953

 


DCU Bulletin

Division of Credit Unions
Washington State Department of Financial Institutions
Phone: (360) 902-8701 FAX: (360) 704-6901

February 21, 2003  
No. B-03-03

Department of Financial Institutions is Moving

The Department of Financial Institutions, Division of Credit Unions (DCU) is moving to Tumwater.  The agency move is tentatively scheduled the week beginning March 10, 2003.  We anticipate being fully operational in our new offices by Monday, March 17th.  The DCU office staff will be working from an alternate site during the week of the move.  You can contact us by sending an e-mail or leaving a voice mail, which we will check and return throughout the work day.  Examiners will continue to conduct examinations as scheduled.  We do not expect examiners work to be affected by the move.

While our street address is changing, our phone numbers, fax numbers, e-mail addresses and post office box will remain the same. 

Department of Financial Institutions

Division of Credit Unions
P.O. Box 41200
Olympia, WA 98504-1200
Office phone: 360-902-8701
Office fax: 360-704-6901
E-mail: dcu@dfi.wa.gov

New street address:
(Effective March 10, 2003)
150 Israel Road
Tumwater, WA 98501


DCU Bulletin

Division of Credit Unions
Washington State Department of Financial Institutions
Phone: (360) 902-8701 FAX: (360) 704-6901

April 2, 2003
No. B-03-04

Deposit Brokers and Finders

Deposit brokers and deposit finders continue to present a challenge to the safe operation of a number of credit unions.  If followed, the advice in this bulletin could serve to reduce or eliminate many of the concerns identified by regulators. 

Further suggestions may be found in NCUA Letter to Credit Unions 00-CU-05 found on the NCUA web site.

Credit unions should deal only through brokers with sterling reputations.  To help evaluate an individual broker or firm, a credit union should perform a background check on both the broker and the firm.  At a minimum you should analyze and annually update the following factors:

  1. The background of any sales representative with whom you are doing business.
  2. Information available from state or federal securities regulators and securities industry self-regulatory organizations, such as the National Association of Securities Dealers and the North American Securities Administrators Association, about any enforcement actions against the broker-dealer, its affiliates, or associated personnel.  This could begin at http://www.finra.org where a wide variety of information is available.  If your potential broker is listed with any issues of concern, you should strongly consider finding another broker.
  3. If the broker-dealer is acting as your counterparty, the ability of the broker-dealer and its subsidiaries or affiliates to fulfill commitments, as evidenced by capital strength, liquidity, and operating results.  You should consider current financial data, annual reports, reports of nationally recognized statistical rating agencies, relevant disclosure documents, and other sources of financial information.

Credit unions should evaluate potential investments using bond equivalent yield.  It is a common tactic by unscrupulous brokers or deposit finders to manipulate components of an investment and provide a misleading number for the yield of the investment.  Bond equivalent yield (BEY) is the industry convention and will allow a credit union to compare investments from various sources in a reasonable manner.  A knowledgeable credit union investment officer will require investment quotes in BEY and test the accuracy of the yield quote with a hand-held business calculator or through the use of a web based financial calculator such as www.tipsinc.com .  If your broker is unwilling or unable to provide accurate and reliable information you should consider finding another broker.

Credit unions should use an independent safekeeping agent.  Your safekeeping agent or custodian is intended as a protection for the credit union against a wide variety of unsafe practices.  When a credit union allows securities or CDs to be safe-kept by a party related to your broker, those safeguards are negated.  Unfortunately there have been a number of instances when the close relationship between the broker and the safekeeping agent was not disclosed to the credit union.  The obvious solution would be to have your corporate credit union or another party well known to the credit union act as the safekeeping agent. 

Credit unions should carefully review broker and custodial agreements.  Many times a careful review of the agreements with brokers and safekeeping agents will disclose relationships that are not in the best interest of the credit union (see above).  Pay particular attention to names and addresses of parties as well as the terms for payments.  In event of default, the records of the custodian will serve to determine ownership of certificates and any FDIC pay out. 

