Member Login

THE MEMO

DAKOTA CREDIT UNION ASSOCIATION
  • Advocacy
    • Government Affairs
    • Grassroots Action Center >
      • Advancing Communities
      • Bill Tracking
    • Political Fundraising
    • Regulatory Advocacy
    • Preserving Financial Choice for North Dakotans
  • Compliance
    • Compliance Resources
    • Compliance Solutions >
      • AffirmX
      • CECL
      • ComplySight
      • CU CMS
      • CU PolicyPro
      • InfoSight
      • PayLynxs
      • RecoveryPro
      • Training
    • The Memo: Compliance
  • Member Resources
    • Awards >
      • DakCU Awards
      • CUNA Awards
    • CU Awareness (SWAP)
    • DakCU Foundation >
      • Donor Wall
      • Memorials
      • Vacation Sweepstakes
    • DakCU Health Benefits Trust
    • Financial Well-Being for All
    • Professional Development >
      • Chapters
      • Emerging Leader Program
      • Sales CU Training
      • Training
    • Strategic Partners >
      • CAP Program Directory
      • Compliance Solutions
      • Pee Wee and Friends®
  • News & Events
    • The Memo
    • Events Calendar
    • Annual Summit >
      • Crashers
      • Presenters
      • Sponsors
    • New Ideas
    • Sales CU Training
  • About Us
    • Board of Directors
    • Contact Us
    • Our Team

Compliance Update with Amy K

7/29/2022

 
Picture
Are you prepared for the worst? RecoveryPro guides credit unions through creation, maintenance, and testing of business continuity plans. Plus, NCUA proposed rule; and more. 
NCUA Proposed Rule
At its recent board meeting, the National Credit Union Administration (NCUA) issued a proposed rule regarding cyber incident notification requirements, which can be found here.

This proposed rule has a 60-day comment period and would apply to federally insured credit unions.

The discussion of the proposed rule explains, “given the frequency and severity of cyber incidents within the financial services industry, the National Credit Union Administration Board (Board) believes it is important that the National Credit Union Administration (NCUA or agency) be notified of cyber incidents that disrupt a federally insured credit union’s (FICU) operations, lead to unauthorized access to sensitive data, or disrupt members’ access to accounts or services.”

Part 748 is proposed to be amended by adding new subsection (c)Cyber Incident Report. Under this new provision, “Each federally insured credit union must notify the appropriate NCUA-designated point of contact of the occurrence of a reportable cyber incident via email, telephone, or other similar methods that the NCUA may prescribe. The NCUA must receive this notification as soon as possible but no later than 72 hours after a federally insured credit union reasonably believes that it has experienced a reportable cyber incident or, if reporting pursuant to section (c)(1)(iii), within 72 hours of being notified by a third party, whichever is sooner.”

The proposed rule further explains what a “reportable cyber incident” may involve, including: “A reportable cyber incident is any substantial cyber incident that leads to one or more of the following: (i) A substantial loss of confidentiality, integrity, or availability of a network or member information system as defined in App. A (I)(B)(2)(e) that results from the unauthorized access to or exposure of sensitive data, disrupts vital member services as defined in § 749.1, or has a serious impact on the safety and resiliency of operational systems and processes. (ii) A disruption of business operations, vital member services, or a member information system resulting from a cyberattack or exploitation of vulnerabilities. (iii) A disruption of business operations or unauthorized access to sensitive data facilitated through, or caused by, a compromise of a credit union service organization, cloud service provider, or other third-party data hosting provider or by a supply chain compromise.”

Several definitions are proposed to clarify the notification requirement, including definitions for compromise, confidentiality, cyberattack, cyber incident, disruption, integrity, and sensitive date.

The preamble to the proposed rule explains that the NCUA expects a FICU to exercise reasonable judgment in determining whether it has experienced a substantial cyber incident that would be reportable to the agency. Under this proposal, if a FICU is unsure as to whether a cyber incident is reportable, the Board encourages the FICU to contact the agency.
 
Reminder - NCUA Regulatory Review Comments Wanted
Every year the NCUA reviews one-third of its existing regulations. Comments are due August 16, 2022. As explained by the NCUA – “The NCUA’s goal is to ensure that all of our regulations are clearly articulated and easily understood. Comments are welcome on that aspect, as well as substantive suggestions for regulatory changes.”

