Financial Calculators Can Multiply Your Credit Union’s Reach

CULookup Financial Calculator via SmartphoneAlthough Financial Literacy Month officially occurs in April, your members are looking for ways to manage their financial futures throughout the year. Obvious statement? Perhaps, but it’s important to note that regardless of the day or month, your members are continuously looking for practical tools and resources to help plan and set goals to maximize their financial well-being.

Offering financial calculators on your credit union’s website is a huge added value for members and is an easy and quick way to extend your credit union’s reach and create a channel to attract new members.

Deliver Personalized Financial Guidance 24/7

Many people use online financial calculators to estimate mortgage amounts they can obtain, evaluate how long their retirement savings will last, or determine the amount of time it will take to pay off their credit card balance. And, the great news is that your members can access this valuable set of tools any time of day and on any device. Members should think of your credit union as a resource for financial guidance. Offering financial calculators on your website is a great step to take in order to enhance your reputation for helping individuals manage their financial health.

Offer Member and Mobile-Friendly Online Resources

Be sure that your credit union website offers financial calculators that are member-friendly, and more importantly, mobile-friendly.

On April 21st, Google re-programmed their search algorithm to reward websites that are fully optimized for mobile platforms with higher rankings. This change will undoubtedly have a profound effect on search listings, thus confirming that responsive web design is now a best practice for websites.

Give Your Website a Valuable Boost in Visitors

By offering mobile-friendly online financial calculators to your members, your credit union will inevitably see an increase in website traffic.  Don’t forget to track these visitors!  You’ll want to answer questions such as, “What is my most popular calculator?”, “How many unique visitors are my calculators attracting?”, and “What is the total number of calculations occurring?”  Tracking this type of visitor data will lead to greater insights and better reporting.

Ultimately, driving more visitor traffic depends on the call to action issued on your website. The call to action is the component of your marketing message that directs your audience toward the obvious next step you would like them to take.  You may direct your audience through a banner or button click or a request to complete an online form.  A call to action could be the differentiating factor between a website visitor and a converted new member.

CULookup Call-to-Action Home LoanIf you overlook the importance of a strong call to action, you will miss an opportunity to showcase the value of your credit union’s products and services. And, a missed opportunity could be a lost opportunity.

View Financial Calculators as Strategic Tools

By viewing your online financial calculators as strategic tools rather than just a standard element that resides on your website, you can enhance the value that these resources generate for both your members and your credit union.

Take advantage of the financial calculators that were developed specifically for credit unions and their members, by visiting Financial CalCUlators powered by CULookup.com  or contact info@culookup.com for more information.

CULookup.comFinancial CalCUlators powered by CULookup.com offers 30 financial calculators developed specifically for credit unions and their members.  Calculators are mobile-friendly and support custom call-to-action banners to direct users toward a next step after any calculation. Financial CalCUlators are free to NAFCU members and offered to non-NAFCU member credit unions for a nominal fee.

The latest release of Financial CalCUlators powered by CULookup.com will be unveiled on June 23rd at the NAFCU 48th Annual Conference and Solutions Expo in Montréal.  New features of the release include a responsive design to ensure that all calculators are mobile-friendly and custom call-to-action banners that direct calculator users toward the obvious next step after any given calculation.   Financial CalCUlators offer 30 embeddable financial calculators specifically developed for credit unions and their members. For more information on the new release, visit CULookup’s exhibitor booth in the Preferred Partner Pavilion during the conference.

Prepare Your Credit Union for Changes in HMDA Data Collection Rules (Part 2)

Prepare Your Credit Union for HMDA ChangesBy Edward Kramer, Executive Vice President of Regulatory Affairs, Wolters Kluwer Financial Services

In part I of this series, the new data fields that the Consumer Financial Protection Bureau (CFBP) seeks to collect for more HMDA reporting transparency and timeliness and concerns about potential misinterpretation of newly collected data was addressed.

To wrap-up, we will consider the known and unknown factors related to this regulatory change and conclude with a list of key tips you can use to prepare your credit union for these pending changes.

Imminent Compliance and Technology Challenges Are Clear

Although most industry observers expect issuance of the final regulation sometime in 2015, we don’t yet know which specific data fields will be included, nor the amount of time institutions will have to prepare before the requirements go into effect. We also do not know if or how much of any additional data collected will be made public by the regulators.

Protecting the privacy of personally identifiable financial information should be a priority. The inclusion of items such as credit scores, borrower age, and other personal data may raise legitimate privacy concerns, particularly if it becomes possible to identify a specific consumer by combining the new data with other publicly available data.

Despite the unknowns, one thing is certain:  the extent and breadth of the proposed new data collection fields will be considerable.  They will impose significant regulatory compliance and information technology challenges on mortgage lenders.

How Your Credit Union Can Prepare

Whatever requirements are ultimately adopted, lenders will need to evaluate their current data collection capabilities, identify gaps, and make needed investments to be compliant.  What impact will this have for your credit union’s staffing decisions, training, vendor support, and technology infrastructure—and how can you begin to prepare for these changes?

