Written by Bernadette Clair, Senior Regulatory Compliance Counsel
NCUA Supervisory Focus for 2015. NCUA recently released Letter to Credit Unions 15-CU-01, detailing the agency’s supervisory priorities for 2015. Areas of focus include cybersecurity, interest rate risk, Bank Secrecy Act compliance, and compliance with new regulations – NCUA’s liquidity rule, the CFPB’s Ability-to-Repay and Qualified Mortgage rule, and the CFPB’s TILA/RESPA Integrated Disclosure rule (after the rule goes into effect on August 1, 2015), are specifically mentioned.
In the area of cybersecurity, the focus is on proactive measures to protect data and members, as well as the ability to respond in the event of a breach. From the letter:
“NCUA field staff will focus on proactive measures credit unions can take to protect their data and their members, including:
- encrypting sensitive data;
- developing a comprehensive information security policy;
- performing due diligence over third parties that handle credit union data;
- monitoring cybersecurity risk exposure;
- monitoring transactions, and
- testing security measures.
Field staff will also be evaluating credit unions’ capacity to recover and resume operations in the event a security breach does occur. Appendix B to NCUA Rules and Regulations Part 748 provides guidance on developing an incident response program that can help a credit union react to a breach. These programs can help the credit union assess the nature and scope of an incident, determine when to contact law enforcement and notify members, and take steps to safely resume operations.
Credit union officials are also encouraged to review the online cybersecurity resources posted by NCUA and the FFIEC’s Cybersecurity and Critical Infrastructure Working Group to promote cybersecurity throughout the financial services industry.”
In the letter, NCUA also indicates that it is continuing to monitor trends in credit unions’ loan portfolios, and that it is streamlining exams for credit unions with assets up to $50 million and CAMEL ratings of 1, 2, or 3. For complete details, the letter is available in its entirety here.
Consumer Compliance Outlook. The Fourth Quarter 2014 issue of the Federal Reserve’s Consumer Compliance Outlook is now available. One of the articles, entitled “Managing Compliance Risk Through Consumer Compliance Risk Assessments,” discusses the use of consumer compliance risk assessments in identifying, measuring, monitoring, and managing consumer compliance risks associated with products and services. Although geared towards institutions subject to the Federal Reserve Board’s Community Bank Risk-Focused Consumer Compliance Supervision Program, the article is a good read.
Final day: Save $200 on any NAFCU Conference! Save $200 when you use code HOLIDAY on any of NAFCU’s 2015 conferences. It’s a great way to save big on NAFCU training; you can use code HOLIDAY as many times, and with as many employees, as you like! Our conferences are jam-packed with ideas designed to help you eliminate compliance headaches. View our conferences now and register using code HOLIDAY today; it’s your last day to save $200!