Without confident and dedicated credit union volunteers, our industry ceases to exist. The dedication and perseverance of board member volunteers is an integral part of the credit union difference. CU*Answers is also aware of increasing legal and regulatory pressure for credit union board directors to be highly informed leaders. There are some key concepts that, if understood and implemented at your credit union, can help protect your directors and improve overall governance at your financial institution. The second part of this article discusses the importance of insurance and fraud prevention.
Insurance and exclusions
Very few directors will ever need insurance, but if things go wrong insurance is the most important protection a director can have. Directors and Officers Liability Insurance (D&O) provides general cover to a firm’s directors and senior executives. D&O reimburses (in part or in full) the costs resulting from lawsuits and judgments arising out of poor management decisions, employee dismissals, shareholder grievances, and other such acts committed in good faith. Criminal offenses are not covered under this insurance.
Another consideration is Employment Practices Liability (EPL) coverage in addition to corporate coverage – often by endorsement to the D&O policy or as a stand-alone policy issued to the company. This coverage typically protects directors, officers, employees, and the company against employment-related claims brought by employees and, in certain circumstances, specified third parties. For example, it provides coverage for wrongful dismissals or failures to promote, sexual harassment, and other violations of federal, state, or local employment and discrimination laws brought by the company’s employees. EPL claims have also seen a dramatic increase in frequency and severity over the past decade.
Most D&O policies do not impose a duty to defend on the insurer. They do, however, provide coverage for defense costs and give the insurer the right to associate with the defense and approve defense strategies, expenditures, and settlements.
A “tail” insurance policy is a separate insurance policy that provides continued coverage after the relation is over for acts that took place during the relation. Directors and officers who are part of an organization that does not have a tail policy may not have D&O coverage after they leave the organization.
Directors should always be familiar with exclusions in the D&O policy. Some of the common exclusions include the following:
Dishonesty
Dishonesty exclusions bar coverage for claims made in connection with an insured’s dishonesty, fraud, or willful violation of laws or statutes. The dishonesty exclusion also may be coupled with a personal profit exclusion, barring coverage in connection with an insured’s illicit gain. The exclusion typically only bars coverage for the insured(s) whose acts or knowledge are the basis of the claim at issue.
Insured v. insured
An insured versus insured (IvI) exclusion bars coverage for claims made by an insured (e.g., a director, officer, or corporate insured) against another insured. The exclusion essentially prevents an institution from suing or orchestrating a suit against its directors and officers in order to collect insurance proceeds. Questions regarding the application of the exclusion arise in the context of a regulatory agency conserving a credit union.
Professional liability
As a general matter, D&O policies do not provide coverage for liability associated with the provision of professional services. Thus, where an officer is liable for acts as a credit union official rather than a director of the institution, a D&O policy with a professional liability exclusion would not provide coverage.
Prior acts
Prior acts exclusions bar coverage for claims arising out of an insured’s wrongful acts prior to a specified date. The date may coincide with the termination of coverage under a previous policy. The date may also coincide with a change in status – such as a merger. For example, if a credit union is merged, the prior acts exclusion may exclude coverage for the merged entity prior to the time it was merged.
For persons serving on a credit union board, they should inquire with their agent or carrier about whether personal coverage will cover the director in the event an exclusion applies during their board service.
Fraud, embezzlement, and the supervisory committee
Fraud and embezzlement prevention are among the most serious issues facing credit union boards today. For example, members at CBS Employees Federal Credit Union and Borinquen Federal Credit Union sued the boards for failing to detect and prevent embezzlement at these financial institutions. Having an effective supervisory committee with a good working relationship with the board is vital more than ever for the credit union industry.
The supervisory committee ensures the reports on the condition of the credit union to the membership are accurate. Supervisory committees should have a mission to detect and prevent embezzlement and fraud. As mentioned in the first part of this series, supervisory committees have the power to suspend officers and directors and to call a meeting of the membership to make those suspensions permanent.
This power is reciprocal. The board can suspend supervisory committee members by a majority vote of the board of directors. The members of the credit union will decide after any suspension, whether the suspended committee member will be removed from or restored to the supervisory committee.
The supervisory committee is an important firewall to protect the institution. Supervisory committee members should have strong interest in credit union protection. Some very real fraud and embezzlement cases happened because of a lack of monitoring and controls. For example:
Surprise audits
Are surprise audits conducted, including audits that are not known to the executive officers? Do staff know when surprise cash counts are going to be conducted? Is vault cash counted and rotated?
- Credit union controls were minimal and trust was placed in the CEO. Due to this misplaced trust, no true “surprise” audits were conducted.
Reconciliations
Are daily or weekly general reconciliations performed, including by outside auditors and/or by rotating employees?
- Daily or weekly general ledger reconciliations on the primary corporate bank account would have assisted in identifying the fraud sooner.
Segregation of duties
Does one person have complete control over accounts, file maintenance changes, process, approving, funding loans, and such?
- There was not a good change management process for coding changes. Any changes to system coding should be approved by someone other than the individual that made/implemented the coding change.
- The CEO had complete control over all records and vault cash.
- The CFO had control over all accounting and accounts payable functions. Because he was trusted, no one within the credit union questioned the documents he created. The CFO exploited a flaw in the credit union’s ACH processing procedure. The lack of segregation of duties over processing of the daily ACH files allowed funds to be transferred from the credit union to his own accounts at various financial service providers.
- CEO made the purchases and approved the credit card bills for payment. While the accounting manager paid the bill, he did not question when the volume of purchases increased.
- Employees with cash access should not have the ability to code member accounts as no-mail. This maintenance should be performed with support from the member, by another individual.
Lack of knowledge or review:
- Dual controls existed but were subverted by staff: The controls were established correctly but were not effectively being executed.
- Lack of knowledge: Both the accounting manager and the supervisory committee should have known to look deeper into these purchases. The volume of them did not make sense based on the size and needs of the credit union.
- Lack of review: While the credit union had procedures in place to review file maintenance and vault activity, the employee responsible for this did not do her job. She became careless and did not always review the reports. Her review would have caught both the file maintenance and the cash withdrawal for two reasons. First, there should never be a member cash withdrawal from the vault, and second, the size of the withdrawal triggered the Currency Transaction Report filing requirement.
Regardless of a credit union’s size, the role of its volunteer board members in ensuring the protection and continuation of that credit union cannot be understated. Without proper education of their roles and the duties for which they are responsible, many issues can arise as we’ve seen from this series. If you missed it, the first half of this series discussed the director legal duties, as well as case studies putting these concepts in practice. For more information, credit unions can download CU*Answers Guide for Credit Union Boards and Supervisory Committees, available online for free at the CU*Answers Store.