Credit unions should never rely on oral promises or securities descriptions from brokers.  It should be clear that a broker has an interest in completing the transaction and getting paid.  Regulators have seen numerous instances in which brokers have stated certain terms, conditions or promises only to have the credit union later discover inaccuracies or there are significant costs associated with exercising its “rights” under those promises.  An example includes a broker “guaranteeing” that the credit union can sell back its fractional portion of a certificate prior to the actual maturity of the underlying certificate, leading the credit union to think they would get their original $100,000 investment back.  However, the contract stated that sales will be handled on “a best efforts basis,” meaning the price may be at market or at any price set by the broker.  The market risk is transferred to the credit union.  No purchase should be undertaken before receiving a written confirmation of the exact terms described by the broker. 

Credit unions should complete a basic review of financial institutions before purchasing a certificates of deposit.  The web sites National Credit Union Administration and FDIC: Federal Deposit Insurance Corporation can provide a potential depositor with a wealth of useful information about insured institutions before a credit union invests.  A credit union should perform and document a basic review of potential investments to ensure that they are suitable investments.

Credit unions should understand when they are working with a deposit broker and when they are working with a deposit finder.  A deposit finder is an information provider and may not be registered with the SEC or a member of FINRA.  The finder does not handle funds.  Instead, the credit union usually contacts the issuer directly and makes arrangements to purchase the certificate either directly or through a custodian.  On the other hand, a deposit broker handles the funds and may show as the owner of the certificate on the books of the issuer.  The SEC licenses brokers and reputable brokers are members of FINRA.  Be alert to deposit finders who require specific custodians.  Some custodians have been found to be subsidiaries of firms advertising themselves as “finders” when in fact their subsidiary is handling the funding.  

~~~~~~~~~

Should you have further questions, please contact Jane Johnson at (360) 902-0508.                         TOP OF PAGE


DCU Bulletin

Division of Credit Unions
Washington State Department of Financial Institutions
Phone: (360) 902-8701 FAX: (360) 704-6901

April 10, 2003  
No. B-03-05

Directors are the Key

The recent failure of several large, for-profit corporations has focused a great deal of attention on the responsibilities of the board of directors.  This has created an opportunity for credit union boards to benefit from improved training resources. 

The board of directors plays a critical role in the successful operation and the health of the credit union.  They are also accountable to the members, regulators, and the communities served by the credit union.  The directors have overall responsibility for the credit union’s direction, profitability, safety and soundness, and compliance with laws and regulations.  To meet these responsibilities, they must establish policies, retain top executives, and evaluate the performance of each element of the credit union.

As they work to achieve their basic mandate, credit union boards must fulfill three key requirements: be informed, fully participate in board actions, and avoid conflicts of interests.  An effective board contributes by setting tone and direction.  It oversees and supports management efforts, testing and probing management’s recommendations before approving them.  It evaluates the financial, competitive, and other environmental factors that may require adjustments to the credit union’s direction.  It works with the supervisory committee to ensure that adequate internal control systems are in place to identify and address problems before they become major concerns.

The Division of Credit Unions has assembled the attached brochure to identify some resources available for directors of credit unions.  The inclusion or exclusion of any program or resource from this brochure should not be interpreted as an endorsement or a lack of endorsement by this agency.  We make no claims or promises about the accuracy, completeness or reliability of the content of any program or resource listed in this brochure.   Further, as legal advice must be tailored to the specific situation, and laws are constantly changing, directors should not rely on information provided in any of these resources as a substitute for the advice of competent legal counsel.  We encourage directors to evaluate themselves and the resources available and look at their terms on the boards as an opportunity to enhance their skills.

Questions should be directed to Jane Johnson at (360) 902-0508.

  Attachment: Survey of Director and Volunteer Training Courseware & Resources  (Adobe PDF format)


DCU Bulletin

Division of Credit Unions
Washington State Department of Financial Institutions
Phone: (360) 902-8701 FAX: (360) 704-6901

June 17, 2003  
No. B-03-06

Virus Vulnerability Alert

