Affinity Plus Federal Credit Union: Widespread Ethical Lapses
It's always disappointing when someone abuses your trust. It's troubling enough when a random business does it, but it is flat out unacceptable when a financial institution proves itself corrupt. I stopped doing business with TD Ameritrade when their insecure handling of my account info lead to me getting spammed. On this very blog I gave my account of how harassing phone calls forced me to cancel my credit card with Citi. Now it seems I have another tale of woe regarding a financial institution that I joined in college, over 20 years ago, known then as State Capital Credit Union (SCCU) but is now named Affinity Plus.
Mon 21 January 2013 Received Employment Spam
This previously discussed email cluttered up my inbox.
Tue 22 January 2013 Reported Spam Using Web Form
Since I didn't know the provenance of the spam, I didn't think it was something that was a high priority. And I also wanted to include a copy of the message, so I used their online contact web form:
My question to them was fairly straightforward: was this spam someone pretending to be from Affinity Plus, or was Affinity Plus itself actually looking to hire via spam? They promise a response in 2 business days.
Tue 29 January 2013 Requested Status Using Web Form
After a week of waiting, I again used their web form to ask for a status report on the issue.
Fri 01 February 2013 Called Support Line
Still no response. Figuring their online support services are broken, I gave up and called in to the phone support number.
I spoke to someone named Chelsea, and I explained my concerns about this strange spam I had gotten that claimed to be from Sara Pook in HR. Chelsea confirmed that Sara was an actual person at Affinity Plus, and said she would further look into the issue. She then called me back to let me know that she couldn't immediately get ahold of Sara and, it being Friday afternoon, she might not have an answer until Monday.
Mon 04 February 2013 Determined HR Was At Fault
Chelsea got back to me to let me know that the email had indeed been sent on purpose. I let her know that the use of spam was not only unethical, but potentially illegal. I asked to escalate the issue to someone either in the legal department or in IT, those commonly having the best knowledge of why spam is unacceptable and what to do to fix the problem. Chelsea said she would take care of it.
I instead got a call from Sara Pook. From my conversation with her, it quickly becomes apparent that even the head of HR is aware that these emails are being sent, but nobody in the HR department sees it as spam. I again restate my desire to talk with someone in legal or IT, who will know what spam is and will be in a better position to explain to her in detail why it is wrong. Sara says she will take care of escalating the issue.
Tue 05 February 2013 Arranged To Speak With IT
Sara called me back late in the day to inform me that the VP of IT, Cary Tonne, will be able to talk with me tomorrow.
Wed 06 February 2013 Determined IT Was Complicit
Right from the start it became clear that Cary wasn't going to be helpful. His opening comment is that he didn't know what to call the issue we'd be discussing, to which I replied "Spam. Let's call it what it is. It's spam." He refused to acknowledge that spam was at issue, and was more interested in defending Affinity Plus' current practices.
He said that he didn't have a problem with sending these emails because some people might want to see them, and that they (presumably speaking for HR) were happy with the results. That is the same broken logic that all spammers use!
I then further pointed out to him that there are security implications when you hire people who purposefully click on the contents of any random email they receive, and that those are not the qualities you should be looking for when hiring at a financial institution. He, again, saw no problem with that.
When it was abundantly clear that Cary did not recognize the wrongdoing, nor would he inform/help HR fix it, I again asked to escalate the problem to someone who would recognize the seriousness of the issue(s) at hand and would address it.
I was then contacted by COO Keith Malbrue, who left a message saying he would look into the matter further.
Thu 07 February 2013
Fri 08 February 2013 Requested Status From COO
No response. At the end of the day, I leave Keith a voice mail message asking him how things are progressing. He returns the call later that same evening (leaving a voice mail for me) saying that he would be available to talk early Monday morning.
Mon 11 February 2013 Escalated to Supervisory Committee
I call Keith, and he seems overall rather disinterested in the problem. I informed him that I find it disturbing how widespread these ethical lapses are across Affinity Plus, and that I'm really, really trying to find someone inside the organization who actually understands what is wrong and can fix it. He makes no admissions or offers to do anything himself; I am shocked that a COO would be so negligent and/or powerless. Instead, Keith pushes the matter off to Bill Halloran, a member of Affinity Plus' Supervisory Committee, which was meeting the very next day. I agree to write up the incident (which is substantially what you're reading here) for him to pass along to them.
Thu 14 February 2013 Requested Status Report
Having had no response regarding the Supervisory Committee meeting on Tuesday, late in the day I send another email to Keith asking him what the outcome was.
Fri 15 February 2013 The Wait Begins
Keith responds letting me know that the Supervisory Committee was investigating the matter, and would have their results for me next week.
Mon 25 February 2013 Received Result
I finally receive a letter (actual postal mail) dated February 21st, which I may post in a later entry. The substance of the response is that (surprise, surprise) the Supervisory Committee, too, came to the conclusion that Affinity Plus was not a spamming. They had nothing to say about the fact that HR employees were lying in the messages. They had absolutely nothing to say regarding their security vulnerabilities or improper hiring practices that the messages bring to light. My mention that their contact web form was broken only got a seemingly confused mention.
At no time did they even contact me as part of their investigation to clarify any of the issues I had raised. At this time, I see no evidence that anyone at Affinity Plus had any sincere interest in finding or fixing the unethical, potentially illegal, practices. This is not the outcome I was expecting.
It was on this day I started unwinding my 20+ year history of doing my personal banking through Affinity Plus. All their talk of community and core values appears to be nothing more than a lie these days. As soon as I can be sure that all my automated payments have been transferred to (hopefully) more respectable financial institutions, I will no longer be a member of Affinity Plus Federal Credit Union.