WASHINGTON (6/26/12)--NACHA--The Electronic Payments Association should minimize compliance costs for credit unions, and look for ways to eliminate redundancies, as it develops a final version of its pending automated clearinghouse (ACH) security changes, the Credit Union National Association (CUNA) said in a recent comment letter.
Under NACHA's ACH security framework proposal, credit unions and other financial institutions and groups that take part in ACH transactions would be required to protect the confidentiality and integrity of certain sensitive consumer information, and to prevent third parties from accessing that information.
Credit unions and others that handle ACH data also would need to verify, as part of their yearly ACH Rules Compliance Audits, that they have established, implemented, and updated data security policies, procedures and systems to comply with the proposed security requirements.
The proposed NACHA rule changes are scheduled to become effective on Sept. 20, 2013.
In a comment letter, CUNA Regulatory Counsel Dennis Tsang said CUNA appreciates NACHA's efforts to improve the security and integrity of the ACH network. However, the ACH security framework should not impose specific requirements, such as specific security policies, procedures, and systems.
The letter suggested NACHA's security framework could instead allow entities that are subject to the data security rules to implement ACH security on protected information based on their own individual business and risk needs.
NACHA should also modify the framework to provide additional flexibility for institutions that use mobile and online applications in their business practices, he said.
CUNA also encouraged NACHA to minimize data security standard redundancies, noting that credit unions are already subject to data security requirements that are issued by the National Credit Union Administration, Federal Financial Institutions Examination Council, and other regulators.
For the full letter, use the resource link.