NCUA Guidelines for Safeguarding Member Information.
Samantha: Hello, this is Samantha Shares.
This episode covers Guidelines for
Safeguarding Member Information.
The following is an audio
version of that document.
This podcast is educational
and is not legal advice.
We are sponsored by Credit Union
Exam Solutions Incorporated, whose
team has over two hundred and
forty years of National Credit
Union Administration experience.
We assist our clients with N C
U A so they save time and money.
If you are worried about a recent,
upcoming, or in process N C U A
examination, reach out to learn how they
can assist at Mark Treichel dot com.
Also check out our other podcast called
With Flying Colors where we provide tips
on how to achieve success with N C U A.
And now the document.
The N C U A Board is proposing to remove
Appendix A to part seven forty eight
from the Code of Federal Regulations.
Appendix A contains guidelines for
safeguarding member information.
These guidelines were originally
issued to meet the N C U Aâs statutory
obligation to establish standards for
federally insured credit unions to
protect the security and confidentiality
of customer records and information,
and to protect against unauthorized
access to or use of such records.
The Board now believes that placing
Appendix A inside the regulations may
be confusing because Appendix A is not
a regulation but a set of guidelines.
The Board proposes to remove Appendix
A from the Code of Federal Regulations
and instead publish its contents
as a Letter to Credit Unions, which
would streamline the regulations
and allow more efficient revisions.
Comments may be submitted within
sixty days of publication.
They may be filed through Regulations
dot gov under the docket number
associated with this rulemaking
or by mail or hand delivery to the
Secretary of the Board at N C U A
headquarters in Alexandria, Virginia.
Supplementary information.
Introduction and background.
In nineteen ninety nine, Congress
passed the Gramm Leach Bliley Act.
Section five hundred one of that
Act required the N C U A, the
federal banking agencies, and other
regulators to establish appropriate
standards relating to administrative,
technical, and physical safeguards
for customer records and information.
These safeguards must ensure the
security and confidentiality of
customer records, protect against
anticipated threats or hazards, and
protect against unauthorized access or
use that would result in substantial
harm or inconvenience to any customer.
After passage of the Gramm Leach
Bliley Act, the N C U A determined
that the required standards could be
most effectively adopted by amending
the agencyâs existing regulation
governing security programs in
federally insured credit unions.
N C U A staff worked with the federal
banking agencies to align the guidelines
with those approved by those agencies.
As a result, the N C U A adopted
the required standards as an
appendix to part seven forty eight.
Appendix A was intended to provide
federally insured credit unions
with guidance when developing the
security program required under
section seven forty eight point zero.
Appendix A has been updated over time to
reflect new requirements and to maintain
consistency with comparable regulations
issued by the federal banking agencies.
These updates have included changes to
incorporate amendments to the Fair Credit
Reporting Act regarding proper disposal
of consumer information and technical
revisions required by the Dodd Frank Wall
Street Reform and Consumer Protection Act.
The Dodd Frank Act transferred
rulemaking authority for many
consumer protection regulations from
the Federal Reserve Board to the
Consumer Financial Protection Bureau.
As a result, the N C U A was
required to update cross references
and rescind its own version of
certain privacy regulations.
Legal authority.
The N C U A is issuing this proposed
rule under the authority granted
in the Federal Credit Union Act.
Under that Act, the N C U A is the
chartering and supervisory authority
for federal credit unions and the
federal supervisory authority for
all federally insured credit unions.
The Act provides a broad mandate to issue
regulations governing these institutions.
Section one twenty is a general
grant of regulatory authority.
Section two zero nine authorizes
the N C U A to issue regulations
necessary or appropriate to carry
out its role as share insurer.
Section one seventy six six
provides authority to subject
corporate credit unions to
appropriate rules and regulations.
Proposed rule.
The Board proposes to remove
Appendix A from the Code of Federal
Regulations and instead issue
it as a Letter to Credit Unions.
The Board believes this will reinforce
its intended status as guidance
rather than a binding regulation.
The Board seeks comment on all aspects of
the proposed rule, including whether any
references to Appendix A within other N
C U A regulations would require revision.
The Board considered retaining Appendix
A in the regulation for two reasons.
First, its current placement ensures
that the agency reviews it at least
once every three years through the
rolling regulatory review process.
Second, keeping Appendix A in regulation
ensures that any future changes are
published in the Federal Register with
an opportunity for public notice and
comment, unless an exemption applies.
However, the Board now believes that
streamlining the regulations and creating
clearer separation between binding
regulations and nonbinding guidelines
outweighs the benefits of maintaining
Appendix A in the current format.
The use of Letters to Credit Unions
is well established and appropriate
for communicating guidance.
Regulatory procedures.
Under the Providing Accountability
Through Transparency Act, proposed
rules must include an internet address
where a plain language summary of no
more than one hundred words is posted.
That summary explains that the Board
is proposing to remove Appendix A
because it is guidance rather than
regulation and that publishing
it separately will simplify and
streamline the regulatory text.
Executive Orders.
The Office of Management and Budget has
determined that this proposal is not
a significant regulatory action under
Executive Order twelve eight six six.
Executive Order thirteen five six
three directs agencies to improve
regulations by modifying, streamlining,
expanding, or repealing provisions
that are outmoded or overly burdensome.
This proposed rule is
consistent with that direction.
Under Executive Order fourteen one
nine two, agencies must offset new
regulatory costs by eliminating costs
associated with prior regulations.
This rule is expected to be deregulatory.
Regulatory Flexibility Act.
The N C U A certifies that the proposed
rule will not have a significant
economic impact on a substantial
number of small credit unions.
Small credit unions are those with under
one hundred million dollars in assets.
Removing Appendix A from regulation
and issuing it as guidance does
not make substantive changes and
therefore does not impose new costs.
Paperwork Reduction Act.
The proposed rule does not create or
revise information collection requirements
and therefore does not require action
under the Paperwork Reduction Act.
Executive Order thirteen
one three two on federalism.
The proposal removes nonbinding guidelines
and does not substantively change the
requirements applicable to federally
insured state chartered credit unions.
It is not expected to affect the
division of responsibility between
state and federal regulators.
Assessment of effects on families.
The N C U A has determined
that the proposal would not
affect family well being.
Removing nonbinding guidelines
from the regulations is expected to
have only indirect effects, if any.
Regulation text.
For the reasons stated in the preamble,
the N C U A Board proposes to revise
part seven forty eight as follows.
Part seven forty eight.
Security Program, Suspicious Transactions,
Catastrophic Acts, Cyber Incidents,
and Bank Secrecy Act Compliance.
The authority citation
continues unchanged.
The table of contents is revised to
include section seven forty eight
point zero, Security Program, section
seven forty eight point one, Filing
of Reports, and section seven forty
eight point two, Procedures for
Monitoring Bank Secrecy Act Compliance.
Appendix A to part seven forty
eight, Guidelines for Safeguarding
Member Information, is removed.
This concludes the document.
If your credit union could use assistance
with your exam, reach out to Mark Treichel
on LinkedIn or at Mark Treichel dot com.
This is Samantha Shares, and
we thank you for listening.
