Board Action Bulletin
ALEXANDRIA, VA (October 19, 2023) – The National Credit Union Governing Board held its ninth open meeting for 2023, unanimously approving a proposed rule incorporating its Second Chance Interpretation Decision and Policy Statement and the Banking Fair Employment Act into its regulations. The NCUA board also approved a proposed rule that would simplify stock insurance regulations by creating a “trust account” category.
In addition, the Board received a briefing on the cybersecurity issues facing credit unions, their providers and the broader financial services sector.
The proposed rule opens up more job opportunities at credit unions
The NCUA board unanimously approved the proposed rule (opens new window) which would incorporate NCUA’s Interpretive Decision and Second Chance Policy Statement (IRPS 19-1) and the statutory prohibitions imposed by section 205(d) of the Federal Credit Union Act into agency regulations. This proposed rule would allow people convicted of certain minor crimes to work in the credit union industry without applying for Board approval.
“Many of these people are not aggressive or career criminals. They are people who made a bad choice at some point and who have since paid their debts to society,” said NCUA President Todd M. Harper. “Furthermore, a disproportionate number of these people come from communities of color. If we want to improve financial inclusion and equity in the credit union system, we need to make it easier for all demographics to access credit union employment opportunities.”
Section 205(d) prohibits, except with the prior written consent of the NCUA board, a person who has been convicted of certain crimes involving dishonesty or breach of trust or who has entered a pretrial diversion program or similar program from participating in the affairs of credit union.
The proposed rule would address, among other topics, the persons and types of crimes covered by section 205(d) and NCUA’s procedures for reviewing a consent application. In addition, the proposed rule would change the following:
- NCUA’s policies and procedures governing a Section 205(d) waiver application, as currently reflected in the Second Chance Policy Statement and pursuant to the two amendments made by the recent Fair Employment Banking Act, and with comparable provisions of the Federal Deposit Insurance Corporation.
- A regulation governing the conditions under which newly incorporated or distressed federally insured credit unions must notify the NCUA of any proposed changes to the credit union’s board of directors, committee members, or senior executive personnel and make other appropriate changes.
If a final rule is approved by the NCUA Board, the Second Chance Interpretation Rule and Policy Statement will be rescinded.
Comments on the proposed rule must be received no later than 60 days after its publication in the Federal Register.
The proposed rule to simplify stock insurance provides parity with the FDIC
Proposed rule (opens new window) which would simplify NCUA’s unit insurance regulations by creating a category of “trust accounts” was unanimously approved by the NCUA Board. The trust account category would provide coverage to the Stock Insurance Fund of funds in both revocable and irrevocable trusts deposited with federally insured credit unions in the accounts of members or those otherwise entitled to maintain insured accounts.
Chairman Harper said, “Deposit insurance at federally insured credit unions and banks is the cornerstone that provides the foundation for our nation’s viable credit unions and banking systems. The confidence created by knowing that savings are protected by the full faith and credit of the United States allows consumers to rest easy knowing that their hard-earned nest eggs up to the current limit of $250,000 will be safe even during periods of financial and economic stress. “
In addition, the proposed rule provides:
- Consistent unit insurance treatment for all mortgage service account balances held to cover principal and interest obligations to a lender.
- More flexible recordkeeping requirements that expressly allow NCUA to review records maintained in the normal course of business that are maintained by parties other than federally insured credit unions and their members.
The proposed changes to the trust account and mortgage service account provisions in NCUA’s Unit Insurance Fund regulations will align with changes previously adopted by the FDIC, effective April 1, 2024.
Comments on the proposed rule must be received no later than 60 days after publication in the Federal Register.
The board is informed about cyber security trends, vulnerabilities of third party vendors
Officials from NCUA’s Office of Reviews and Insurance and the Office of the Executive Director were notified (opens new window) The Council on Advanced Tactics for Cyber Security Attacks and Ongoing Incidents with Third-Party Vendors. Staff also briefed the board on the implementation of NCUA’s information security audit program and cyber incident reporting rule.
“For many credit unions, especially small, low-income and MDI credit unions, investing in cybersecurity can be difficult,” said Chairman Harper. “Fortunately, there are free resources available to help. I encourage all credit unions to download and use NCUA’s Automated Cybersecurity Assessment Toolbox. The ACET is offered free of charge and can be found online at the NCUA website.”
The briefing noted that MOVEit vulnerabilities led to the theft of personal data from more than 2,000 organizations and 60 million individuals. The briefing included suggestions for credit unions from the 2023 information security exams and an update on the implementation of the recently approved NCUA cyber incident reporting rule (opens new window). The staff noted that there were 146 incidents reported by credit unions in the first 30 days of the rule’s implementation, and more than 60 percent of the reported incidents were due to compromises to third-party service providers.
Chairman Harper said, “Stakeholders need to understand that the risks posed by NCUA’s lack of provider authority are real, widening, and affect us all. Until this growing regulatory blind spot is closed, thousands of federally insured credit unions, tens of millions of consumers who use credit unions, and trillions in assets are exposed to high levels of risk. During my travels and meetings with leagues and credit union officials, more CEOs and leaders have told me that they see the value and benefits of reinstating NCUA providers because they cannot manage all of the potential risks and liabilities associated with their suppliers.
NCUA continues to encourage credit union employees and boards of directors to review their relationships with third parties and vendors, assess and mitigate any potential product and service risk, and strengthen their institution’s cyber vigilance and preparedness efforts.
Information related to cybersecurity, including regulations, guidelines, and resources to help protect credit unions and their members from cyber threats, is available on NCUA’s Cybersecurity Resources webpage.
I follow @TheNCUA (opens new window)
(You will leave NCUA.gov and access a non-NCUA website. We encourage you to read NCUA’s outbound link policy. (opens new page).)
of X and access NCUA Board Action Memoranda and Policy Changes at www.ncua.gov. NCUA also live streams, archives and posts videos of open board meetings online.