Recent versions of a computer virus, BugBear.B, pose a higher than usual risk to financial institutions.  Information technology managers at each credit union are urged to review the information in the attached NCUA Information Technology Security Alert carefully.  Your credit union needs to be aware of the potential threats and determine how to appropriately respond. 

If you need further information please call Doug Lacy-Roberts at 360 902-0507.
 


NCUA INFORMATION TECHNOLOGY
SECURITY ALERT


NATIONAL CREDIT UNION ADMINISTRATION
1775 DUKE STREET, ALEXANDRIA, VA  22314

 

DATE:    June 11, 2003

TO:        All Federal and State Credit Unions
                             All Corporate Credit Unions
                             All State Supervisory Regulators
                             All Credit Union Information Technology Vendors

SUBJECT: BugBear.B Worm Vulnerability Alert

PURPOSE

This alert is intended to raise awareness of an Internet worm, BugBear.B, that recently surfaced as a potential threat specifically targeted to financial institutions and to prompt credit unions and credit union technology service providers to take immediate steps to mitigate the threat to their organizations and customers.

BACKGROUND

Computer-based worms, viruses and Trojan horses are an increasing threat to Internet-connected systems.  BugBear.B is a highly capable worm that specifically targets financial institutions.  Credit unions with the capability to access the Internet may be vulnerable to BugBear.B and should institute appropriate measures to mitigate the risks posed to their servers, desktops, notebooks, and other computing devices.

Information about BugBear.B is available from many sources, including CERT/CC, and commercial anti-virus vendors.  Although the available information varies, and may be subject to change, BugBear.B seems to possess the following general characteristics:

The disabling of security software is a concern because the victim loses the protection and audit trail provided by this software.  The insertion of spyware, combined with the

e-mail distribution of the resulting information, could provide an attacker with confidential information such as usernames and passwords to credit union systems and accounts.  With such information, the attacker could insert new malicious software or steal confidential information and/or funds.  Additionally, the remote control features appear to be available to anyone who wishes to use them.  Access to these features increases the risk from internal and external attackers.

The disabling of security software, insertion of spyware, and e-mailing of information could occur whether or not a credit union is included in the 1,300 specifically mentioned financial institution Internet addresses in the BugBear.B code.

RESPONSE TO THIS THREAT

 Credit unions should review their capabilities to prevent, detect, and respond to BugBear.B consistent with the guidance provided in Federal Financial Institution Examination Council’s Information Technology Handbook.  The Handbook is available at http://www.ffiec.gov/ffiecinfobase/html_pages/it_01.html.  Specific actions may include:

In the event your institution is a victim of BugBear.B, you should report the incident to law enforcement and file a Suspicious Activity Report, as appropriate, based on the impact of the worm on your institution.

________/s/________

J. Leonard Skiles
Executive Director
National Credit Union Administration


DCU Bulletin

Division of Credit Unions
Washington State Department of Financial Institutions
Phone: (360) 902-8701 FAX: (360) 704-6901

June 23, 2003  
No. B-03-07

California Disclosure Law’s Effect on Washington Credit Unions
 Computer Identity Theft Notice

A new California law (effective July 1, 2003) requires companies; including Washington chartered credit unions, to notify their California resident customers of computer security breaches.  The notification of security breaches is not necessary under this law (SB 1386) if a company stores its customer personal information in encrypted form.  The law does not specify what level of encryption is required. 

Most financial institutions, including credit unions, are not storing personal consumer data in encrypted form.  Therefore, if a customer information security breach occurs, notification to California residents would be required. 

This law is intended to combat identity theft and is triggered when a breach exposes certain types of information that is not stored in encrypted form.  Specifically, when a customer’s name is exposed in conjunction with their social security number, drivers license number, credit card or credit union or bank number.  After the intrusion or unwanted exposure of this unencrypted personal information, the company or credit union must notify their customers, who are California residents, in the most expedient manner without delay. 

We suggest that credit unions that serve members in California contact their attorney regarding potential liability under California law SB 1386.

It is incumbent upon each state chartered credit union to maintain the integrity of personal information they keep on their members.  An effective information security system deploys security at multiple layers including the following:

 

Each of these layers of control must be founded on solid security policy and procedures.

