One Hour Could Help Mitigate Your CU’s Exposure to Cybersecurity Risk

An upcoming webinar and Your Association’s Cybersecurity Resource Center convene guidance, resources, and best practices all in one spot.

One hour could help mitigate your credit union’s exposure to cybersecurity risk.

Northwest credit unions lead the way in connecting with each other, sharing best practices, and utilizing information to safeguard their members. And you also know that threat is constant.

Does your credit union use a computer to access and store member data? Is that computer connected to the internet? If your answer is yes, your credit union is exposed to cybersecurity risk.

Cybersecurity threats and events do not discriminate. All financial institutions are at risk for a potential cybersecurity threat or risk, regardless of their asset size, charter, membership base, or location. Because of this inherent risk, the financial industry (including the appropriate regulators) continues to produce resources, best practices, risk assessments, response programs, and new ways to test the effectiveness of controls deployed to prevent an attack from occurring.

Your Association launched a Cybersecurity Resource Center earlier this year to connect credit unions with available guidance, resources, and best practices all in one spot.

One of the resources that we recommend is the Financial Services Information Sharing and Analysis Center (FS-ISAC). In fact, the Federal Financial Institution Examination Council (FFIEC) issued guidance in 2014 that strongly encouraged financial institutions to join FS-ISAC.

FS-ISAC is a nonprofit organization that focuses on sharing cyber and physical threat intelligence analysis, as well as providing a way for institutions of all sizes to share information in real time regarding these threats. Within FS-ISAC there are Councils aimed at helping like-kind institutions share information that is pertinent to their sector.

With this in mind, FS-ISAC recently announced the launch of a new council that is specific to credit unions.  While members of the Council will still have access to the FS-ISAC information that all members receive, the Credit Union Council will be a place for credit unions of all sizes to share best practices and various experiences.

To help shape the Council into something that all credit unions can benefit from, FS-ISAC is hosting an upcoming webinar that will focus on that various information sharing and resources that are available for credit unions. Credit unions that wish to participate in the webinar are encouraged to register:

January 12, 1:00 p.m. EST

At this time, membership with FS-ISAC is strongly encouraged by regulators but is not yet a regulatory requirement. However, as the cybersecurity threats continue to evolve, sharing real time information with your and receiving timely updates from law enforcement becomes more critical in the prevention, detection, and response to cybersecurity event. Your Association recommends that your credit union consider these tools and help Northwest credit unions remain leaders in the cybersecurity space.

Compliance Question of the Week

If a law enforcement agency requests supporting documentation related to a Suspicious Activity Report (SAR) filing, what  documents do we have to give them?

Supporting documentation includes all documents or records that assisted your credit union in making the determination that the activity required a SAR filing.  This could include transaction records, account information, any correspondence, etc.  Your SAR narrative should identify the supporting documentation used for the SAR, but documentation not listed in the narrative can also be provided to law enforcement if it supports the SAR filing.

It is important to note that only information pertaining to the SAR should be provided to law enforcement without a formal request (such as a subpoena). Any requests outside of the scope of the SAR should be handled as the credit union would any other request from law enforcement.

Related Links:

FinCEN Guidance

Legal Briefs

National Credit Union Administration (NCUA)   

The NCUA released the Board Action Bulletin for its December 2016 meeting. The actions taken during the meeting include approving a final rule to eliminate the full occupancy requirements for federal credit unions, an interim final rule amending the NCUA’s Freedom of Information Act, and a request from the Texas Credit Union Department to revised its MBL rule to provide parity with the NCUA’s rule.

The November 2016 NCUA Board Meeting video is now available.

The NCUA announced that it will host a webinar, “Growing Loans and by Partnering with the USDA” on Wednesday, January 11, 2017. Credit unions interested in attending the webinar can register here.

The NCUA announced that the Board recommended a share insurance premium of between 3 to 6 basis points. The recommendation is based on the NCUSIF’s declining equity ratio due to insured share growth in credit unions and the continuing low interest-rate environment. 

Consumer Financial Protection Bureau (CFPB)

The CFPB posted an article detailing its focus on fair lending risks in 2017.

The CFPB announced its new web-based tool, Consumer Credit Trends, aimed at helping the public monitor developments in consumer lending and forecast potential future risks.

CFPB Director Cordray delivered prepared remarks at the CFPB’s Research Conference. Cordray’s remarks focus on the various financial risks posed to consumers and how the CFPB’s research helps form their rule making process.

The CFPB announced the release of a new report that discussed the costly fees and risky features associated with certain college-sponsored accounts. In addition to its findings, the CFPB reminded colleges that most are required to publicly disclose marketing contracts.

Federal Reserve Board (FRB)

The FRB released a statement from the Federal Open Market Committee that announces the committee’s decision to raise the target range for the federal funds rate.

The December issue of FedFlash is now available.  

The FRB announced changes to its check adjustment case requirements and edits. The changes, planned for the second quarter of 2017, will eliminate several investigation types that are outdates as well as implement a new deadline for receiving same day entry or acknowledgement for electronic adjustments.

The FRB announced that banking entities may seek an extension to conform their investments in a narrow class of funds that qualify as “illiquid funds” to the requirements of the Volcker Rule.

The FRB, along with the FDIC and OCC, announced the finalization of a rule that expands the number of institutions eligible for an 18-month examination cycle. Under the rule, well-capitalized and well-managed banks and savings associations with less than $1 billion in assets are eligible for the expanded examination cycle.

The FRB announced that it increased the discount rate from 1 percent to 1 ¼ percent on December 15, 2016.

The FRB announced the adoption of a final rule aimed at strengthening the ability of government authorities to resolve the largest domestic and foreign banks operating in the U.S. without any support from taxpayer-provided capital.

Federal Deposit Insurance Corporation (FDIC)

The FDIC announced that it has approved its 2017 operating budget, which will see a 2.4% decrease from 2016.

Office of the Comptroller of the Currency

The OCC announced the release of a third-party review of its enhancements of its supervision of OCC regulated institutions. While the review did indicate the agencies key improvements, it also noted that the agency has some work to continue in terms of finishing partially completed recommendations.

The OCC announced that it updated the “Consigned Items and Other Customer Services” booklet of the Comptroller’s Handbook.

Federal Housing Finance Agency (FHFA)

The FHFA issued a final rule to help the government sponsored entities meet their requirements under the Duty to Serve provisions, which require Fannie Mae and Freddie Mac to serve the specified underserved markets—manufactured housing, affordable housing preservation, and rural housing.

Fannie Mae and Freddie Mac announced their Flex Modification foreclosure prevention program. The new modification will replace current Fannie and Freddie Standard and Streamlined Modification offerings on and after October 1, 2017.

The FHFA released the 2017 scorecard for Fannie Mae and Freddie Mac which outlines specific conservatorship priorities.

The Department of Housing and Urban Development (HUD)

HUD announced that it is shifting the timeframe for FHA’s review of loans prior to endorsement from pre-closing to post-closing. Effective January 13, 2017, a lender applying for unconditional Direct Endorsement authority will submit required loan files after closing.

HUD announced that it will require housing counselors participating in HUD programs to be certified to offer counseling services to consumers. The certification requirements will include a standardized written examination and employment by a HUD-approved housing counseling agency.

Office of Foreign Assets Control (OFAC)

OFAC has updated the SDN list as of December 13, 2016. The last update prior to this was December 12, 2016.

Questions? Contact the Compliance Hotline: 1.800.546.4465, [email protected].