​The entire list of regulations under review this summer can be found here, but it includes regulations relating to FCU bylaws, FCU chartering and field of membership manual, loans to members and lines of credit to members, services for nonmembers within field of membership, truth in savings, mergers of insured credit unions into other credit unions.

If you have any thoughts or suggestions on potential improvements or changes, please submit them either directly to NCUA or feel free to send your thoughts to me and I will incorporate them into our comment letter.
 
Compliance Solution – RecoveryPro
It pays to prepare for the worst. RecoveryPro can help!
Disruption or loss of access to core business functions can have severe consequences for credit unions and their members. Business continuity planning does not question the odds of a disruption happening, but looks at the impact these disruptions may cause, then makes plans and preparations accordingly. 

RecoveryPro guides credit unions through the creation, maintenance, and testing of robust business continuity plans (BCPs). Templates and sample content lead the credit union through the collection and presentation of data, and a full content management system provides a secure online platform for management and staff to access the BCP for review and testing, or in the event of a disaster or work stoppage event.

The content in RecoveryPro is based on FFIEC guidance. It was developed with the help of a 20+ year Business Continuity veteran and has been fully vetted with multiple State and NCUA auditors. 

Credit unions will be able to easily navigate the system, which utilizes technology similar to CU PolicyPro. The CU Solutions Group staff is available to assist with technical support, questions related to content, or general best practices and tips for developing and managing the credit union's BCP. 

Learn more about RecoveryPro here. If you are more of visual learner, there is also an overview video.

As always, DakCU members may contact Amy Kleinschmit with any compliance related concerns. 
Picture

Comments are closed.

    The Memo

    The Memo is DakCU's newsletter that keeps
    ​credit union professionals updated on current news and information. ​

    Memo Home

    Want the Memo delivered straight to your inbox?
    Sign Up Now


    Archives

    March 2023
    February 2023
    January 2023
    December 2022
    November 2022
    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021


    Categories

    All
    Action Alert
    Advocacy
    Awards
    Awareness Campaign
    Compliance
    CUPAC/CULAC
    Dakota CUs Give Back
    Events
    Facebook Creeping
    Financial Well Being
    Foundation
    Fraud Alert
    Grants
    In The Spotlight
    Marketing Tips
    Member Solutions
    Miscellaneous
    ND Legislative Update
    News And Notes
    President's Perspective
    Press Releases
    SD Legislative Update
    Webinars

Copyright Dakota Credit Union Association.  All Rights Reserved.
2005 N Kavaney Dr - Suite 201 | Bismarck, North Dakota 58501
Phone: 
800-279-6328 | info@dakcu.org | sitemap | privacy policy
Picture
Picture
Picture
  • Advocacy
    • Government Affairs
    • Grassroots Action Center >
      • Advancing Communities
      • Bill Tracking
    • Political Fundraising
    • Regulatory Advocacy
    • Preserving Financial Choice for North Dakotans
  • Compliance
    • Compliance Resources
    • Compliance Solutions >
      • AffirmX
      • CECL
      • ComplySight
      • CU CMS
      • CU PolicyPro
      • InfoSight
      • PayLynxs
      • RecoveryPro
      • Training
    • The Memo: Compliance
  • Member Resources
    • Awards >
      • DakCU Awards
      • CUNA Awards
    • CU Awareness (SWAP)
    • DakCU Foundation >
      • Donor Wall
      • Memorials
      • Vacation Sweepstakes
    • DakCU Health Benefits Trust
    • Financial Well-Being for All
    • Professional Development >
      • Chapters
      • Emerging Leader Program
      • Sales CU Training
      • Training
    • Strategic Partners >
      • CAP Program Directory
      • Compliance Solutions
      • Pee Wee and Friends®
  • News & Events
    • The Memo
    • Events Calendar
    • Annual Summit >
      • Crashers
      • Presenters
      • Sponsors
    • New Ideas
    • Sales CU Training
  • About Us
    • Board of Directors
    • Contact Us
    • Our Team