Check out the CU*Answers store for assistance in preparing for your BSA audit. See the related links below to learn more.

This happens rarely, but usually when we see orphaned records like this it's because the employee exited their CU*BASE session improperly in the middle of processing a transaction, either by clicking the close button or due to an unexpected power or communications interruption. For example, once a cash transaction is posted and the CTR screens are presented, the user must proceed; there is no way to back up and cancel the transaction at that point. Some users get desperate and click the   More...

At some point during the year your credit union's audit firm may contact your credit union to perform a member account verification. This involves sending statements with a special message and unique return address, so that members respond to the auditing firm rather than the credit union directly. Here are some important tips to ensure your audit is successful: CU*Answers cannot change your credit union's return addresses on statements. CU*Answers uses custom statement envelopes for a  More...

The Audit Tracker is simply a special type of Member Tracker. Trackers are used throughout CU*BASE to keep track of member communications, contacts, and events, for an ongoing record of the member's relationship with your credit union. The Audit Tracker is specifically designed to record events for your credit union's internal auditors. This includes things like BSA-related activities, OFAC scans, and the like. See the flyer referenced below for a current list of items recorded automa  More...

The Audit Link service consists of three interrelated business activities. The first is an overall analysis of the credit unions needs, hot buttons, and recent audit or examination findings. This analysis is designed not only to tailor the program for the credit union but also to facilitate an overall general compliance tune-up. The second area of this initiative is the development of a daily, monthly, and quarterly roadmap of tasks to be completed. This is where the credit union would see the  More...

This file is populated when we receive the file from Sage Direct. Sage forwards the audit data to use once ALL statement runs are completed. This will typically occur between the 10th and the 15th of the month.

Because of CU*BASE design to integrate directly to the general ledger is one of its most impressive features, the teller system needs to process as its own section. In order to discourage inaccurate or misleading transaction reversals or back-dating, the dual system segreates the teller drawer (cash) from the member transactions and balances. If the two steps are not completed correctly, the general ledger will be out of balance. Fortunately you can use Tool #31 Reverse Tran/Adjust Drawer (Same  More...

You can visit the Audit Link website at http://auditlink.cuanswers.com for guidance on upcoming regulations as well as any recent Audit Link news.

More information can be found in Chapter 13 “ODFI Audit Requirements and Rules Compliance” found on OG52 of the NACHA Operating Rules. The first sentence in Chapter 13 states: All ODFIs, Third Party Service Providers performing a function of ACH processing on behalf of those ODFIs, and Third Party Senders must perform an annual audit to determine compliance with all provisions of the NACHA Operating Rules. Third Party Service Providers and Senders are very well defined in t  More...

Daily: Review all BSA transactions Monitor Dormant activity File maintenance review Review of teller reversals involving cash Weekly: Review of wire transfer log Insider/Employee audit Bi-Weekly: OFAC on entire membership BSA/SAR review Monthly: Stale dated checks Other Review of CTRs and SARs *Any of these may be contracted separately as an individual, ad hoc service

Performed on a daily basis, Audit Link uses the CU*BASE Dashboard for Negative Balance Analysis to retrieve negative balance data. A daily report summary is provided to your team illustrating negative balance accounts separated as 15-day buckets to assist in quickly identifying possible fraudulent activity and areas that may require immediate action. Also included with the daily report summary are graphical representations and delinquency ratios to assist in identifying key trends affecting your  More...

The CU*BASE BSA monitoring tool does include data about shared branch transactions conducted via its own internal shared branch tool (includes Xtend Shared Branching). From the national shared branch networks (such as CUSC/FSCC), CU*BASE does receive Funds In amounts (separated by checks and cash) and includes those in BSA tools. (Currently Cash Out is not included, although that is planned for a future project.)

No, our CSRs will not reset the 2-character CU*BASE Employee IDs for your staff. This must be done by an internal CU security officer. Use Tool #762 Reset Employee ID Password . (This can also be done via Tool #327 CU*BASE Employee Security using the Reset PW option.) It is important that credit unions insure proper training to their employees regarding the expiration of their CU*BASE Employee ID password. We deliver a warning message of expiration 7 business days prior to the staff member.   More...

