Skip to content

Human Nature - The Good and The Bad

CU Customers Steal Millions
by Sam Ott

Disastrous situations can often bring out the best in human nature, but sometimes they also let us see the dark side of people. The stark contrast between a selfless act and selfish responses was revealed this week as Manhattan DA Robert Morgenthau announced his office's upcoming prosecution of individuals who took advantage of a financial institution's generosity.

The Municipal Credit Union (MCU) serves a large population of individuals directly affected by the September 11 terrorist attacks. MCU, whose main office was located near ground zero, provided financial services for employees of city, state and federal government agencies, as well as employees from the health services industry. As a result of the attacks in New York City, all communications were lost between MCU and the New York Cash Exchange (NYCE) that processed bank-to-bank transactions, including ATM withdrawals and debit card transactions. Consequently, NYCE could not access MCU accounts to determine whether sufficient funds were available to cover cash withdrawals or debit card purchases.

MCU was faced with a dilemma. It could either block ATM and debit card transactions by its members, thus protecting itself from transactions that exceeded member balances, or it could allow the transactions to proceed without balance verifications. Allowing the transactions to proceed entailed an obvious risk to the credit union, but the credit union felt strongly that cutting off access would create a financial hardship for its members at a time when they were already suffering. MCU made a business decision to continue allowing its customers to make ATM withdrawals and debit card purchases. MCU walked into the situation with its eyes open, knowing that there were risks present, but feeling strongly that it was the right thing to do.

In the two months that followed the credit union's brave act, over 4,000 of the credit union's members conducted card transactions that overdrew their accounts by a total of $15 million. 62 individuals have been arrested; 39 others are being sought. Others, with small dollar abuses, have entered into repayment agreements with the institution.

Despite the problems and losses, Thomas Siciliano, MCU's General Counsel, says that if they had it do over, they would make the same decision. MCU knew that it was unable to verify the funds in each member's accounts. "We realized that some risk was possible, but we wanted to continue to serve our members who included many families of firefighters, police officers or health care providers who were lost," Siciliano said.

MCU had developed and put in place a disaster recovery program, but as Mr. Siciliano pointed out, "No one could have anticipated the events of September 11th." The plan included a "hot site" to be activated in the event of the destruction or failure of the MCU communications systems. Unfortunately, the site was also designated as a hot site by many other incapacitated institutions and firms and it was simply overwhelmed. As a result, MCU was able to obtain aggregate withdrawal amounts from its ATM system provider, but was unable to verify individual account balances for all accounts until the first of November.

Once MCU learned of the account abuses, it mailed letters to all members with overdrafts and asked them to clear the overdrafts. In cases where this action did not resolve the issue, the accounts were turned over to a collection agency. Members who responded to either the letters or contacts from the collection agency were offered loans with defined repayment schedules. Information regarding members who did not respond was turned over to the local District Attorney's Office.

On August 5, 2002, Manhattan District Attorney Robert M. Morgenthau announced his intent to prosecute the largest offenders. The parties currently arrested or charged all incurred overdrafts of at least $7,500. More than 4,000 members each overdrew their accounts by more than $1,000. Most of the customers have paid their overdrafts or entered into loan arrangements, but many negative balances are still outstanding. A spokesperson for the District Attorney's office indicated the members that have made little or no payments are still under investigation.

MCU's heart was in the right place, but could it have done anything to reduce its potential exposure to the overdrafts and still made funds available to its members?

We checked with two BOL Gurus for their views. Both Jimmy Sawyers and D. Trent Fleming noted that this was not a case of failure of the credit union's systems and procedures. The communications interruption was the result of an unforeseeable event and was not the result of a security breach or a computer malfunction.

Mr. Fleming suggested that if faced with such a dilemma, an institution could consider making funds available for a short period of time. In the event the problem could not be quickly resolved, it might be prudent to discontinue providing the service unless the account balances could be verified.

Mr. Sawyers proposed the following steps be added as part of a disaster recovery plan to allow an institution to determine what transactions were made while the system was offline.

  1. The fraud protection features of the system should be tested at the ATM switch to make sure they are still functioning.
  2. The service provider should be instructed to report all transactions at the switch and any unusual patterns should be studied closely.
  3. A list of direct deposits should be obtained from the firms making payroll deposits to be matched against any questionable withdrawals.

In addition, the selection of a "hot site" should take into consideration the number of other entities that are clients of the provider. If at all possible, sites should be avoided that have a large number of clients located in the same vicinity in order to reduce the probability that multiple clients will find it necessary to use the site at the same time as a result of the same disaster or event.

First published on BankersOnline.com 8/07/02; Updated 8/8/02

First published on 08/08/2002

Filed under: 
Filed under operations as: 

Search Topics