NCU-ISAO Announces Credit Union Cyber Operations Industry Survey

Binder with Compliance label sitting on desk12/1/2020

The National Credit Union Information Sharing & Analysis Organization has announced an industry-wide Credit Union Cyber Security Operations Survey. This brief and completely anonymous survey was designed and vetted by a team of credit union professionals. Questions are aiming to collect valuable and impactful insights from industry respondents regarding cyber security structure, reporting, security awareness training, fraud and more. Credit unions that complete the survey will be emailed a copy of the complete survey insights analysis in December.

The survey takes just five minutes to complete, and NCU-ISAO membership is not required. All qualified respondents will be able to receive a copy of the final analysis report in late December*. The survey closes on Dec. 16 at 2 p.m. PST!

Click here to take the survey, and use passcode CUResilience2020.

*Because the survey collector is truly anonymous, respondents will be given instructions upon completion on how to request their copy of the final survey report.

Question of the Week

Q. What is the BSA Travel Rule?

A. The Bank Secrecy Act has a provision that requires financial institutions to include certain information on transmittal orders for funds transfer of $3,000 or more. This is commonly referred to as the “Travel Rule.”

For each payment order in the amount of $3,000 or more that a financial institution accepts as an originator’s financial institution, the institution must obtain and retain the following records:

  • Name and address of the originator
  • Amount of the payment order
  • Date of the payment order
  • Any payment instructions
  • Identity of the beneficiary’s institution.
  • As many of the following items as are received with the payment order:
    • Name and address of the beneficiary
    • Account number of the beneficiary
    • Any other specific identifier of the beneficiary

From a practical standpoint, credit unions will obtain most of this information when a funds transfer is initiated by one of its members. When the credit union accepts a funds transfer for one its members (as the beneficiary institution), it must retain a record of the payment order.

The definition of funds transfers under this rule specifically excludes electronic fund transfers under the EFTA (Reg E), as well as any other funds transfers that are made through an automated clearing house, automated teller machine, or a point-of-sale system.

Related Links

31 CFR 1010.410
31 CFR 1020.410 (a)(1)(i)

Legal Briefs

National Credit Union Administration

Register Now for Webinar on NCUA’s Response to COVID-19
On Thursday, Dec. 3, at 10 a.m. PST, the NCUA will be hosting a webinar to share more about the NCUA’s response to the COVID-19 pandemic. The NCUA staff will also discuss recently issued guidance and regulations, as well as other agency initiatives.

Proposed Rule on Capitalization of Interest
The NCUA Board approved a proposed rule that will allow credit unions to capitalize interest in connection with loan workouts and modifications. The proposed rule would establish documentation requirements to help ensure that the addition of unpaid interest to the principal balance of a mortgage loan does not hinder the borrower’s ability to become current.

Federal Credit Union Meeting Flexibility During the COVID-19 Pandemic
The NCUA has extended the relief measures for federal credit unions to adopt emergency exception to in-person quorum requirements. The federal credit union’s board may adopt the bylaw amendment by a two-thirds vote without additional approvals by the NCUA. The relief extension applies to any annual meeting held in 2021.

Joint Fact Sheet on BSA Due Diligence Requirements for Charities and Non-Profit Organizations
The NCUA, along with the other federal financial institution regulatory agencies, issued a joint fact sheet clarifying that bank and credit unions compliance efforts to meet Bank Secrecy Act due diligence requirements for customers that are charities and other nonprofit organizations should be based on the money laundering risks posed by the customer relationship. The fact sheet highlights the importance of legitimate charities and nonprofit organizations having access to financial services and being able to transmit funds through legitimate and transparent channels, especially in the context of responding to the coronavirus pandemic. It also clarifies that charities and nonprofit organizations as a whole do not present a uniform or unacceptably high risk of being used or exploited for money laundering, terrorist financing, or sanctions violations, and that banks and credit unions must develop risk profiles that are appropriate for the risks presented by each customer. Additionally, it provides examples of customer information that may be useful to banks and credit unions in determining those risk profiles.

Consumer Financial Protection Bureau

Annual Adjustment to Threshold for Smaller Loans Exempt from HMPL Appraisal Requirement
The CFPB released the annual threshold adjustment for smaller loans that are exempt from the HMPL Appraisal requirement. The new threshold of $27,200 will take effect on Jan. 1, 2021.

Annual Adjustment to Dollar Thresholds in Regulation Z
The CFPB released the annual threshold adjustments for exempt consumer credit transaction in Regulation Z. The exemption threshold will remain at $58,300 for 2021.

Office of Foreign Assets Control

OFAC has updated the SDN list as of Nov. 30. The last update prior to this was Nov. 19.

Questions? Contact the Compliance Hotline: 1.800.546.4465;

Posted in Compliance News, Compliance News.