ALEXANDRIA, Va. (7/6/12)--The National Credit Union Administration (NCUA) should coordinate with the Financial Stability Oversight Council (FSOC) and its member regulators to improve its own protections for private FSOC information, and better protect FSOC information from unauthorized disclosure, the NCUA's Office of the Inspector General (OIG) said in a recent review.
NCUA Chairman Debbie Matz is a member of the FSOC, which was created when the Dodd-Frank Wall Street Reform Act was signed into law in 2010. The council provides a forum for discussion between various regulatory agencies and has also been tasked with monitoring markets for disturbances and overseeing the resolution of troubled financial institutions.
Treasury Secretary Tim Geithner is the current chairman of the FSOC. Federal Reserve Chairman Ben Bernanke, Comptroller of the Currency Thomas Curry, Securities and Exchange Commission Chairman Mary Schapiro, Federal Deposit Insurance Corp. Chairman Martin Gruenberg, Consumer Financial Protection Bureau Director Richard Cordray, Commodity Futures Trading Commission Chairman Gary Gensler, and Federal Housing Finance Agency Acting Director Edward DeMarco are also voting members of the council. An independent insurance industry representative is also given a vote, and non-voting members and observers also attend FSOC meetings.
In its analysis of NCUA information security practices, the OIG found that the agency, in general, does a good job of protecting sensitive information. However, the OIG said the NCUA's policies or procedures for handling, protecting and controlling confidential non-public information, analyses or documentation of FSOC deliberations were limited.
The OIG said potential improvements could include:
- Protecting oral communication of confidential non-public FSOC information;
- Inventorying or tracking FSOC information requests and responses;
- Controlling access to and authorizing release of confidential non-public information to FSOC, FSOC member agencies or other external parties, such as the U.S. Congress; and
- Placing appropriate markings on FSOC information to identify it as containing confidential information.
The NCUA responded to the OIG report, saying that its existing information security policies, procedures, and training are effective. However, the agency said it would work with its fellow FSOC members to implement improved information security policies, procedures, and practices for FSOC information.
For the full OIG report, use the resource link.