NCUA Proposes MBL Changes After Review; Reacts to Security Breaches

ALEXANDRIA, Va.-NCUA issued a proposed rulemaking updating its member business lending rule following its regular review of regulations at last week’s board meeting, as well as issuing guidance in response to recent data security breaches. To further ease credit unions into business lending, the NCUA Board approved the release of a proposed rule with clarifications and definition changes to Part 723 of NCUA’s rules and regulations for a 60-day comment period. The agency is also seeking public comment on expanding the rule covering government-backed loan programs. “I think these are good changes,” NCUA Chairman JoAnn Johnson stated. “I do look forward to the comments that come back in.” The proposal clarifies that business loans made by corporate credit unions to nonmember credit union or non-corporate credit union service organizations must typically maintain-with certain exceptions-the 4% capital minimum for corporates. The current regulation states that the capital must be sufficient for Prompt Corrective Action purposes, but PCA does not apply to corporates. The current definition of “construction or development loan” is limited to arrangements for acquiring property for an income producing purpose. The proposal, however, would also account for renovating or developing property already owned by a borrower for income producing purposes. “In fact these loans in some cases may be less risky than C&D loans where borrowers are buying the property at the same time they’re financing the development,” NCUA Board Member Debbie Matz commented. It would also revise the definition of net worth in the business lending reg to be more consistent with the definition in the Federal Credit Union Act and the Prompt Corrective Action regulation. Finally, NCUA is seeking public comment on whether and how to expand the scope of the rule change from last October permitting credit unions to make Small Business Administration-backed loans under SBA’s less restrictive lending requirements. When NCUA initially amended that portion of the rule, commenters suggested that the same be done for the Farm Service Agency, the U.S. Department of Agriculture, and other government-guaranteed loan programs. NCUA asked in the proposal whether the scope should be opened up to include all such programs or a prescribed list. “Personally,” Matz stated referring to the government guarantee portion, “I don’t see the distinction between one government agency and another.” Following in step with the other Federal Financial Institutions Examination Council regulators, the NCUA Board approved a final rule and guidance on data security response programs. In 2001, NCUA updated Part 748 to include data security safeguards and provided guidelines for safeguarding member information. Last week, NCUA took it a step further to require credit unions to include in these programs a response to help mitigate risk to members due to loss or inconvenience stemming from unauthorized access to account information. The new guidance is included as Appendix B to Part 748. NCUA issued a separate but substantially similar guidance to the other FFIEC regulators to account for credit union differences. The guidance advises credit unions to identify reasonably foreseeable internal and external threats, assess the likelihood and potential damage of such threats, and assess the sufficiency of policies, procedures, and systems. NCUA also considered the quarterly insurance fund report (see charts below), which found the agency’s net income nearly $1 million above the budgeted amount, but insurance losses at $7.5 million after three months without a loss. While the number of problem credit unions was up to 267 at the end of March from 255 at year-end, only four credit unions have failed so far this year, as opposed to 21 in all of 2004. -