While the specifics have not yet been announced, you needn’t wait before initiating some preparatory action: 

  • Plan now for the increased data capture requirements and remember that data integrity is essential
    The changes coming will be sweeping and broad, impacting your organization in many ways. Minimally, these changes will include all new data fields outlined in the Dodd-Frank legislation—and likely, many if not all of the CFPB’s additional proposed data fields—so make sure your preparation is underway.
  • Identify all lines of business impacted by the HMDA changes
    Determine how you will organize these lines of business so that your efforts are coordinated. Ensure that all individuals responsible for implementation are connected and developing a plan of action so your organization is as ready as it can be once the final rules are announced.
  • Identify and prepare for any needed staff training
    Determine what your enterprise methodology and approach will be to manage the implementation. It’s never too early to start planning when it comes to staff training.
  • Strengthen and bolster your analytics capabilities
    The last thing you want is to submit data to the government that you haven’t already fully analyzed.  Given resource constraints, lenders might be best served in outsourcing their data analytics needs to a capable vendor.  But, whether you manage this function internally or through a third party, know the implications of that data for your organization—and how you plan to go about addressing any problems found in the analysis.  You don’t want others analyzing and interpreting your findings in advance of conducting your own comprehensive review.
  • Conduct a root cause analysis on questionable cases
    If your analyses uncover indicators of potential disparate treatment or impact of protected classes, conduct a root cause analysis to determine the extent of the problem and what is causing it. Then fix it.

Accept the fact that whatever implementation timeline is ultimately defined, the transition time for Tim Burniston EVP Wolters Kluwer Talks HMDAmanaging a regulatory change of this magnitude can never really be sufficient. But with some thoughtful and concerted advance preparation, you will be best positioned to ease some of the challenges in transitioning effectively to the new requirements.

Watch and share this short video of Tim Burniston, Executive VP at Wolters Kluwer, speaking about 4 key ideas to prepare for HMDA changes: New HMDA Fields Coming – Are You Ready?

Wolters Kluwer Financial ServicesWolters Kluwer Financial Services is NAFCU Services Preferred Partner for consumer and member business lending and deposit services. For more information on Wolters Kluwer’s products and services, visit http://www.nafcu.org/wolterskluwer/

Prepare Your Credit Union for Changes in HMDA Data Collection Rules (Part 1)

Mortgage-App-Approval-HMDA-Wolters-KluwerBy Edward Kramer, Executive Vice President of Regulatory Affairs, Wolters Kluwer Financial Services

In 2015, expectations loom large for lenders around finalization of rules for the new Home Mortgage Disclosure Act (HMDA) data collection requirements.

Created as part of the Dodd Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank), the regulation authorizes the Consumer Financial Protection Bureau (CFPB) to expand the current HMDA dataset in order to help “financial regulators and public officials keep a watchful eye on emerging trends and problem areas in the mortgage market.”

CFPB Seeks More Data Transparency and Timeliness

The proposed changes include required reporting of 37 new data fields, including 20 not currently required under Dodd-Frank. Those 20 fields represent additional information that the CFPB proposes to collect for analytical purposes, including:

  • Detailed property location information
  • Total points and fees
  • Rate spread for all loans
  • Information on loan features such as teasers and introductory rates, and
  • Applicant’s age and credit score

In addition, the CFPB proposes to collect data such as:

  • Borrower’s debt-to-income ratio
  • Combined loan-to-value ratio
  • Loan’s qualified mortgage status, and
  • Inclusion of manufactured housing in collateral

When the CFPB proposed the expanded HMDA data collection specifications in the summer of 2014, it argued for the need for greater transparency and timely access to regulate lending activity, citing concerns that “under the current regime, HMDA data may be reported as many as 14 months after final action is taken on an application or loan.”

Consequently, for financial institutions reporting at least 75,000 covered loans per year, which accounts for the vast majority of loan application registrations in the annual HMDA files, the new rules would require submission of HMDA data on a quarterly rather than annual basis. The CFPB estimates that this specific reporting provision would impact about 28 financial institutions that combined would report about 50% of all HMDA-reported transactions.

Potential for Data Misinterpretation Causes Concern for Many

The regulatory landscape changed dramatically with the 1975 enactment of HMDA and then again with the passage of the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (“FIRREA”). The latest proposed regulatory changes may have an equal or greater impact on institutions affected by the proposal. This observation is borne out in the anxiety over the new data reporting requirements evident in the October 2014 Regulatory & Risk Management Indicator report, conducted by Wolters Kluwer Financial Services.

According to the report, U.S. credit unions and banks specifically point to the Dodd-Frank Act and the associated HMDA data collection requirements as among their chief concerns. The new data collected will unleash a flood of additional public scrutiny of mortgage lending. And that development, by extension, will likely generate a new level of criticism of the mortgage industry, including credit unions, from those interpreting the newly available data.

It is clear from its recent enforcement actions and guidance that the CFPB holds accurate HMDA data as central to fair lending compliance and its ability to enforce fair lending laws. Inaccurate HMDA data will only serve to mislead the public and will not be tolerated. That said, the additional data, however accurately reported, will be an insufficient basis on which to ground definitive conclusions about discrimination on a prohibited basis. But, the data will generate more room for error as it gets interpreted – or misinterpreted – by regulators, analysts, and the public.

