Nov. 13, 2015 NASCUS Report | NASCUS

Nov. 13, 2015

Proposed OTR for 2016 on tap for NCUA Board
The 2016 overhead transfer rate is one of the highlights on the agenda for next week’s NCUA Board meeting of the, which also includes a proposed rule on field of membership, the agency’s and corporate stabilization fund oversight budgets for the next two years, and federal credit union operating fees. The OTR, of course, will be watched very carefully by NASCUS, which has consistently questioned the agency’s calculation of the rate. Since 1986, the OTR has mostly fluctuated around 50% to 60% of NCUA's annual budget. But, in recent years, it has grown dramatically, accounting in 2015 for 71.8% of the agency's total budget. A legal analysis commissioned by NASCUS and released in June concluded the OTR is subject to public notice and comment requirements under the Administrative Procedure Act (APA). The 29-page analysis was the first to link the OTR to the notice and comment requirements, and that an APA-compliant notice and comment process would require the NCUA Board to explain and demonstrate the methodology the board uses to calculate the OTR and its reasonableness. In late August, Chairman Debbie Matz announced that the NCUA Board would vote in January on publishing the OTR in the Federal Register and ask for public comment. That action would affect the 2017 OTR. NASCUS appreciates Chairman Matz bringing the public notice for the 2017 rate to a vote by the full Board – but we will also be looking next week for consideration of a lower OTR for 2016. The Nov. 19 open meeting will be streamed live; a video of the Oct. 15 open meeting is available online.

Brief video explaining OTR
NASCUS OTR resources
Video of Oct. 15 NCUA Board meeting

FOM modernization proposal on agenda, too
Also in next week’s meeting, the NCUA Board will consider a proposed rule to modernize its field of membership regulations. Speaking last month at the NASCUS 2015 State System Summit in New Orleans, NCUA Board Vice Chairman Rick Metsger said the proposed modernizing rule (which has been in the works since early this year) is designed to place more control of a credit union’s FOM with its board of directors to deal with local marketplace challenges. He noted that the focus of the proposal will be to give credit unions a menu of options for determining their FOMs. The menu approach, he said at the Summit, is intended to give credit unions choices that best fit their own needs. In a follow-up panel discussion at the Summit (featuring state and federal regulators, a legal expert and Metsger himself), the NCUA Board vice chairman explained that the choices would entail “a lot of different things to look at which would fit credit unions and their strategic needs.” For example, one approach would be to grant credit unions an FOM that is based on their congressional district – which, in a limited number of states, covers the entire state, Metsger said at the Summit meeting.

New York opens dialogue on coordinated cyber security rules
Potential new regulations aimed at increasing cyber security defenses within the financial sector –developed in coordination with other state and federal regulatory agencies -- are under consideration by the New York State Department of Financial Services (NYDFS), the department announced Monday in a letter to federal financial regulators and state regulatory agencies. In the letter to members of the federal Financial and Banking Information Infrastructure Committee (FBIIC, which includes NASCUS as well as NCUA, the Federal Reserve, FDIC, OCC, CSBS and others), the NYDFS wrote that it considers cyber security to be among the “most critical issues facing the financial world today—and one that poses a particular challenge to regulatory agencies.” The agency wrote that “there is a demonstrated need for robust regulatory action in the cyber security space, and the Department is now considering a new cyber security regulation for financial institutions.” In that context, the NYDFS noted that it would be “beneficial to coordinate its efforts with relevant state and federal agencies to develop a comprehensive cyber security framework that addresses the most critical issues, while still preserving the flexibility to address New York-specific concerns.” Regulation under consideration would address (among other things) cyber security policies and procedures, third-party service provider management, multi-factor authentication, application security, cyber security personnel and intelligence, audits and more. In the letter, the New York regulator invited feedback from other regulators to “develop a comprehensive approach to cyber security regulation in the weeks and months ahead.” NASCUS will be working with NYDFS on its initiative.

Letter to FBIIC members from NYDFS on proposed cybersecurity regulation

FFIEC revises, updates IT management booklet
Principles of sound information technology governance are outlined in a substantially revised Management booklet released this week by the Federal Financial Institutions Examination Council (FFIEC). The booklet, which covers sound governance and includes exam procedures, explains how IT risk management relates to enterprise-wide risk management and governance. The updated exam procedures assist examiners, FFIEC stated, in evaluating IT governance as part of overall governance in financial institutions, and IT risk management as part of enterprise-wide risk management in financial institutions. Further, it incorporates cybersecurity concepts as part of information security.

Updated/revised FFIEC IT management booklet

300 to take deep dive into BSA
About 300 participants will dig into the details of Bank Secrecy Act requirements when they meet in Fort Lauderdale beginning Monday at the NASCUS/CUNA BSA Conference, which runs through Wednesday. The three-day conference features more than 20 hours of educational sessions. Among the top general session segments: “Memoirs of A Sex Slave Survivor,” featuring Timea Nagy, a survivor of human trafficking. In her session, Nagy will provide a new perspective about how BSA detection efforts can play a key role in curbing and preventing terrorist financing and human trafficking – and inspire rank and file credit union and other financial institution staff members to greater diligence in their detection efforts. Other key general session segments include: Warning signs of human trafficking; Bitcoin and its implications; risks inherent in growing use by millennials and others of alternate payment methods (including mobile devices and prepaid cards), and; issues in serving “money service businesses;” legal obstacles in providing financial services.

BRIEFLY: Committee opportunities; Save the dates
If you’ve long had a hankering to become more involved in the setting of NASCUS issues policy and the association’s education agenda – or want to continue doing so -- now is the opportunity to satisfy that need. NASCUS committees are being formed, and positions on Education and Legislation and Regulation panels are opening up. To be considered for an appointment, or to continue serving on one of the committees, NASCUS members need to request a committee assignment for the coming year. Contact Executive Vice President and General Counsel Brian Knight ( for more information … Buying a 2016 calendar? When you do, get your Sharpie out and circle Aug. 1-2 (for the 2016 NASCUS/CUNA Cybersecurity Symposium in Chicago) and Oct. 5-7 (for the 2016 NASCUS State System Summit, also in Chicago).  And keep that Sharpie handy, as NASCUS announces more dates in the association calendar for the 2016!

NASCUS 2015-16 Education calendar

Information Contact:
Patrick Keefe, NASCUS Communications, or (703) 528-5974