 ~~~~~~~~~

 If you need further information, please call Doug Lacy-Roberts at 360 902-0507.


DCU Bulletin

Division of Credit Unions
Washington State Department of Financial Institutions
Phone: (360) 902-8701 FAX: (360) 704-6901

July 9, 2003  
No. B-03-08

Counterfeit Checks

Recently, a Washington State credit union had two counterfeit credit union checks presented for payment.  Both checks were written for significant amounts - one for $33,000 and the other for $400,000.

In both instances, it appears the person(s) scanned the credit union’s logo and printed it, along with the credit union’s address and MICR line onto the counterfeit checks.  Both checks were printed on safety check stock, available from many office supplies stores and online retailers.

It is important your credit union follow proper clearing procedures to prevent payment of counterfeit checks of this type.  Be sure that your procedures include matching check numbers/written amounts of clearing items to checks issued prior to authorizing payment.  In both instances, the counterfeit checks presented for payment included valid check numbers that had already been issued and paid.  Another important clue will be checks presented that are outside the range of checks issued.

~~~~~~~~~

 Should you have further questions, please contact Glenn Ross at (360) 902-8813 or Doug Lacy-Roberts at (360) 902-0507.


DCU Bulletin

Division of Credit Unions
Washington State Department of Financial Institutions
Phone: (360) 902-8701 FAX: (360) 704-6901

July 21, 2003
No. B-03-09

New IS & T Contractor and IS& T Exam Fee Waiver

New Contractor For IS & T Exams

Effective July 2, 2003, the Division of Credit Unions (Division) began using a new contractor to perform the Information Service & Technology (IS & T) portion of our examination.  Trust Consulting and Compliance (Trust CC) is the new contractor and will be represented by either Tom Schauer or Jack Luu.  Both individuals have significant experience working with financial institutions on information service projects and risk evaluations.  Their experiences will help in identifying best practices or areas of weakness in state chartered credit unions.

Credit union managers told us the IS & T exams have been very informative and we were pleased with DHK and Associates’ work.  The reason we changed to a new contractor is a result of the normal two-year bid process for state contracts.  Trust CC’s contract runs through June 2005.

IS & T Exams For Remainder of 2003

For credit unions with exams through October 2003, we plan to continue the current exam process using the NCUA’s EC-1 (Electronic Commerce)[1], EC-2, and EDPR (Electronic Data Processing Review) forms.  During the next few months, we will be working with the contractor to evaluate a more risk-focused IS & T exam format.   In addition, we are exploring approaches to reduce the IS & T exam impact for smaller credit unions, that have had no changes to their electronic service delivery since the last exam.  We will publish a bulletin when IS & T exam changes are finalized.

IS & T Exam Fee Waiver Continues Through September 2003

The Director will continue to waive the IS & T exam fees on the on-site examinations completed during July 2003 through September 2003.  By October 2003, the Division will finish its analysis of its 2004 budget and cash fund to determine whether the Division can afford to continue waiver of the IS & T exam fees from November 2003 through June 2004.  We plan to provide more information about future IS & T exam fee waivers in October 2003. 

Please contact Doug Lacy-Roberts at (360) 902-0507 if you have questions. 


These forms are available on the NCUA website


DCU Bulletin

Division of Credit Unions
Washington State Department of Financial Institutions
Phone: (360) 902-8701 FAX: (360) 704-6901

October 2, 2003  
No. B-03-10

Changes to Merger Manual

The Division of Credit Unions (Division) recently approved changes to the manual used to guide credit unions through the process of a merger with another credit union.  The changes come in three areas. 

First, the new guidance clarifies the content of information provided (generally on form 6305A or other form proving notice of membership meeting) to the members for their consideration in voting on the merger.  As a general rule, a credit union should provide the member with a summary of the merger plan, either as part of the notice or as a separate attachment.  Unless waived by the regulator, the summary of the merger plan should contain all of the following, as applicable:

  1. Current, consolidated financial reports for each credit union;
  2. A combined financial report;
  3. An analysis of share values, and proposed share adjustment, if any;
  4. An explanation of changes relative to insurance of members accounts, if any;
  5. The reason for the merger;
  6. The name and location (including branches) of the continuing credit union, and what branches and offices of the merging credit union are expected to be open after the merger;
