Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

Washington Archive


CU/merchant parity in data rules a must: CUNA to lawmakers

 Permanent link
WASHINGTON (3/6/13)--Inconsistent data security standards need to be addressed before a solution to merchant data breaches can be achieved, the Credit Union National Association said in a Wednesday letter to the U.S. Congress.
The letter was sent for the record of a House Financial Services subcommittee on financial institutions and consumer credit entitled "Data Security: Examining Efforts to Protect Americans' Financial Information." Subcommittee members Rep. David Scott (D-Ga.) and Spencer Bachus (R-Ala.) during the hearing queried government witnesses on the need for merchants to be under uniform data security and consumer notification standards.
CUNA, the National Credit Union Administration and others have recently called for data security standard parity between merchants and financial institutions.
"Simply put: credit unions and other financial institutions are subject to high data protection standards under the Gramm-Leach-Bliley Act; merchants are not. When merchant data breaches occur, financial institutions--not merchants--bear the costs of replacing credit and debit cards and fraud costs," CUNA President/CEO Bill Cheney wrote.
The Target data breach cost credit unions an estimated $30.6 million, and future fraud could increase these costs, CUNA said. Merchant data breaches are a top credit union concern. "It is an issue of such great concern because these breaches cost credit unions and their members significantly, and they divert resources from other credit union activity, including lending," Cheney wrote.
"Until and unless merchants are held accountable for the damages that breaches to their systems cause financial institutions and consumers, we have little confidence that they will be incentivized to properly secure their systems," the letter added.
To address credit union data security concerns, CUNA suggested that Congress:
  • Hold all payment system participants to comparable levels of federal data security requirements;
  • Hold those responsible for the data breach responsible for the costs of helping consumers; and
  • Ensure consumers know where their information was breached.
"Credit unions also support legislation that requires merchants to provide notice to those consumers affected by a data breach, and permits credit unions to disclose where a breach occurs when notifying members that their account has been compromised...Consumers need transparency and knowledge to understand where their data has been put at risk," the letter said.
CUNA also encouraged the committee to hold additional data breach hearings.
For the full letter, use the resource link.

NCUA launches cybersecurity resources page

 Permanent link
ALEXANDRIA, Va. (3/6/14)--The National Credit Union Administration has launched a new resource for credit unions--a webpage that provides links to cybersecurity and data security resources.
The site includes links to regulations, guidance and best practices, as well as information-sharing forums on cyber threats, among other resources.
The launch coincided with NCUA Board Chairman Matz's remarks last week at the Credit Union National Associations' Governmental Affairs Conference here.
The data breach at Target is the story of a double standard "that is neither healthy nor fair," she said at the Feb. 24 general session at the GAC. "While financial institutions are required by law to protect sensitive personal information, data protection standards for retailers are too often simply not adequate."  ( News Now Feb. 25)
The NCUA also is working on better understanding the evolving cyberthreat environment with other financial regulators, law enforcement and intelligence communities, as part of a new working group.
Use the resource link to explore the new NCUA resource.

NCUA: State data shows where strongest growth occurred

 Permanent link
Click to view larger image Click for larger view
Quarterly U.S. Map Review News Now Quarterly Map Review

Yellen pledges her best to promote strong financial system

 Permanent link
WASHINGTON (3/6/14)--At a ceremonial swearing in that took place Wednesday, new Federal Reserve Board Chairman Janet Yellin reiterated her promise to do her very best to work with her Fed colleagues and help restore the health of the economy and promote a strong and stable financial system.

"I am repeating this promise, in this distinguished company and to all others listening because that is what this ceremony is about," she said to the gathering in the Federal Reserve Building on 20th Street and Constitution Avenue NW. "The oath I have affirmed, identical to the one taken by everyone serving the Federal Reserve, is a public promise to carry out my duties guided by no interest other than the public's interest," she said in her written remarks.

Yellen said she will continue the work of repairing damage done by the financial crisis to the economy. "Too many Americans still can't find a job or are forced to work part-time. The goals set by Congress for the Federal Reserve are clear: maximum employment and stable prices.

"It is equally clear that the economy continues to operate considerably short of these objectives. I promise to do all that I can, working with my fellow policymakers, to achieve the very important goals Congress has assigned to the Federal Reserve," she said.  

Those in attendance included members of the U.S. Congress, U.S. Treasury Secretary Jack Lew, and others from the Obama administration including fellow financial regulators.

CUNA to Hill: CUs, members pay steep price for merchant data breaches

 Permanent link
WASHINGTON (3/6/14)--The Credit Union National Association made sure that every lawmaker on Capitol Hill got this message Wednesday: America's credit unions spend millions of dollars--without skipping a beat--to protect consumers from merchant data breaches by re-issuing cards, monitoring accounts and reimbursing customers for fraud.

CUNA called on merchants to start working with financial institutions now to implement the best solutions to secure the system and protect consumers from fraud and identity theft--even though these solutions may be costly.

That message to Congress came in the form of a CUNA rebuttal to a recent blog post by the National Association of Convenience Stores (NACS) in The Hill newspaper.

In CUNA's Hill blog post Wednesday--which CUNA circulated to every federal lawmaker's office-- Executive Vice President of Government Affairs John Magill refutes mistaken claims NACS made about who covers costs of a merchant's data breach: It is credit unions and other financial institutions.

