FORT WORTH, Texas–Credit unions were offered some timely reminders on the “biggest pitfalls in the consumer lending process” by an expert on lending from CUNA Mutual.
CUNA Mutual’s Jim Bullard told the Cornerstone CU League’s meeting here that among the risks is trying to meet the needs of a “generation of people who want to move at the speed of light and want self-service.”
Millennials, and Generation Z behind them, have an “expectation right now of an online or mobile application process. They don’t want to talk to you; they just want to know their loan is approved. They want the funding electronically, A to Z virtual, and they want it quick. We will have to meet that as an industry.”
But in that haste mistakes and violations can occur. Here are some of the points Bullard stressed during his remarks:
Where Old Meets New
Where old school meets new school, said Bullard, is in having a Red Flag policy. “It needs to be more than a policy to satisfy examiners,” he said. “You must ensure you’re executing your ID theft Red Flag program on a daily basis. And you must update your program periodically to reflect changes in risks to members and to the safety/soundness of credit union from ID theft.”
When red flags are detected, Bullard said credit unions must ensure the program’s policies/procedures provide for appropriate responses that are commensurate with the degree of risk proposed, and need to consider aggravating factors that may heighten the risk of ID theft.
If a credit union is not detecting any red flags, that may be a red flag and he urged the CU to determine whether it has the correct methods and procedures in place to ID red flags.
“You have to have identity authentication where there is enough friction to give you comfort, but not so much as to deter the member from staying in the loan application,” he said.
Ideally, said Bullard, every CU LOS should be comparing information entered on the loan app with information on the applicant’s credit report.
Compare the information they are entering with what shows up on their consumer credit report.
When it comes to lending, he said best practices include:
- Manually reviewing all submitted information for consistency.
- Educating members.
- Ensuring checks and balances are in place.
- Having Internal controls, including call-backs, member verification services, establishment of dollar limits that require manual intervention, and procedures for maintenance requests.
An Example of Fraud Being Caught
Bullard said that recently he consulted with a credit union in New England on loan app fraud. The credit union received three loan apps in a week’s time, all for $25,000, and all supposedly for wedding expenses. All were filed by applicants who weren’t members but who qualified for membership. All three had no history of borrowing at that level on unsecured debt. The applications came into three different branches.
“One of the branches asked for employment verification, and the pay stubs provided had the same check number on them,” said Bullard. “The credit union caught it. After this we went back and pulled loan applications for 60 days prior, and found two more. Where more information was requested, those applicants just went away. But it was an organized group of people.”
The credit union’s experience was the subject of a recent CUNA Mutual Risk Alert on the “Honeymoon Scam.”
Telephone Consumer Protection Act (TCPA)
Not complying with TCPA isn’t a one-off, it’s a class action situation, cautioned Bullard.
“It all comes down to consent. Your only point of contact is pretty much now the cell phone or email. This rule is about making us careful with how your supposed to use that technology,” said Bullard. “The scary thing to me is the definition of “auto-dialer” is now so broad that if you hit redial on your cellphone, it’s an auto-dialer. To me, it’s too far reaching.”
Urging CUs to always get in-house counsel involved on anything TCPA related, Bullard walked his audience over the consent requirements related to auto dialers, artificial/pre-record messages/manually dialed calls, and whether those calls go to cellphones or residential landlines. All have different rules.
UDAAP
After outlining some of the specific compliance issues around UDAAP, Bullard said the real takeaway should be, “Do what you say, say what you do. Members should have access to their own funds unless you tell them otherwise. And it’s not about what you call something; it is about what you do and the actions you take.”