Do you know who your members are? (No, this isn’t a trick question!) Each and every member your credit union interacts with in an official capacity should be verified upon initiation of membership and in each subsequent interaction as part of your Member Identification Program (MIP). Not only is this done to ensure that you do know who your members are, validated by authentication and documented, but it also is a primary means to help prevent fraud that could impact members, your credit union, and your community.
Here are five steps to take periodically to ensure your Member Identification Program is properly practiced:
- Review your MIP. Did you know that under the Bank Secrecy Act, credit unions are required to have a member identification program? A similar provision, Customer Identification Program, is a requirement for all U.S. financial institutions to follow under the Patriot Act. Periodically, review your MIP to be sure it is relevant, clear, and makes sense. If additional procedures should be added, include them in your program documentation, communicate them, and incorporate them into routine practice.
- Educate and re-educate your staff. Your MIP should be clearly documented and easily accessible by all staff. Given that this is a compliance matter, it should be incorporated in new hire onboarding, as well as in annual training. Keep in mind: if you gain a staff member who worked in a different credit union prior, they likely had variations in the procedures to follow. MIPs should be tailored from credit union to credit union depending on size, location, the type of account, and the methods used to open accounts.
- Find the needle in a haystack. A “member” could be an individual, business, or legal entity. For verification, use the acronym “NIDL” to ensure all requirements are being met in an MIP. “NIDL” stands for:
- Notice: Provide notice to members of the type of information routinely collected to verify their identity. This could be branch signage, website content, or copy included on forms across your institution. It also can be provided verbally by staff to members.
- Identity: Standard identification examples include name, date of birth, address, and identification number (such as a Taxpayer Identification Number or Social Security Number).
- Documents: Verify identification using government-issued documents that contain a photograph (such as an unexpired passport, driver’s license, or military ID) or by confirming information against supporting documents, such as credit bureau reports, rental agreements, bills, or other databases. Record documentation in accordance with the procedures set by your credit union’s compliance officer.
- Lists: Individual names should be checked against OFAC’s Special Designated Nationals and Blocked Persons (SDN) list.
- Educate your members. Members want to feel like you know them. Requesting verifying information is not meant to feel impersonal or be a hassle, it is done for good reason. Remind them verbally, in signage, and in strategic marketing campaigns that verifying their identification is for their own protection.
- Retain your records. MIP records showing how member identity was established must be retained for five years. If you have files older than this, they can be shredded or purged from your server.
Credit unions recently have seen increases in account takeover scams. While members may receive calls from fraudsters directly, your credit union could also receive calls from a bad actor seeking information by impersonating a member. Stay vigilant, know your members, and take steps to confirm you are talking to the right person during interactions. Please contact your Account Relationship Manager, or email ARM@synergentcorp.com, with any questions you have and for help strategizing your credit union’s best approach to MIP.