ALEXANDRIA, Va. (8/20/14)--With National Credit Union Administration examiners trying to identify and assess cybersecurity risks, the agency has released a list of cybersecurity areas examiners look at. The information is featured in this month's
The NCUA Report
The assessment includes the following questions:
- Does the credit union have a board-approved information security policy commensurate with its size and complexity that meets the NCUA requirements?
- Has management recently performed and documented an information security risk assessment to identity threats, assess potential effects and are risk-remediation plans in place?
- Is the network and critical components such as servers and computers running updated virus and malware protection software?
- Does the credit union have a password policy that meets or exceeds industry standards? According to the NCUA, this means passwords with at least eight alphanumeric and special characters; and
- Is there a vendor management program, information security awareness training program, incident response and crisis management plan, and do they comply with NCUA regulations?
The article also recommends credit union management consider the possibility of cybersecurity insurance, which should cover costs associated with business interruptions, legal fees, public relations initiatives and hiring of additional staff or vendors.
A recent Ponemon Institute study cited by the agency estimates the average cost of a data breach is $3.5 million, which includes costs for investigations, notifications to members and reissuing credit and debit cards.
The NCUA Report
also featured monthly commentary from Chair Debbie Matz. Her column listed several aspects of the agency's risk-based capital proposal that would likely be changed in response to feedback received through comment letters and the three Listening Sessions held during the summer.
She acknowledged that all risk weights in the proposal should be reviewed, and that the agency is considering lowering risk weights for investments, mortgages, member business loans, credit union service organizations and corporate credit unions.
"Examiners would have to undergo a rigorous process to convince their supervisory examiner, regional director and ultimately the NCUA board, if they believe a credit union needs to hold more capital than required by regulation," she wrote.
She also said the rule's implementation period will go "well beyond" the originally proposed 18 months, and that it would be enough time to give the NCUA time to update the call report system, train examiners on the revised rule and allow affected credit unions time to adjust their balance sheets.
- A summary of the agency's fixed-assets proposal;
- An update on the Office of Small Credit Union Initiatives FAQ+ search engine;
- A summary of the $1.1 million in mid-year operating budget reductions;
- A report on economic growth and rising interest rates;
- The basics of media relations for credit union management; and
- Information about the NCUA's video series on preventing fraud.
Use the resource link below to access the full issue.
ALEXANDRIA, Va. (8/20/14)--The National Credit Union Administration has posted an audio recording of its July 10 Listening Session in Chicago to the agency's YouTube page.
The two-hour, 54-minute recording carries the entirety of the agency's second of three sessions held this summer.
More than 160 people attended the Chicago discussion, where the primary topic was the agency's proposed risk-based capital (RBC) rule. NCUA Chair Debbie Matz and board member Michael Fryzel, a Chicago native, were in attendance.
The NCUA also held Listening Sessions on June 26 in Los Angeles and on July 17 in Alexandria, Va.
Matz noted in this month's
The NCUA Report
that the agency received more than 2,500 comments on its RBC proposal, from comment letters and attendees at the Listening Sessions, which she called "an unprecedented volume of input."
The Credit Union National Association previously posted a recording of the Chicago session to its website (
Aug. 8). The recording was provided by the Illinois Credit Union League.
CUNA also has made available a full audio recording of the NCUA's first Listening Session held in Los Angeles, as well as key audio clips of that session.
Use the resource links below to access the recordings.
WASHINGTON (8/20/14)--The Consumer Financial Protection Bureau's (CFPB) plan to allow consumer narratives in its complaint portal could likely work against consumers, as well as financial institutions, by spreading inaccurate information, according to the Financial Services Roundtable (FSR).
The FSR, which represents large integrated financial services companies, launched a campaign featuring social media and multimedia advertisements highlighting problems with the bureau's proposal.
The CFPB has accepted consumer complaints since it opened in 2011 and, to date, has handled more than 400,000 complaints. It announced the proposal to expand its consumer complaint database to include the consumer's narrative account of their experience and the problem they would like to see resolved.
The bureau said this would give context to complaints, spotlight specific trends and help consumers make more informed decisions. Those against the proposal worry it would spotlight inaccurate information without giving a named financial institution the chance to respond.
"The CFPB's plan will feature only one side of the story, and such one-sided accounts will not advance the CFPB's mission of better informing and helping consumers," said FSR President/CEO Tim Pawlenty.