"Merchants are not required to reimburse financial institutions for the cost of card re-issuance after a data breach. Nothing in the Visa and MasterCard network rules provide for merchants to cover the costs of card re-issuance.

"This cost can be quite substantial, particularly for smaller financial institutions such as credit unions: The recent Target breach has cost credit unions about $5.68 per card affected, and that doesn't even include actual fraud losses," Magill states.

Magill goes onto to rebut the merchants' claim of "forced reimbursements" from merchants to card issuers to cover the cost of fraud losses after a breach--calling the whole notion "flawed."

"The Durbin amendment only applies to debit transactions, not credit, and the rate adjustment does not cover the cost of card re-issuance."

Even when merchants are made to take responsibility--like in a recent settlement reached among TJ Maxx, Visa and  MasterCard after a recent data breach at the retailer-- the credit unions involved received only pennies on the dollar to cover fraud costs. (Magill also notes that if network rules really did provide for "forced reimbursements," then there would be no need for this type of settlement in the first place.)

Magill calls on merchants to start working together with financial institutions to implement the best solutions to secure the system and protect consumers from fraud and identity theft, "even though these solutions may be costly."

"While we have all had our disagreements about issues in the past, now is the time to put our customers first and collaborate to ensure the best outcome for Americans," he concludes.

CU retirement products shine in Forbes

 Permanent link
WASHINGTON (3/6/14)--Credit unions once again shone by a comparison of their service to consumers, this time in a Forbes magazine article that discussed the virtues and challenges of the Obama administration's new MyRA retirement account and how it compares with traditional Roth IRAs.
Credit Union National Association Chief Economist Bill Hampel was extensively quoted in the broad article, describing the lower-cost retirement account services available at credit unions.
The Forbes article listed key selling points of the MyRA, especially for Millennials and others just starting to save: There's no annual account maintenance fee; an account can be opened with as little as $25; additional contributions can be as small as $5 every payday; and, if an employer agrees, savings can be deducted automatically from a saver's paycheck, as they are with 401(k) contributions.
One big drawback however, Forbes says, is that the MyRA will not be available until much later this year. As everyone knows, the article says, this very minute is the best time to start retirement savings.
That brings the choice back to Roth IRAs, which are not terribly different from the proposed MyRA. However, Forbes warns, the fees and minimums can be significantly higher and, to make it all that much more difficult, it is hard to compare offerings.
That's where credit unions come in, says CUNA's Hampel.
"(M)ost credit unions will allow you to open a Roth IRA with that same $25 minimum MyRA will have," Hampel points out, adding, "The MyRA is, in essence, a formalized version of what most credit unions already offer."
"Moreover," he says, "if you schedule an automatic transfer from your checking account, or if your HR department allows you to set up an automatic transfer from your paycheck before it hits your checking account, you can have amounts as small as $25 or even $5 per pay period regularly transferred into that credit union Roth--again, much like the MyRA."
While it's true that the yield on Roth IRAs can be low, Hampel argues that beginner savers shouldn't get hung up on the small number in the "rate of return" category. "There is a time to be concerned about rates, but it's not when you have a really small balance,'' he says.

Hundreds file late call reports despite threatened fines

 Permanent link
ALEXANDRIA, Va. (3/6/13)--The number of federally insured credit unions filing late call reports declined by two-thirds in the fourth quarter of 2013 from the year prior.  That is the good news.
However, a number of credit unions--561--filed late or made corrections beyond the Jan. 24 deadline, the National Credit Union Administration reported Wednesday, which NCUA Board Chairman Debbie Matz said is unacceptable.
Credit unions that filed their fourth-quarter 2013 call reports late will receive a warning letter from NCUA, the agency said but subsequent late filers will be subject to civil money penalties.
The Credit Union National Association has raised concerns about the potential overuse of fines and calls on the agency to work with credit unions, particularly when exigent circumstances arise. At the same time, CUNA urges all credit unions to file their 5300 Call Reports on a timely basis.
Potential penalties for late filers include:
  • Up to a maximum of $2,000 per day for each day a required report is "minimally" late or contains uncorrected false/misleading information if the late or false/misleading filing is unintentional and the credit union has reasonable procedures in place to avoid such errors;
  • Up to a maximum of $20,000 per day for each day a required report is late or contains false/misleading information if the late or false/misleading filing is not covered by the "unintentional" safe harbor outlined above;
  • Up to a maximum of $1 million, or 1% of total assets, whichever is less, per day if a federally insured credit union knowingly or with reckless disregard for accuracy submits a false or misleading report and fails to correct it.
To determine the size of the fine, the NCUA said it will consider:
  • The size of financial resources and good faith of the credit union;
  • The gravity of the violation;
  • The history of previous violations; and,
  • Other matters as justice may require regarding the circumstances of late or false/misleading submissions, such as natural disasters and incapacitation of key employees.
Proceeds from the fines will go to the U.S. Treasury, the NCUA said.
Late-filed call reports impact NCUA's ability to conduct effective off-site supervision and are a drain on agency resources, the NCUA said. The late filings also delay the release of quarterly industry data to the general public.