Sponsored Content

Common Compliance Risk In Managing Credit Card Portfolios

What are common compliance pitfalls a credit union can fall into?

The Credit Card Accountability, Responsibility, and Disclosure Act (CARD), Anti-Money Laundering (AML) laws, Dodd-Frank Act, and other regulatory mandates are complex, proving it difficult for credit unions to control costs while driving portfolio growth.

According to the 2014 NAFCU Report on Credit Unions, the increased regulatory burden hampers credit unions’ ability to operate efficiently. Additionally, 2014 NAFCU poll respondents cited concerns about legislative changes as the main driver behind tightening their underwriting guidelines.

What are some of the more common pitfalls credit unions need to be aware of in managing their credit card portfolios?

Treatment of APRs:

  • If an APR is increased due to penalty pricing, a credit union must monitor the APR every six months and perform a look-back review on the cardmember’s performance, according to compliance expert Steve Van Beek of the law firm Howard & Howard. If the card member makes six payments on time after the penalty pricing is evoked, the rate must return to the pre-penalty rate.
  • Cardmember agreements often allow for a grace period within which a balance must be paid to avoid additional finance charges.
  • Rate floors are prohibited by the CARD Act on variable rate products as rates must be able to fluctuate with the index (prime rate).


  • As per the CARD act, a credit union may not charge inactivity fees and must limit fees for specific payment methods. For example, over-the-limit fees are restricted to cardmembers who have opted in to over-the-limit transactions.
  • Penalty fees, like late fees, must be proportional and fair. Safe harbor guidelines set the actual maximum fee amounts. Fees cannot exceed more than 25% of the initial credit limit during the first year the account is open.

Credit Limits:

  • A credit union must review a cardmember’s ability to pay the balance on the credit card when a new account is opened and with all credit line increases going forward.

Anti-Money Laundering, Data Protection and Record Retention:

  • A credit union must scan their portfolio against government lists, scan for potential fraud, maintain record keeping requirements, submit reports to the Financial Crimes Enforcement Network (FINCen) for suspicious activity, and train employees to review accounts for potential risks.

Third-Party Risk Management:

  • Most credit unions that self-issue credit cards rely on external partners for processing. Credit card processors tend to assume only limited liability, leaving the majority of the responsibility for regulatory compliance with the credit card portfolio owner. Simple mistakes such as inaccurate disclosure language or failure to mail updated agreements to members can lead to large compliance headaches. Additionally, many self-issuers still offer add-on products (insurance, debt cancellation, etc.), through third-party relationships. The largest national credit card issuers have paid out billions in fines and remediation associated with past add-on offerings in regards to disclosures or opt-out options. Card issuers in this business must understand why their offerings are compliant, and ensure all marketing is properly disclosed and the associated third-party contracts include indemnification language.

What are the costs associated with complying with these regulations?

A credit union must be willing to invest time and resources into ongoing training for compliance staff due to the complexity and ever evolving regulatory environment. Compliance officers must ensure documentation exists, procedures managing a credit card portfolio are compliant, and appropriate controls are in place. Over time, a credit union will find that substantial investment in technology will be needed to support these efforts. For example, the recently passed Military Lending Act (MLA) will require new tracking on all open lines of credit associated with credit card products.

Credit unions that choose to manage a credit card portfolio must be mindful of the requirements associated with all regulations. Investments in developing best practices, head count, and training will help create a culture of awareness. These values must be communicated with associated third parties and regular audits must be conducted to manage compliance risk and the required oversight of their third party relationships.

For almost 50 years, Elan has delivered a best-in-class credit card program, card products and exceptional service to its valued credit union partners. Elan is supported by over 200 compliance professionals who monitor trends and ensure compliance with ever changing regulations. Elan helps nearly 300 credit unions navigate the rapidly changing card issuance landscape. Year after year, our partners remain pleased with the Elan solution, as Elan has seen a more than 96% renewal rate. For more information, call 1-800-223-7009 or visit cupartnership.com.

This article is sponsored by a recognized solutions provider in the credit union industry. Callahan & Associates does not endorse vendors or the solutions they offer, and the views and opinions offered here might not reflect those of Callahan. If you are interested in contributing an article on CreditUnions.com, please contact the Callahan team at ads@creditunions.com or 1-800-446-7453.
November 30, 2015

Keep Reading

View all posts in:
More on:
Scroll to Top
Verified by MonsterInsights