When you use the filter buttons on the File Maintenance Inquiry dashboard (Tool #159: Audit File Maintenance Inquiry (CUFMNT)), indicators note which programs, fields/columns, and files/tables AuditLink has flagged as “critical” for auditing teams to monitor on a daily basis. You can quickly sort by that indicator and select only those items for a quick scan of maintenance that directly affects member accounts. Below is a listing of these critical items. Columns/Fields Field Why   More...

Our policy is to adhere to PCI Data Security Standard/Security Audit Procedures mandates (these are the rules from Visa about how ATM, Debit, and Credit Card information is protected) which read as follows: 3.3 Mask PAN when displayed (the first six and last four digits are the maximum number of digits to be displayed). Note: This requirement does not apply to employees and other parties with a specific need to see the full PAN; nor does the requirement supersede stricter requirements in  More...

Credit unions can choose to hide the 000 account for select memberships. This is a business decision that may be elected for special accounts, for example business accounts. This feature must first be activated for the credit union in the Master Parameters in the OPER screens. Then credit unions activate it by using the Membership Designation configuration. Once activated in the membership designation, the feature will cause the 000 account to be ignored (for accounts of this membership des  More...

Using CU*BASE to Comply with New Rules for Tracking Beneficial Ownership FinCEN has issued new rules under the Bank Secrecy Act that require financial institutions to identify and verify the identity of the beneficial owners of all legal entity members (corporations, etc.). Under the final rule, credit unions are required to have written procedures to identify and verify beneficial owners of legal entity members who open new accounts on or after May 11, 2018. In addition to identifying and coll  More...

Yes, if you create them as Secondary Names as recommended, these will be scanned the same as any other member or non-member record.

The differences ultimately come down to control and cost. The online ASP system is the fastest, simplest, most inexpensive way to get started with an e-documents strategy for your credit union. With online ASP you offload the back-end service management headaches to CU*Answers. We manage, backup, secure, and patch/upgrade the eDOC servers and databases and these processes fall under our SAS 70 and third party security audits. The online ASP system consists of electronic storage of receipts, loan  More...

BSA stands for the Bank Secrecy Act. SARs stands for Suspicious Activity Reports. Listed below is a summary of the evolution of the Bank Secrecy Act. The Law Before the Patriot Act BSA of 1970 - required banks to file CTRs on single cash transactions in excess of $10,000 April 1996 – required banks to file SARs to FinCEN reporting known or suspected criminal offenses or a transaction that a bank suspects involves money laundering or violates the BSA Focus on drug trafficking After the Patr  More...

Yes. Use Tool #357 “Employee Security Audit Report.

As part of the monthly GUAPPLE management service, CU*Answers Network Services performs the tasks listed below. All units are monitored 24x7 by a custom management application hosted at CU*Answers. In addition to the daily monitoring, quarterly audits are performed against the units to ensure everything is up to spec. Important: Fully managing the GUAPPLE(s) can only be done if all of the network requirements for the GUAPPLE are met. Please refer to this article . Security updates - all GUAPP  More...

There isn't a tool for this, but what you can do to generate a list of all tools available for your credit union is create a template or temporary employee ID in T ool #327 CU*BASE Employee Security and assign it every tool. Then you can use Tool #357 Employee Security Audit Report to un the Employee Security Audit Report. Run it for the assigned tools only and it will print a report listing all the tools assigned to that employee, which in that case would be all the tools. To get this int  More...

The team at AuditLink performs daily monitoring activities on behalf of credit unions to assist in the fulfillment of Bank Secrecy Act (BSA) compliance requirements. The same procedure guide their team uses to do this work is now available to credit unions. Click the link below to order the free Daily and Weekly Procedures guide from AuditLink.

The first step is to make sure your credit union has filled out the three required forms: Sign Up Form, Electronic Payment Service Agreement, and Fed ACH Participation Agreement. There is also a non-disclosure agreement to sign to receive a copy of Magic-Wrighter's SSAE-16 audit results. Once the Client Service and Education team has received the forms from your credit union, they will send the form to our third party processor, Magic-Wrighter. Magic-Wrighter will submit a confirmation with  More...