Can CU*Answers assist us in answering examiner questions about our risk assessment and how it applies to Audio Banking and Online Banking?
CU*Answers is happy to assist you in explaining system features to your auditors and examiners. We will be glad to talk directly to your examiner tools and features. Please contact a Client Service Representative for attention to this matter.
How often and when does the system run members through an OFAC scan? Is it just when new memberships are opened?
Automated scans are run when opening memberships or creating new non-member records. Additionally, the Operations staff brings in the consolidated sanctions list daily to ensure it is most current OFAC list. An automated scan is run weekly on Saturdays against your membership, non-membership, and A2A data base. (A report is generated from this scan. Refer to the booklet below for details.) Self Processors will need to assign a staff member to run this scan (Tool # 5410).
Additional automated scans are completed on certain transactions. Please feel free to refer to the OFAC booklet for more information.
Does the weekly scan of OFAC include Non-Members?
Every Saturday, Operations will automatically run the OFAC scan on both members and non-members.
Is there a way to run an OFAC scan on a non-member?
Yes, you can run a manual OFAC scan on any individual whether they are a member or a non-member through Tool #778 Scan a Single Name Through OFAC. You can also perform the OFAC scan function by accessing the CBX Time Out menu, then select OFAC Scan. OFAC scans can also be performed on Organizations. To access the same tool and click on the option that reads Organization Account. This will display the data entry field in the proper format for an Organization, as opposed to the first, middle initial and last name convention.
When joint owners are created, is there a scan against the OFAC file?
A joint owner record can be added to a membership as an existing member, meaning OFAC has already been scanned against them as well as scanned weekly. A joint owner can also be added by first creating a non-member record. When creating a non-member record an OFAC scan will be prompted.
What types of transaction patterns can you create for Abnormal Activity Monitoring?
The following types of transaction patterns can be created:
- Velocity: This evaluates if the member has an unusual number of transactions that fall within the criteria configured.
- Idle: This evaluates if the member has an unusual flurry of activity (either based on # of transactions, transaction type, or transaction amount) following a period of inactivity.
- Out of the ordinary: This evaluates if the member has a percent or amount increase compared to a prior activity.
What is the Audit Tracker?
The Audit Tracker is simply a special type of Member Tracker. Trackers are used throughout CBX to keep track of member communications, contacts, and events, for an ongoing record of the member’s relationship with your credit union.
The Audit Tracker is specifically designed to record events for your credit union’s internal auditors. This includes things like BSA-related activities, OFAC scans, and the like. Your staff can also record notes in the Audit Tracker, such as if an OFAC scan finds a suspected hit. Then, your staff can record what steps were taken and explain if there was a mismatch. Like any other Tracker, you cannot delete or edit a note once it has been added to the Audit Tracker, so it becomes a permanent record for that member, even after they close their membership with the credit union. Also, because it is a Tracker, you can assign follow ups to any note in the Audit Tracker so other employees can take care of necessary tasks. At a future date, OFAC scans will be taken out of the audit trackers and will create a separate report. CU*Answers will make this announcement when applicable. The system will create one Audit Tracker record as needed for a member, then subsequent events will simply add notes to that same Tracker.
What does AIRES mean?
AIRES is an acronym for Automated Integrated Regulatory Examination System. AIRES is a software tool used by the NCUA when performing financial audits on credit unions.
What are the procedures for the process to perform a member account verification audit?
At some point during the year an auditor may contact your credit union to perform a member account verification. This involves sending statements with a special message and unique return address, so that members respond to the auditing firm rather than the credit union directly. Here are some important tips to ensure your audit is successful:
- CU*Answers cannot change your credit union’s return addresses on statements. CU*Answers uses custom statement envelopes for all clients, which cannot be altered. However, special envelopes can be ordered through Sage Direct, Inc. (our statement processor) for your auditing needs.
- A letter outlining your auditor’s request must be sent to CU*Answers Client Services through a web-based incident.
- Specifications and fees for statement preparation and inserts still apply.
What information can be provided to assist a credit union for a risk assessment of the Audio Banking system?
The CU*TALK Introductory/Startup Guide explains the features that are available with the standard Audio Banking system provided by CU*Answers. This system uses TCP/IP technology provided by Interactive Intelligence, Inc. (I3).
From a risk assessment standpoint (i.e., risk of money being moved from a member’s account or loss of personal identity), are there many features in the CU*Answers audio banking system that are similar to online banking?
While audio response originally mirrored the functionality of online, the paths for those two channels have diverged greatly as online banking has grown and expanded over the past several years. For example, while online banking offers an optional feature to allow members to update personal information online, no such equivalent feature exists in audio response. Additionally, members can no longer make transfers from their membership to another membership and cannot request check withdrawals.
What are the layers of authority for a Database Administrator who manages a Data Warehouse?
The following is a summary of the authority control layers every database administrator should be aware of when managing access to data tables and the raw information they hold.
Warehouse authority – blanket of permissions and prerequisite to all other layers of authority. These permissions are applied per Library based on User ID for individual warehouses.
Table authority – precision for just one table but generally remains consistent across tables within any one warehouse. These permissions are applied per table.
Query Definition authority – this authority designation controls who can access a report, and what they are allowed to do with it. Upload/Download authority – a la carte-style authority (upload/download) for a special kind of action with any library. Can be specific down to individual table within a library. Applied per User ID to authorize warehouse or table
Tool authority – The final layer & gatekeeper to any access or manipulation of tables. A person can have warehouse authority, table authority, & upload/download, but still be restricted from ever using them by managing tool access in Employee Security. Applied per Employee ID or Alias ID to authorize individual tools.