The FSR cites the CFPB's own Consumer Response Report from 2013 that found, among other things, that almost 70% of all complaints filed were closed with a simple comment or clarification to the consumer.
According to the FSR, there are many unanswered questions in the CFPB's proposal, including how the CFPB plans to protect the identities of contributing consumers from the Freedom of Information Act and other public record requests and how the bureau will verify that a consumer is posting under a correct identity with an accurate account of what transpired.
On Aug. 6, the CFPB blog posted an item about universities in the Big Ten Conference that did not disclose partner contracts with financial partners for products. The report named four credit unions as failing to disclose details of the school and the financial institution it partnered with, but had to remove two credit unions from the article after it was found there was no such agreement in place.
The Credit Union National Association's Deputy General Counsel Mary Dunn took to the blog's comments to express concern that the blog entry, particularly the headline, made the impression that nondisclosure of a partnership meant these institutions were hiding information from consumers, when in fact many such disclosures are public, in accordance with state law or practices.
CUNA maintains that the other two credit unions should not have been named because there is no legal or regulatory requirement for such disclosures.
"There is no current regulatory requirement to publicly disclose a financial institution's contract with a college or university. Even so, some credit unions voluntarily choose to disclose these agreements, including two credit unions that were listed in your blog," Dunn wrote.
CUNA is currently pursuing issues related to consumer narratives being added to the CFPB complaint database with its consumer protection subcommittee.
WASHINGTON (8/20/14)--In a decision immediately called "good news for credit unions" by the National Credit Union Administration Tuesday, the U.S. Court of Appeals for the 10th Circuit reinstated its ruling that allowed the NCUA to sue several banks for alleged deceptive practices when selling mortgage-backed securities.
The NCUA has brought suit against certain banks while serving as the liquidating agent of several failed corporate credit unions, alleging that deceptive information was used to form, market and sell the mortgage-backed securities.
Banks have claimed in the case that the NCUA missed a three-year window to file suit. The Denver-based 10th Circuit Court of Appeals, however, sided with the federal credit union regulator, citing a past provision that extends the deadline for a government regulatory agency to sue on behalf of a failed financial institution.
But on June 16 the U.S. Supreme Court vacated and remanded for further consideration that 10th Circuit ruling.
The directive from the Supreme Court to the circuit court did not necessarily indicate a need for the 10th Circuit to change its opinion. Rather it instructed the lower court to look at its decision in light of a new Supreme Court ruling, established in an environmental case, which defined the difference between statutes of limitation and statutes of repose, and whether various forms of "pausing" the period of time set forth by statute apply to statutes of repose.
The Tuesday decision affects a total of six cases, allowing the NCUA to move forward. There are a total of 13 related cases that are pending. One case is awaiting an appeal at the Ninth Circuit Court of Appeals on this same issue. Most of the others are in the discovery phase.
The bank defendants in the 10th Circuit case now will have to evaluate their next move, which could involve further appellate review, settlement, or discovery and further litigation and ultimately trial in the district court.
The NCUA has settled similar suits with J.P. Morgan, Bank of America, Citigroup, Deutsche Bank Securities and HSBC, resulting in more than $1.75 billion in settlements lost by the corporate credit union investments (
June 17). According to the NCUA, the recovered funds are being set against any future corporate stabilization assessments on credit unions.
WASHINGTON (8/20/14)--New guidance issued by the Consumer Financial Protection Bureau (CFPB) illustrates things the bureau's examiners will look for loan servicing responsibilities are transferred. The CFPB's new mortgage servicing rules took effect Jan. 10 and are intended to protect borrowers from runarounds by loan servicers.
The guidance, issued by the bureau Tuesday, comes with several months of examinations under the new rules and highlights policies that are likely to get a financial institution flagged, as well as policies that meet the rule's requirements.
The new rule requires servicers to maintain accurate records, promptly credit payments, correct errors on request and maintain policies and procedures to facilitate handing over information when a servicer transfers a loan to a new company.
The CFPB currently has examination authority for financial institutions with more than $10 billion in assets. While that currently means only a few credit unions fall under the bureau's examination supervision, the new guidance is important for credit unions of all sizes, said Colleen Kelly, senior assistant general counsel for regulatory affairs for the Credit Union National Association.
