ATTUS' Top 10 Compliance and Risk Topics of 2011
One Final Check-In with Your Compliance Office Before You Close Out the Year
By Lori Moore, CRCM, Director of Compliance

At the beginning of 2011, ATTUS predicted “another 365 days full of shifts in actual regulations and compliance interpretation.” We also said success in 2011 would require balance and finesse within your institution’s compliance office; two qualities that could only come through employing excellent oversight and by taking advantage of automation and technology. Throughout the year, we have monitored the compliance and risk landscape to bring you timely insight and guidance on key events and issues in order to further help you assimilate and integrate balance and finesse into your compliance office. Before we head into 2012, a year sure to be filled with its own challenges and uncertainties, here’s one last chance to review your risk profile and ensure mitigation strategies are in place or, at the very least, in the planning stages for these Top 10 2011 Compliance and Risk Issues.

The Electronic Funds Transfer Act, implemented by Regulation E (Reg E), establishes the basic rights, liabilities and responsibilities of consumers who use electronic fund transfer (EFT) services and of the financial institutions that offer such. Without a doubt, it is one of the most complex consumer compliance laws in effect today. As the rapid shift from paper to electronic payments is expected to continue, your institution should anticipate and be prepared for the number of claims subject to Reg E to also increase. In this webinar, we will discuss various aspects of the law with emphasis on the error resolution procedures set forth under section 205.11. We will also look at important terms defined under Reg E and some example scenarios that illustrate common violations you want to avoid.

Speakers: 

Lori Moore, CRCM
Director of Compliance

1/12/2012 3:00PM to 4:00PM ET

Question: We do not originate IAT transactions, however we do receive them. What is our SAR filing responsibility for IAT transactions which are not payroll or pension payments?

Answer: The 2010 BSA/AML Examination Manual issued by the FFIEC provides two examples of situations involving an IAT where one was originated for payroll and the other for a pension payment. It does not state that all IATs will typically only be originated for these two purposes. At this time, I’m not aware of any guidance that states or implies that an IAT transmitted for any other purpose should be deemed suspicious. Therefore, a Suspicious Activity Report (SAR) should not be filed solely on the basis that an IAT – whether it is originated or received by your institution - was transmitted for a purpose other than payroll or pension payments. All IATs must be scanned for OFAC compliance and if your institution feels that the transaction is unusual or suspicious for any reason, a SAR should be filed as required.

Got a question on a tricky regulation? We want to hear from you. Submit your question and an expert will answer it in a future issue.


2011's Biggest Breaches: What We've Learned
Humans are Still at the Heart of Great Security Breaches
Hord Tipton, bankinfosecurity.com

In virtually all of the breaches of 2011, there was a human error or failure that could have been avoided. As IT people, we tend to focus more on the technology surrounding these compromises, but as I look more closely at each of them, I believe that humans are still at the heart of great security successes - and, unfortunately, great security breaches.

With this human factor in mind, let's take a look at some of this year's biggest compromises. Interestingly, many of the human errors involved in these breaches were basic mistakes...read more.
 

Hidden Costs of FFIEC Conformance
Investing in New Authentication Layers Proves Taxing
Tracy Kitten, thefraudblog.com

From banks and credit unions to industry analysts and vendors, I've gathered a range of perspectives about risk assessments, layered security and authentication. Lately I've been trying to delve more deeply, to find out exactly what types of technologies and solutions institutions are exploring, and how they're working with vendors to ensure they invest in solutions that ensure conformance and security now and into the future.

The initial finding thus far: Investments in enhanced detection and authentication are costing institutions more than they expected.


To Grow, Leave What You Know Behind
Start Asking, Focus on People, Get Proficient
John Coleman, HBRBlog.com

As we go through different phases in our personal and professional lives, we're called upon to adapt, to marshal skills different than those we've used in the past. And in the modern world - where the pace of technological and social change is as fast as at any time in human history, those demands on our adaptability are greater. An exceptional grocery store cashier, for example, will need a different set of skills to be a store manager as her career evolves. And those in computer repair have had to learn and unlearn myriad skills over the past 30 years to keep pace with the changes happening around them.

So what skills do you need to modify or leave behind to grow?