NCUA: Guidance on Response Programs for Unauthorized Access to Member Information and Member Notice
Samantha: Hello, this is Samantha Shares.
This episode covers Guidance on Response
Programs for Unauthorized Access to
Member Information and Member Notice.
The following is an audio
version of that document.
This podcast is educational
and is not legal advice.
We are sponsored by Credit Union
Exam Solutions Incorporated, whose
team has over two hundred and
forty years of National Credit
Union Administration experience.
We assist our clients with N C
U A so they save time and money.
If you are worried about a recent,
upcoming, or in process N C U A
examination, reach out to learn how they
can assist at Mark Treichel dot com.
Also check out our other podcast called
With Flying Colors where we provide tips
on how to achieve success with N C U A.
And now the document.
The N C U A Board is proposing to remove
Appendix B to part seven forty eight.
Appendix B provides guidance on response
programs for unauthorized access to member
information and guidance on member notice.
It was issued in two thousand five
to help federally insured credit
unions create programs to address and
respond to instances of unauthorized
access to member information.
The Board now believes that
placing Appendix B inside the
Code of Federal Regulations may be
confusing, because Appendix B is
guidance rather than a binding rule.
The Board proposes instead to
publish the content of Appendix B as
separate guidance, which will make
it easier to update and will help
streamline N C U Aâs regulations.
Comments on this proposal must be
received within sixty days of publication.
Written comments may be submitted
through Regulations dot gov under
Docket Number N C U A dash two thousand
twenty five dash one three zero five,
or by mail or hand delivery to the
Secretary of the Board at N C U A
headquarters in Alexandria, Virginia.
Supplementary information.
Introduction and background.
On May second, two thousand five, the
Board issued a final rule revising
part seven forty eight to require
federally insured credit unions to
respond to incidents of unauthorized
access to member information.
Appendix B was included to
help credit unions develop and
maintain these response programs.
It was intended as an interpretation of
the Gramm Leach Bliley Act requirement
that federal regulators adopt standards
for safeguarding customer information.
Appendix B explains that millions
of Americans fall victim to identity
theft each year, including through
misuse of personal information
obtained from credit unions.
Credit unions should take preventative
measures to safeguard member information
in a way that reflects the size and
complexity of the credit union and the
nature and scope of its activities.
The guidance is risk based and intended
to provide flexibility so that credit
unions can address incidents of
unauthorized access or use of member
information that could cause substantial
harm or inconvenience to a member.
Legal authority.
The Gramm Leach Bliley Act requires
federal regulators to establish standards
for safeguarding customer information.
Under the Federal Credit Union Act,
the N C U A examines all federally
insured credit unions and must
ensure safe and sound operations.
The Act requires the agency to
correct unsafe or unsound practices.
It provides broad authority to
require information and reports, to
examine credit unions, and to take
corrective action when necessary.
These authorities give the N C U A
Board the ability to issue regulations
to protect credit unions, their
member owners, and the National
Credit Union Share Insurance Fund.
Proposed rule.
The Board proposes to remove Appendix
B from the Code of Federal Regulations.
The Board believes the same information
can be issued through a Letter to
Credit Unions, which would make
its nonbinding nature clearer.
Publishing the guidance separately
would prevent confusion about whether
Appendix B is a regulation or guidance
and would streamline the regulatory text.
The Board considered retaining
Appendix B in its current form.
The current placement ensures
review every three years under the
agencyâs regulatory review process
and ensures any changes would be
published in the Federal Register.
It also maintains comparability with
similar guidance issued by the federal
banking agencies, which is also located
in the Code of Federal Regulations.
However, the Board now believes
that separating the guidance from
the regulation will create clearer
distinctions between binding
rules and nonbinding guidance.
The Board seeks comment on whether
Appendix B should be removed,
retained, or modified, and whether
any cross-references in other
regulations would need to be revised.
Regulatory procedures.
Under the Providing Accountability
Through Transparency Act, this
proposed rule includes a link to a
plain-language summary of no more than
one hundred words on Regulations dot gov.
The summary explains that the Board
proposes to remove Appendix B and instead
issue its content as guidance, simplifying
the regulatory text without altering
any substantive compliance obligations.
Executive Orders.
The Office of Management and Budget
has determined that this proposed
rule is not a significant regulatory
action under Executive Order
twelve eight six six, as amended.
Executive Order thirteen five six three
directs agencies to streamline and
modernize regulations, and this proposal
is consistent with that direction.
Under Executive Order fourteen one nine
two, agencies must offset new regulatory
costs by eliminating costs elsewhere.
This proposal is expected
to be deregulatory.
Regulatory Flexibility Act.
The N C U A certifies that the proposed
rule would not have a significant
economic impact on a substantial
number of small credit unions.
Removing Appendix B from regulation
and issuing it instead as guidance
does not impose new requirements
or change substantive expectations.
Small credit unions, defined as
those with under one hundred million
dollars in assets, should not
experience material economic effects.
Paperwork Reduction Act.
The proposed rule does
not create or revise
information-collection requirements.
Therefore, no Paperwork Reduction
Act changes are required.
Executive Order thirteen
one three two on federalism.
The proposal removes nonbinding
guidance from the regulation and does
not substantively change requirements
applicable to federally insured
state-chartered credit unions.
It is not intended to affect the
division of responsibility between
federal and state regulators.
Assessment of effects on families.
The N C U A has determined
that this proposed rule would
not affect family well-being.
Removing nonbinding guidance
from the regulation would have
only indirect effects, if any.
Regulation text.
For the reasons stated in the preamble,
the N C U A Board proposes to amend title
twelve of the Code of Federal Regulations,
part seven forty eight, as follows.
Part seven forty eight, Security
Program, Suspicious Transactions,
Catastrophic Acts, Cyber Incidents,
and Bank Secrecy Act Compliance.
The authority citation for part seven
forty eight continues unchanged.
The table of contents is amended to
include sections seven forty eight point
zero Security Program, seven forty eight
point one Filing of Reports, and seven
forty eight point two Procedures for
Monitoring Bank Secrecy Act Compliance.
Appendix B to part seven
forty eight is removed.
This concludes the document.
If your credit union could use assistance
with your exam, reach out to Mark Treichel
on LinkedIn or at Mark Treichel dot com.
This is Samantha Shares, and
we thank you for listening.
