Cyber-security, BSA among top NCUA reg priorities for 2016

Jan. 12, 2016 -- Cyber-security assessments and protecting member data lead off the six areas of “supervisory priorities” for NCUA in 2016, according to a Letter to Credit Unions issued by the agency Monday.

Letter CU-16-01 is intended, NCUA states, to assist credit unions in preparing for their next NCUA examination. The letter notes that the top six areas of supervisory focus “are broadly applicable for credit unions in 2016.”

The six priorities outlined in the letter are:

  • Cyber-security assessments: “Cybersecurity threats continue to represent significant potential operational risks to financial institutions,” the letter states. “Throughout 2016, NCUA will continue to foster and facilitate sharing of best practices to strengthen credit unions’ existing cybersecurity programs.”
  • Response Programs for Unauthorized Access to Member Information: “Incident response procedures are a key part of a credit union’s information security program. In 2016 examinations, NCUA field staff will be reviewing credit unions’ incident response programs,” the letter states.
  • BSA compliance: “NCUA remains vigilant in ensuring the credit union system is not used to launder money or finance criminal or terrorist activity,” the letter states. “In 2016, NCUA field staff will focus on credit unions’ relationships with money services businesses, also known as MSBs
  • Interest-rate risk: “Rising rates may prove challenging for those credit unions that hold high concentrations of long-term assets funded with short-term liabilities,” the letter notes. “NCUA is in the process of updating interest rate risk management supervisory guidance, which will be published in 2016.”
  • TILA-RESPA Integrated Disclosure Rule: ”Credit unions that have accepted applications for real estate loans on or after Oct. 3, 2015 (except for home equity lines of credit, reverse mortgages, and commercial loans) are required to comply with the TILA-RESPA integrated disclosure rule, which the Consumer Financial Protection Bureau adopted to help consumers better understand mortgage transactions,” the LTCU states. “Field staff will be reviewing credit unions’ compliance with the relevant provisions.”
  • CUSO Reporting: “Regulatory requirements associated with NCUA’s CUSO rule became effective June 30, 2014. One of the primary changes to the rule requires all federally insured credit unions that invest in or lend to a CUSO to enter into a written agreement requiring the CUSO to submit annual reports directly to NCUA and the state supervisory authority, if applicable. CUSOs will start providing their annual reports through the CUSO Registry in 2016,” the letter points out.

Additionally, the letter notes that NCUA field staff will continue to use the streamlined small credit union exam program procedures for credit unions with assets up to $50 million and CAMEL ratings of 1, 2, or 3. “For all other credit unions, field staff will conduct risk-focused examinations, which concentrate on the areas of highest risk, new products and services, and compliance with federal regulations.”

NASCUS offers two in-depth programs in its 2016 educational calendar that take on two of the top three NCUA priorities: Cybersecurity and BSA compliance; see the links below for more information.

2016 Cybersecurity Symposium
2016 BSA Conference