  7. An explanation of the organization of the board of directors and committees of the continuing credit union and whether any of the board of directors of the merging credit union will be appointed to the continuing credit union board of directors;
  8. An explanation of any new or expanded products and services that may be made available to the members, and any services or products expected to be discontinued to the merging credit union members as a result of the merger;
  9. An explanation of any contracts or agreements relating to any senior management officials of the merging credit union (by employee class only without identification of individuals);
  10. An explanation of any compensation or benefits (such as incentive plans, retirement plans, or severance benefits) offered to any employees of the merging credit union and state the amounts (by employee class only without identification of individuals);
  11. An itemized estimate of the cost of the merger, and
  12. Such other information, including any special merger terms, if the board of directors of either the merging or continuing credit union determines the information should be included in the membership notice, or if required by applicable regulatory authority.

Second, the guidance clarifies that the membership vote is taken only after the Division and the National Credit Union Administration give regulatory approval for the merger.  The Division wants the continuing credit union to have time to consider the impact of any regulatory conditions contained in the merger approval, before the membership vote is called.  In addition, the Division wants to review the language of the notice of special meeting of the members on the merger proposal and the membership voting ballot before these are sent to the members.

Finally, the Division expects management of a “merging” state chartered credit union will contact the Division at least five business days prior to the Board of Directors’ vote on the merger.  A Division representative may attend the board meeting in which the vote will be held.

Questions about these changes may be directed to Doug Lacy-Roberts at 360-902-0507 or Mike Delimont at 360-902-8753.

 


DCU Bulletin

Division of Credit Unions
Washington State Department of Financial Institutions
Phone: (360) 902-8701 FAX: (360) 704-6901

October 6, 2003  
No. B-03-11

Succession Planning

Succession Planning is Critical

The Division of Credit Unions (DCU) observes that a large portion of our credit unions have management approaching retirement age in the near future.  Therefore, boards of directors, with the assistance of current management, need to be prepared to deal effectively with the areas of recruitment, succession planning, and compensation.  DCU expects that succession planning will be part of the credit union’s strategic and disaster recovery plans.

Board Responsibility

The primary responsibility of boards of directors is to hire and retain professional management. 

CUNA's 2003 Environmental Scan indicates almost half of credit union CEOs will retire by 2013, yet only half of these credit unions have a formal succession plan or a senior management employee qualified to take over.  In addition, disasters happen and smaller credit unions are especially vulnerable due to a natural lack of management depth.  Professional recruiters estimate that it can take six months or more to recruit for a CEO or other key management position.  A prudent disaster recovery plan will have, at a minimum; persons identified and trained to act as interim management to ensure the immediate continuity of the credit union

Board Plan on Succession or Recruitment

Consistent with the credit union’s size and complexity, the board of directors should establish a strategic plan that documents management’s course in assuring that the credit union prospers in the next two to three years. Succession planning needs to be integrated into the strategic plan both to ensure its implementation and to obtain or maintain the knowledge, skills, and abilities needed by the manager to serve the future needs of the credit union. 

Directors need to have candid discussions with their key management and determine retirement plans.  If retirement is planned in the near future (two years or less), DCU expects the board and senior management to adopt an action plan and be actively engaged in succession planning and recruitment.   Directors should discuss the progress of accomplishing the succession/recruitment plan as a routine agenda item at board meetings. 

If retirement is anticipated in less than five years but more than two, DCU would expect to see succession planning in broader terms and discussed routinely at board meetings.  Activities might include:

Training on Succession Planning

Expect that examiners will comment if they do not find adequate succession plans as part of the strategic and disaster plans of the credit union.

The Division will be offering training in the near future to help volunteers and management prepare for successful succession planning.

 TOP OF PAGE