Go to:

September 2018
< Aug Oct >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Ask the Right Questions When Choosing a Collateral Protection Insurance Vendor
Wednesday, March 26, 2014 6:45 AM

When you’re choosing a collateral protection insurance (CPI) vendor to protect your auto loan portfolio, part of your due diligence should be to confirm how members’ insurance information, in addition to their loan information, will be used and protected. Trace Ledbetter, senior vice president for State National Companies, says this is especially important if you’re considering a tracked CPI program, in which the vendor monitors whether collateralized loans have current insurance, and if not, places insurance coverage on the vehicles.

Credit unions have plenty of guidance available from regulators regarding due diligence in working with third parties that use member data. For example, credit unions are directed to confirm that vendors have information and network security plans in place as well as a disaster recovery plan should an emergency interrupt their data processing operations.

Due diligence should also require third parties to provide recent results from a qualified accounting firm’s examination of the company’s internal controls or systems. But Ledbetter says you shouldn’t just file away an audit report provided by a CPI vendor and check that off your due diligence list. Instead, be sure audit results are current and relevant.

According to Ledbetter, CPI vendors should provide a qualified accounting firm’s Statement on Standards for Attestation Engagements No. 16 (SSAE 16), which replaced the Statement on Auditing Standards No. 70 (SAS 70) for reports covering periods ending on or after 6/15/11.

“Ask potential tracked CPI program vendors for the SSAE 16 report called ‘SOC 1,’ which addresses a service organization’s process controls,” he suggests. “It should cover the controls that specifically affect your credit union’s loan information and the members’ insurance information.”

Some companies that offer auto loan CPI services also provide a variety of other products and services, and the SSAE 16 may be specific to something other than the service the company would provide for your credit union. Also, if the CPI vendor is outsourcing any critical functions to additional third parties, Ledbetter says you need to request a current SSAE 16 from these additional companies. And again, these reports must pertain to the specific services these companies would be providing to your CPI vendor on behalf of your credit union.

When you review the audit reports for tracked CPI programs, Ledbetter recommends looking for these controls regarding your program and your members’ insurance information:

  • Premiums are processed in accordance with the terms of the policy.
  • Premiums are accurately billed and collected.
  • Borrower insurance documents and client loan files are processed accurately and promptly.
  • Lender-placed coverage is cancelled promptly when the vendor receives proof of insurance, and any refunds due are processed accurately.
  • Claims are processed in accordance with the terms of the policy.
  • Claims are paid accurately and promptly.

“Data security and process controls certainly aren’t everything you need to know about a tracked CPI program vendor and subcontractors who have access to your members’ data,” he says. “But it’s important not to overlook them, and to ask the right questions.”

CUNA Mutual Group and State National Companies have formed an alliance to provide Tracked Collateral Protection Insurance (CPI) to credit unions.