ALEXANDRIA, Va.-Clarification, education, and consolidation are what CUNA and NASCUS are looking to come out of NCUA's 2005 review of one-third of its regulations. In CUNA's official comment letter, Senior Regulatory Counsel Catherine Orr asked that NCUA explain its guidance on "Response Programs for Unauthorized Access to Member Information and Member Notice." She asked the agency to state, in no uncertain terms, that the guidance only pertains to credit unions and the service providers with which they have contracts. "We feel that in the event of a breach at a card processor with no link to the credit union, it should be the credit union's call (business judgment) as to whether the situation warrants notifying the membership and/or NCUA," Orr wrote. CUNA also suggested that the agency expand its records preservation regulation to provide guidance regarding which records should be retained from the "non-surviving" credit union following a merger. Orr also said it would be helpful to credit unions if NCUA's Bank Secrecy Act regulation contained a reference to the Federal Financial Institutions Examination Council's Bank Secrecy Act/Anti-Money Laundering Examination Manual. "We think including a reference to this comprehensive resource and where it can be found will help to ensure that credit unions seeking additional guidance are aware of the existence of the Manual," Orr said. "The FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual InfoBase Web site, which has the Manual as well as other resources such as forms, red flags, and frequently asked questions (FAQs), is an extremely valuable resource." Additionally, she recommended that the agency conduct BSA/AML outreach similar to that being done by the other FFIEC agencies. "Credit unions have some of the same issues and concerns with BSA/anti-money laundering compliance as well as unique ones involving, for example, CUSOs and service centers," Orr wrote. "We encourage NCUA to consider similar outreach activities for credit unions." Finally, CUNA asked that NCUA more conspicuously post its regulatory review notice on its Web site. In NAFCU's response to a request for comment on NCUA's annual review of one-third of its regulations, the group applauded the agency for informing credit unions in advance of which regs will be reviewed each year. NAFCU President and CEO Fred Becker stated that the trade association supports NCUA's security program and record retention rules, but requested some changes, in an official comment letter to the agency. Every year, NCUA reviews one-third of its regulations to keep them up-to-date and eliminate unnecessary burdens. Becker wrote that NCUA's rules on security of member data (Part 748) lists the member's name, address, or telephone number, in conjunction with the member's social security number, driver's license number, account number, credit or debit card number, or a personal identification number or password that would permit access to a member's account as "sensitive member information." NAFCU asked that a member's birthday also be included in this list as it "could be just as harmful as a security breach involving social security numbers." NAFCU also pointed out that NCUA's appendix to the records preservation program and record retention rule (Part 749) includes a list of vital records to be stored, but does not define "vital record." Becker suggested, "NCUA may wish to consider the following example as a definition: "A record essential to (1) the resumption and/or continuation of operations, (2) the recreation of the legal and financial status of the credit union, and (3) the fulfillment of obligations."" NASCUS, representing state chartered credit unions and their regulators, was keenly interested in Part 741 of NCUA's rule regarding insurance. Though NCUA's reg review did not specifically site 741, each of the rules the agency asked for comment on referenced this regulation. "NCUA should incorporate within Part 741 all rules applying to federally-insured credit unions rather then incorporate rules by reference," NASCUS Vice President of Regulatory Affairs Brian Knight wrote. "In order to understand insurance rules, credit unions should be required to review Part 741 only and not be forced to search throughout NCUA's rules for referenced provisions. Such a consolidation of rules would ease compliance burdens on smaller credit unions and clarify misunderstandings concerning which rules and which parts of rules apply." -
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.