Avoid Large Losses With Proper Preparation - Amazon S3 · PDF fileAvoid Large Losses With...
Transcript of Avoid Large Losses With Proper Preparation - Amazon S3 · PDF fileAvoid Large Losses With...
Avoid Large Losses With Proper Preparation
Jay Isaacson, Vice President CUNA Mutual Group
May 16, 2016
© 2016 CUNA Mutual Group, All Rights Reserved.
What’s In Store For Today…
• Credit Union Risk & Loss Trends
– Fidelity Bond and Plastic Card
– Management & Professional Liability
– Cybersecurity
• Questions / Discussion
Bond Claim Count (frequency – incurred losses)
Bond Claim Dollars (severity – incurred losses)
Point of Emphasis: Always consider both frequency and severity
Source: 2011-2015 CUNA Mutual Group internal claims data
Employee Dishonesty Risk
Managing Risks
• Strong hiring practices - is a prospective employee bondable?
• Segregation of duties
• Regular review of authority levels
• Dual controls
• Supervisory / Internal audit program (trust but verify)
Check Transactions & Processing
0
2
4
6
8
10
12
14
16
18
0
10
20
30
40
50
2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Bill
ion
s o
f C
he
cks
Pro
cess
ed
Pro
cess
ing
Site
s
Processing Sites Checks Processed
Source: Federal Reserve
-7.8% CAGR
ACH & Wire Volumes
-
2
4
6
8
10
12
14
16
18
20
Bill
ion
s
ACH
8.9% CAGR
0
50
100
150
200
250
300
Mill
ion
s
Wire
2.5% CAGR
Source: NACHA, Federal Reserve and CHIPS
Wire Transfer Fraud Losses
• Fraudsters getting devious with appearance of wire destinations
• Tricking members into providing false instructions for legit transactions
• Remote request
• Request to transfer funds internationally
• Primary risk mitigation tool fails: Call backs defeated
Loss
sce
nar
ios
Take These Action Steps:
• Monetary cap on wire requests not in person
• Understand coverage risk sharing
• Exceptions must be approved by officer
• Written agreements with members in advance
• Passwords on file
• Avoid too much reliance on signature verification or any documentation sent electronically
• Train staff to be looking for red flags
Wire Transfer
ACH Transactions Losses
• Funds pushed in from other institutions, direct deposit, tax refunds, etc.
• Not insurable if they get returned
• Not a big problem area
CU: RDFI of Credits
CU: RDFI of Debits
• Funds are pulled out by other institutions, such as recurring bill payments
• Coverage available under Funds Transfer part 3, but not problematic due to generous return rights
CU: ODFI of Credits
• Funds are pushed out to other institutions, online banking payments, business member payrolls
• Coverage typically under Electronic Crime (or Funds Transfer if by phone) if fraud
CU: ODFI of Debits
• Funds are pulled in from other institutions
• Currently one of the biggest Bond claim problem areas
• No coverage available
ACH Case Study • Large credit union allowed account
to account transfers
• Member pulled in $322,000 over one month from a bank
• Member immediately transferred funds to another institution
• Member contacted bank and claimed the debits were unauthorized
• Bank returned the transaction
CU has a $322,000 negative balance
Not insurable (Collection issue)
credit union impact
OD
FI D
eb
it
• Assessing & controlling ACH risks requires a strong understanding of transaction process
• Taking the time to implement and set controls could significantly reduce the risks
• Functioning as an ODFI typically has more risk than an RDFI
• Insurance usually applies to funds removed, not funds first coming in
Managing ACH Risks
Plastic Card Fraud
• U.S. EMV implementation 10/2015
– Delayed implementation for ATMs and fuel pumps (2017)
• Fraudsters still view U.S. payment cards as path of least resistance
• Techniques continue to rapidly evolve and improve
PIN-less
Debit
Local Fraud
ATMs
Common Fraud Trends
Plastic Card Fraud Key Recommendations
• Review non-financial transaction report to legitimize changes – cards; PIN; credit limits; or address changes
• Segregate duties involving payment card changes, file maintenance, and report review
• Eliminate immediate credit for card payments
• Restrict high risk merchant category codes such as wire transfers and cash disbursements
• Avoid using VRU for member PIN changes
• Review security controls annually to confirm adequacy and effectiveness
EEOC Charges - Employment Practices Liability
0.0
10.0
20.0
30.0
40.0
50.0
2013 EEOC Charges 2014 EEOC Charges 2015 EEOC Charges
Source: www.EEOC.gov, EEOC Enforcement and Litigation Statistics (2013-15)
Growing severity
3.2 million records exposed
nearly double from 2011
Cybersecurity
Source: NetDiligence 2015 Cyber Claims Study
Growing severity
$964.31 per record average cost to repair
Cybersecurity
Source: NetDiligence 2015 Cyber Claims Study
How Data Breaches Are Happening
Employee Negligence / Theft
Lost / Stolen Data Laptops, backup tapes / disks;
and other data-bearing mobile devices
Network Hackers & Malware
Vendor Leaks / Mistakes
Emerging risks on the radar
Active Shooters
Social Media Discrimination
Transportation Network Services
Fair Labor Standards Act / Wage & Hour
ADA – Website Accessibility
Overdraft Litigation
Collection Letters
Sharing relevant
insights & resources
to assist with your
strategic decisions
Thank you for the opportunity to partner on managing credit union risk.
This presentation was created by the CUNA Mutual Group based on our experience in the credit union and insurance market. It is intended to be used only as a guide, not as legal advice. Any examples provided have been simplified to give you an overview of the importance of selecting appropriate coverage limits, insuring-to-value and implementing loss prevention techniques. No coverage is provided by this presentation/ publication, nor does it replace any provisions of any insurance policy or bond.
CUNA Mutual Group is the marketing name for CUNA Mutual Holding Company, a mutual insurance holding company, its subsidiaries and affiliates. Insurance products offered to financial institutions and their affiliates are underwritten by CUMIS Insurance Society, Inc. or CUMIS Specialty Insurance Company, members of the CUNA Mutual Group. Some coverages may not be available in all states. If a coverage is not available from one of our member companies, CUNA Mutual Insurance Agency, Inc., our insurance producer affiliate, may assist us in placing coverage with other insurance carriers in order to serve our customers’ needs. For example, the Workers’ Compensation Policy is underwritten by non-affiliated admitted carriers. CUMIS Specialty Insurance Company, our excess and surplus lines carrier, underwrites coverages that are not available in the admitted market. Data breach services are offered by Kroll, a member of the Altegrity family of businesses. Cyber liability may be underwritten by Beazley Insurance Group.
This summary is not a contract and no coverage is provided by this publication, nor does it replace any provisions of any insurance policy or bond. Please read the actual policy for specific coverage, terms, conditions, and exclusions.
©CUNA Mutual Group 2016, All Rights Reserved.