National Credit Union Information Sharing & Analysis Organization Launches Industry-Wide Cyber Security Survey


The National Credit Union Information Sharing & Analysis Organization has announced an industry-wide Credit Union Cyber Security Operations Survey. The survey takes 5 minutes to complete, and NCU-ISAO membership is not required. The survey is open until Nov. 29. All qualified respondents will be emailed a copy of the complete survey insights analysis in December and will be entered into a drawing for a chance to win a $100 Visa or MasterCard gift card.

 Eligibility, restrictions, and registration information:

  • Survey registration is limited to U.S. credit union personnel with leadership responsibilities in Information Security.
  • Respondents will need to have knowledge about organizational structure and security policies and programs to answer survey questions accurately.
  • Registration is required to ensure respondent eligibility, to receive your instructions on how to access the survey, and to receive the analyzed insights report.
  • Survey answers will be collected anonymously; respondent answers are not correlated to their registration information.
  • The survey may be completed only one time per respondent.
  • The gift card drawing will take place next month, and three winners will be randomly selected from the pool of qualified, registered respondents.

Question of the Week

Q. For BSA/AML Risk Assessment purposes, would a business account for a vehicle dealership be classified as a Money Service Business or another type of special classification?

A. FinCEN defines Money Service Businesses as a distinct category of financial service providers to include currency dealers, check cashers, issuers of traveler’s checks or money orders, seller or redeemer of traveler’s checks, money transmitters, and the U.S. Postal Service. Vehicle dealerships are not on this list.

BSA/AML requires credit unions to develop a compliance program. Credit unions are urged to use a risk-based approach with this program. In other words, they should develop procedures that take into consideration the risks associated with the membership, the service/products offered, and geographic location. In terms of membership, BSA/AML is particularly interested in cash-intensive businesses such as convenience stores, restaurants, retail stores, liquor stores, cigarette distributors, privately-owned ATMs, vending machine operators, and parking garages.

Whether you classify vehicle dealerships as high risk or low risk depends on your own BSA/AML policy tolerances. Credit unions should consider collecting the following information when opening higher risk accounts:

  • Account’s purpose
  • Member’s occupation or type of business
  • Banking references
  • Financial statements
  • Source of funds/wealth
  • Beneficial owners of the account (if applicable)

Credit unions are expected to apply enhanced customer due diligence procedures when opening accounts that fall into higher-risk categories.

Related links

BSA/AML Risk Assessment – Overview
Customer Due Diligence – Overview

Legal Briefs

National Credit Union Administration

NCUA Board Member Calls for Dedicated Consumer Compliance Exam Program

NCUA Board Member, Todd Harper, is requesting comment on a proposal to create a dedicated consumer compliance exam program for large, complex credit unions.

Consumer Financial Protection Bureau

CFPB Announced Threshold Adjustment for Smaller Loan HPML Appraisal Exemption

The CFPB announced that the threshold for exempting loans from the special appraisal requirements for higher-priced mortgage loans during 2020 will increase from $26,700 to $27,000.

CFPB Announced the Annual Threshold Adjustments for Regulation Z

The CFPB announced the dollar thresholds in Regulation Z and Regulation M that will apply for determining exempt consumer credit and lease transactions in 2020. The protections of Regulation Z and Regulation M will generally apply to consumer credit transactions and consumer lease of $58,300 or less in 2020. However, private education loans and loans secured by real property are subject to Regulation Z regardless of the amount of the loan.

Office of Foreign Assets Control

OFAC has updated the SDN list as of Oct. 23. The last update prior to this was Oct. 14.

Questions? Contact the Compliance Hotline: 1.800.546.4465,

Posted in Compliance News, Compliance News.