How Innovative Plan Design Can Contribute to a Credit Union’s Success

Taking a holistic approach to designing any member’s retirement plan is a goal well worth trying to attain. This is especially true when it comes to credit unions, where many of the same factors facing banks today – ever-proliferating technology, competition, and consumer demands – are being felt just as strongly.

Developing an effective and flexible retirement program involves creating a plan that not only assists employees in meeting their retirement goals but that also addresses a credit union’s business needs. Designing the right retirement program requires a keen understanding of an organization’s management philosophy; compensation strategy; competitive considerations and analysis; demographic considerations; the maturity of the institution; and – of critical importance in today’s shifting landscape – the different types of retirement plans available.

We have identified two basic approaches to developing a business’s employee benefits program. First is the objective approach, wherein one takes into consideration what kind of balancing of benefits is needed for employees; after all, a 50-year-old employee’s needs are vastly different than a 25-year-old’s.

With the second – the competitive approach – benefits and compensation packages are offered in order to attract and retain employees; benefit adequacy involves an analysis of wages and the level of benefits offered by one’s peers. Again, the state of play in the credit union space in Washington, D.C. will be vastly different than that in Boise, Idaho, or Peoria, Illinois. An ideal plan will include both the objective and the competitive approaches.

What we call the “cross-tested plan” seems to be one of the most effective tools in plan design today. Such plans are being used more frequently as a way to reward longer tenured employees; reward and incent by job category; restore benefits lost due to a defined benefit (DB)/pension plan freeze or cutback; and/or provide additional benefits in lieu of a supplemental executive retirement plan (SERP) or non-qualified plan.

While DB pension plans tend to favor older employees, a cross-tested plan is a type of 401(k) or profit sharing plan that can be designed to allow a credit union to allocate contributions to specific groups of employees, who can be sorted by a number of categories including age, tenure, job category, management vs. non-management.

Furthermore, cross-tested plans focus on benefits at retirement rather than on regular contributions, enabling employers to provide higher contribution amounts (expressed as either a percentage of compensation or a dollar amount) to older employees, employees with more years of service, and/or employees who are performing the most important functions for the business. Because younger employees have a longer time horizon in which to grow their assets, cross-tested plans effectively permit employers to contribute more for their older employees.

In a cross-tested plan, each subset of employees receives a different level of contributions, and must be defined in the plan document. The actual contribution percentages can be decided at the end of each plan year and can change from year to year. What’s more, a company that already has a traditional 401(k) can overlay a cross-tested plan or establish a separate profit-sharing plan.

Keep in mind that every cross-tested plan has its own individually designed formula, allowing a given organization the ability to control its own destiny in terms of total contributions made on a year-by-year basis.

With an age-weighted plan, employer contributions are allocated among eligible employees based on both age and salary. Again, since a participant’s time horizon to retirement is factored into the allocation, older, more highly compensated employees tend to receive a larger share of the overall contributions:

Rich Rausser

There are, of course, other factors to think about when considering a cross-tested plan. But these are the broad strokes; I encourage you to investigate further on your own, or contact a reputable retirement planning provider to learn more.

Pentegra Retirement Services is the NAFCU Services Preferred Partner for Qualified Retirement Plans for Credit Union Employees. More educational resources can be found at

How To Build A Third Party Cyber Risk Management Program

By: Jake Olcott, VP of Business Development at BitSight

Modern integrated business processes have dramatically expanded the attack surface of organizations in all industries. Institutions can no longer ignore the risk presented by vendors or other business partners, especially with regulatory bodies pushing for formal risk management of vendors and third parties. Assessing cyber risk adds to this challenge. It is one thing to make sure your organization is ready to deal with evolving threats- it is even more difficult to ensure your third parties are also prepared.

So, how can credit unions start evaluating the cyber risk associated with their vendors? More importantly, how can credit unions make this process efficient and cost-effective?

Using the right tools and techniques, those in charge of security and risk can drastically reduce third party cyber risk even if it’s not their primary responsibility. Below are four tips on how to save time and money in this process:

  1. Tier Your Third Parties

Some of your third parties have access to sensitive data that could compromise your employees and customer base. However, it’s likely that many others only have access to nonsensitive data. Identify your most important third parties and spend the most time assessing their security programs. Most organizations use a three or four-tier system.

  1. Adjust Your Contracts

Making sure that the contracts you’ve signed with your third party vendors reflects the level of security you expect is a critical step to managing and reducing 3rd party cyber risk.