Tim Burniston EVP Wolters Kluwer Talks HMDAStay tuned for part 2 of this series to get additional insights about HMDA compliance and technology challenges and a list of key tips you can use to help prepare your credit union for these changes. Get a sneak peak of the tips by watching Tim Burniston, Executive VP at Wolters Kluwer highlight the HMDA changes in the short video, New HMDA Fields Coming – Are You Ready?

Wolters Kluwer Financial ServicesWolters Kluwer Financial Services is NAFCU Services Preferred Partner for consumer and member business lending and deposit services. For more information on Wolters Kluwer’s products and services, visit http://www.nafcu.org/wolterskluwer/

Become a Vendor Assessment Jedi Using the NIST Cybersecurity Framework

Written by Randy Lindberg, Founder and Managing Partner with Rivial Security (A Quantivate Partner)

Computer bound with chain and padlockThere are some ordinary steps that you can take to assess vendor due diligence. But, you don’t want to be ordinary…

To be a Vendor Assessment Jedi, use the NIST Cybersecurity Framework, you must!

Vendor due diligence is the process of ensuring that the use of external IT service providers and other vendors does not create unacceptable potential for business disruption or negative impact on business performance.

To accomplish the objective of vendor due diligence, your credit union needs to:

  • Gather company details such as ownership specifics, company size, products offered, and location
  • Understand the company’s financial position, or rather, is this vendor financially stable enough to service your needs for at least 1 to 2 years
  • Know if the vendor will live up to their promises in terms of reputation via BBB ratings, CFPB complaints, and reference checks
  • Know how well the vendor is going to protect your data

Vendors that provide IT Services have additional due diligence requirements, your credit union needs to:

  • Make sure that contract language includes information on the right to audit, data security measures, and data ownership
  • Define specific security considerations and incident response procedures. Additionally, for cloud-based IT service there are additional data security questions that need answers (cloud-based IT service that the NIST 800-145 definition is referred to in FFIEC guidance1)

Ultimately, your credit union, as the entity responsible for assessing vendor due diligence, must understand the vendor’s cybersecurity stance. How do you determine a vendor’s cybersecurity position? You can request an audit of their security controls, which typically comes back in the form of an SSAE 16 report.

SSAE  stands for “Statement on Standards for Attestation Engagements.” The SSAE 16 is delivered in the form of Service Organization Controls (SOC) reports. There are several report types, but the two most common and important are:

  • SOC 1 Type 2, which reports on the design and effectiveness of internal controls over financial reporting; and
  • SOC 2 Type 2, which reports on the design and effectiveness of “trust service principles” such as security, confidentiality, and availability.

In most cases, the SOC 2 Type 2 is the best report for assessing cybersecurity. The SOC 1 report, however, is the most commonly used report. Not all SSAE 16 reports are the same because there is discretion as to which and how many of the five (5) trust services principles are actually examined and reported on during a SOC 2 engagement. You have to dig into some details to understand what is being reported.

For example, if an IT Service Provider has a SOC audit performed on their corporate network, but outsources application development and data center hosting, you’ll essentially be left with a meaningless document.

The ordinary steps used to perform a SSAE 16 review are:

  • Pinpoint findings without adequate management responses
  • Provide complementary user entity controls to system owner and/or IT

But, you want to be extraordinary. By using the NIST Cybersecurity Framework in the following way, you can become a Vendor Assessment Jedi:

  • Review the description of the vendor’s system addressed in the SSAE 16 report
  • Search for “subservice” to find the section where subservice organizations (i.e., any businesses that your vendor contracts with/outsources) are described
  • Use function, category, or subcategory (depending on your technical expertise and comfort level) to ensure control objectives are covered

NIST Cybersecurity Framework Core Example

NIST Cybersecurity Framework Core Example

Using the partial image above, you could search through the SSAE 16 report in a structured manner using the Framework as a guide.

If you use the “subcategory” component of the Framework, you would check the vendor’s report for a control objective that outlines “Response plans incorporate lessons learned” (as highlighted in the example above) or something very similar. If there is sufficient content in the report, you can mark that subcategory is ‘in place’ in your vendor cybersecurity assessment tracking documentation.

Using the NIST Cybersecurity Framework, in this way, to walk through vendor security audit reports provides a useful and efficient method to review vendor security controls.

To learn more about using the NIST Cybersecurity Framework to ensure proper vendor due diligence, register for the upcoming webinar, “Assessing Vendors Using the NIST Cybersecurity Framework,” presented by Randy Lindberg and Dan Banning, Director of Marketing at Quantivate.

Here are some additional resources for you to reference in the process of becoming a Vendor Assessment Jedi at your credit union:

Quantivate Logo
Quantivate is the NAFCU Services Preferred Partner for Vendor and Contract Management. Quantivate partners with Rivial Security to deliver cost-effective data security solutions that enable organizations to protect sensitive data, comply with industry standards, and gain a competitive advantage. Additional educational resources and contact information can be found at www.nafcu.org/quantivate.