"This guidance provides helpful compliance information for all credit unions that transfer mortgage servicing," she said.
The guidance lays out several specific scenarios in which CFPB examiners concluded that the servicers had engaged in unfair practices, including:
- Failing to properly identify loans that were trial or permanent modifications with the prior servicer at time of transfer;
- Failing to honor trial or permanent modification offers unless the servicer could independently confirm that the prior servicer properly offered a modification or that the offered modification met investor criteria; and
- Borrowers subsequently receiving a new modification with inferior terms, and in one case, the servicer conducted a foreclosure sale.
According to the CFPB, the servicers in the scenarios above were directed "to adopt policies and procedures to prevent continued unfair practices in this area and to remediate harmed consumers."
CFPB examiners consider transferors flagging all loans with pending loss mitigation applications, as well as approved loss mitigation plans (including trial modification plans) as having met the new rule's requirements.
Transferees requiring the transferor servicer to supply a detailed list of loans with pending loss mitigation applications, as well as approved loss mitigation plans will also be considered at having met the new requirements.
Use the resource link below to access the full bulletin.
WASHINGTON (9/19/14)--The Federal Housing Finance Agency (FHFA) has given approval to start a pilot program that would allow Federal Home Loan Bank (FHLB) member institutions to originate and sell government backed loans into Ginnie Mae mortgage-backed securities (MBS), according to a report in
The program, first proposed in September 2013, will initially be available to eligible participating members of the FHLB Chicago in Illinois and Wisconsin, with a wider rollout expected to follow (
The new product, called Mortgage Partnership Finance (MPF) Government MBS, aims to provide mortgage lenders, particularly smaller institutions that currently lack direct access to the secondary mortgage market, a new option when creating mortgage products for home-buying consumers.
According to Ginnie Mae, "lenders will be able to choose whether to retain or release servicing on the government loans they originate and they will have a reliable channel for selling their loans that removes hurdles low-volume originators face in today's competitive market."
With the new authority granted by the FHFA, the Chicago FHLB will now be able to purchase government-insured loans, hold these loans on-balance sheet and then pool them into securities guaranteed by Ginnie Mae which may then be sold to investors.
Ginnie Mae currently guarantees more than $1.4 trillion of mortgage-backed securities.
WASHINGTON (8/19/14)--With less than a year remaining until the new Truth in Lending Act/Real Estate Settlement Procedures Act (TILA/RESPA) rule goes into effect, several organizations are holding educational workshops to provide information about the rule and its implementation. The rule, which has a mandatory compliance date of Aug. 1, 2015, consolidates existing mortgage disclosures required under TILA/RESPA into two integrated forms.
CUNA Mutual Group will host a free webinar at noon (ET) today, the first in a series, designed to help credit unions understand the new rule, its impacts and how to comply.
Compliance experts will explain how the new rule may require changes to the mortgage lending process, as well as require system changes to complete the new required disclosures for mortgages and closed-end home equity lending.
"Overall, TILA/RESPA will directly affect the people, processes and technology credit unions use to support their lending operations because the regulations require loan disclosures to change dynamically to reflect each borrower's unique loan features," said Jon Bundy, regulatory compliance manager for CUNA Mutual Group. "Specifically, the rule will impact credit unions' relationships with their system providers, and most importantly, their members and their own staff."
The Consumer Financial Protection Bureau (CFPB) will host a webinar, the bureau's second in a continuing series, Aug. 26. This event is meant to address specific questions related to rule interpretation and implementation challenges that have been raised to the bureau.
Questions have been submitted by creditors, mortgage brokers, settlement agents, software developers and other stakeholders. According to the CFPB, future sessions will continue to address specific questions and challenges.
The CFPB's previous webinar was June 17, and the bureau will continue to host similar sessions throughout the implementation process. A recording of the June 17 webinar is available on the bureau's TILA/RESPA Integrated Disclosure rule homepage (see resource link).
The Aug. 26 webinar is scheduled to begin at 2 p.m. (ET).
The Credit Union National Association continues to meet frequently with the CFPB concerning rule implementation resources and efforts, and also to reiterate ongoing concerns with TILA/RESPA implementation requirements and associated regulatory burdens for credit unions.
CUNA is also working on a collection of resources designed to guide credit union compliance with the new rules, which should be online in the coming weeks.
Use the resource links below for more information.