  1. Use a Mix of Information to Assess Vendors

There are many ways organizations currently evaluate third party cyber risk. These typically include: standard security assessments and questionnaires, vulnerability scans, penetration tests, on-site visits, and data obtained through continuous monitoring. Taken together, these methods provide a good snapshot of an organization’s security posture.

  1. Continuously Monitor Your Critical Vendors

Just as your organization seeks to continuously monitor its own environment for security risks, it is critical to continuously monitor your critical third party vendors. Cyber is a dynamic environment, and security postures can change overnight. Monitoring your vendors and setting up alerts when security incidents arise is a more efficient way to assess and reduce security risk.

Join Jake for his webinar, “How To Build A Third Party Cyber Risk Management Program,” on August 24 from 2-3pm ET where he will offer tips, techniques, and tools you can leverage to make it an efficient and cost-effective process for your credit union. Click here to register today.

BitSight Technologies is the NAFCU Services Preferred Partner for Cybersecurity Ratings for Vendor Risk Management and Benchmarking. More educational resources and partner contact information are available at

CFPB Shares Proposed TRID Amendments

By: Andy Dunn, Senior Attorney, Wolters Kluwer 

Recently the Consumer Financial Protection Bureau (CFPB) released its notice of proposed rulemaking for the Know Before You Owe rule, commonly referred to as TILA-RESPA Integrated Disclosures (TRID). In their press release, the CFPB emphasized four changes: 1) Tolerances for the total of payments; 2) Housing assistance lending; 3) Cooperatives; and 4) Privacy and sharing of information, along with minor corrections across several topic areas.

It’s great to have the CFPB working to formalize the nonbinding verbal guidance it has provided to industry stakeholders, including Wolters Kluwer. The proposed rule helps eliminate the risk, especially in a presidential election year, that nonbinding verbal guidance could lead to future compliance violations following a change in bureau leadership. Once the proposed rule changes are finalized and published, all industry participants will be working from the same playbook.

In working closely with our customers to help them comply with the Know Before You Owe rule, especially around areas where nonbinding verbal guidance from the CFPB was required, we’ve found the most recurring trouble spots came from financial calculations. From the CFPB’s proposed changes it appears many of these areas, including calculating cash to close table; principal reduction/curtailment; summary of transactions table; and escrow account disclosures will be addressed. This is great news for our customers and partners, as many of these calculations are complicated to produce under the current rule.

Wolters Kluwer kicked off its 2016 User Summits and workshops with their ComplianceOne mortgage customers in Bloomington, Minnesota on August 9. The events are being held in 18 U.S. cities, ending in San Antonio, Texas on December 8, 2016. The Summits will provide a great opportunity for ComplianceOne mortgage customers to discuss the proposed rule changes with peers and to share their feedback if they think additional guidance is needed beyond what has been proposed.

Wolters Kluwer is looking forward to responding to the CFPB’s proposal and sharing their customers’ feedback with the bureau. The comment period closes October 18, 2016.

Wolters Kluwer is the NAFCU Services Preferred Partner for Consumer and Member Business Lending & Deposit Services. Learn more at

The HSA: An Uncovered Opportunity for Millennials (and Others Struggling to Pay Healthcare Costs)

By: James Thompson, Product Manager for Ascensus

As a millennial, I can give you a long list of reasons why I don’t think I have enough money to set aside for life’s biggest moments, especially when it comes to healthcare. In fact, most millennials will tell you that they can’t afford to save while acknowledging that they can’t afford not to save. Millennials seem to understand better than the generation before them how important it is to set aside money. It’s just that they don’t think they are capable of saving enough.

So how can millennials—or anyone struggling to save—save enough to combat healthcare costs? Well, if they are eligible, by taking advantage of the triple tax benefits of owning a health savings account (HSA): tax deduction, tax-deferred earnings, and tax-free distributions (if eligible). These tax benefits allow HSA owners to transform their previously taxable money into completely tax-free money. This is a perfectly legal way to avoid taxation on once taxable money—all the way around.

These tax benefits exist because the money in an HSA is intended to pay for medical expenses incurred by the HSA owner or the HSA owner’s dependents. But it’s not a matter of using the HSA in case you incur medical expenses; it’s a matter of using the HSA when you incur medical expenses. That’s where the tax advantages really come into play.

Consider the millennial HSA owner who becomes injured playing Frisbee golf or (insert other millennial-friendly activity here) and has to be seen by a doctor or is hospitalized. That innocent recreational activity resulting in a trip to the doctor may cost the individual hundreds, if not thousands, of dollars.

The beauty of the HSA is that before paying any medical bills ‘out-of-pocket’, the HSA owner can put that payment amount in his HSA (being careful not to exceed the annual contribution limit) and receive a tax deduction for the contribution. The tax deduction is like receiving a discount on his medical bills. For instance, someone in the 25 percent tax bracket essentially is receiving a 25 percent discount on his medical bills by contributing to, or running his money through, the HSA first.

Keep in mind that an HSA owner doesn’t have to put in the total amount of all her medical bills. Many people don’t realize that, if eligible, they can contribute as little or as much as they want to an HSA (up to the statutory limit) as they are able to or on an as-needed basis. There is no federal minimum balance requirement to maintain an HSA so making several small contributions over time may be a viable option for those who feel they cannot set aside much money at one time. For example, an individual who qualifies for the full HSA family contribution amount ($6,750 for 2016) whose medical bills total $6,000 may choose to contribute a more affordable amount, such as $200, in several deposits over time, adding up to $6,000, rather than contribute $6,000 to her HSA in one deposit. In the meantime, the longer these contributions remain in the account, the greater the potential for tax-deferred earnings.

Whenever the HSA owner is ready, he can withdraw from the HSA the amounts contributed to either reimburse himself or pay the healthcare provider directly for medical expenses. And as long as the distributed amount equals his qualified medical expenses, he will not have to pay taxes on the HSA distribution.

Millennial or not, with all of the tax advantages HSAs offer, those who are eligible to make contributions will likely find it worthwhile to build up a healthy HSA balance, as medical expenses often are inevitable, even for young, healthy individuals.

As for those HSA-eligible individuals who believe that they can’t afford an HSA, it is still worth opening one with a minimal balance and adding to it as qualified medical expenses occur. These individuals might as well take advantage of the tax breaks of the HSA (taking into consideration the contribution limit and any previously contributed amounts for the year) before handing it over to the healthcare provider. After all, paying the expense out-of-pocket when eligible for an HSA contribution is like throwing money away.

Ascensus LogoAscensus is the NAFCU Services Preferred Partner for IRA, Retirement Plan, and Health Savings Account (HSA) Solutions Software, Training, Documents and Consulting. More educational resources can be found at

Four Emerging Risks Challenging Credit Unions Today

By: Roger Nettie, Senior Risk Management Consultant, CUNA Mutual Group

As the risk landscape continues to shift and evolve, cmg risk blogcredit unions face two challenges: Staying current with risk trends and integrating risk management into their day-to-day plans and operations.

New risks can present themselves at any moment. So credit unions have to deal with familiar threats while recognizing new ones.

At the upcoming NAFCU Risk Management Seminar in Denver, I will speak about four emerging risks and provide action steps credit unions can take to mitigate and minimize exposure. These include:

  1. Wire transfers and ACH. Wire transfer fraud has been an ongoing problem with HELOC accounts, and fraudsters are evolving their attacks through email impersonations and by targeting real estate closings. ACH origination fraud has also become a new issue, as members and fraudsters are finding ways to take advantage of account-to-account transfer capabilities. Electronic payment systems are a favored target since large quantities of money are moved quickly, increasing the difficulty of retrieving it.
  2. Overdraft fees. Overdraft fees have generated class-action litigation, with members seeking monetary damages, restitution, punitive damages and injunction relief. Plaintiff attorneys are arguing that the calculation of overdraft fees isn’t adequately disclosed.
  3. Collection letters. Post-repossession collection letters have caused the most class-action claims against credit unions in recent years. Attorneys have successfully challenged the fact that many of the letters fail to meet the requirements of state laws that call for disclosures of the terms of sale of repossessed collateral. Damages and/or penalties for failing to adhere to these requirements are generally not insurable.
  4. ATMs and the Americans with Disabilities Act (ADA) compliance. This is a hot-button issue as of late, and it has generated lawsuits. ATMs must be accessible to everyone. Some requirements include: detectable warnings (truncated domes) in place on ramps leading to and from ATMs, volume control, tactile symbols for function keys, privacy options, and Braille instructions. Credit unions have been found in violation of ADA laws for failure to comply with these requirements.

Interested in learning mitigation tips for these emerging risks? Join my session, titled “The Unique Footprint of Emerging Risks,” at NAFCU’s Risk Management Seminar on Wednesday, August 10, from 9 – 10 a.m. MT to hear more.

Roger Nettie is a senior risk management consultant for CUNA Mutual Group. Contact him at

CUNA Mutual Group is the NAFCU Services Preferred Partner for Mortgage Payment Protection. For more information please visit

This article is for informational purposes only and should not be construed as legal advice. Credit Unions should contact their own legal counsel for advice with respect to any particular issue or problem.