2 minutes
Cybersecurity, vendor management and 'small entity' issues will be key
We’ve almost reached the end of 2015, and it’s time to start looking ahead to the new year. What compliance challenges should you be prepping for? What new hurdles should your credit union be prepared to face?
In 2015, credit union regulators focused on protections for credit union members, but we’re starting to see regulators shift their focus toward institutional rules—the items that ensure the safety and soundness of the institutions themselves.
The following three areas, in particular, are likely to see increased scrutiny and change in the year ahead:
Cybersecurity. At least 60 data breaches have occurred in the financial sector alone in 2015, compromising more than 5 million records, according to the Identity Theft Resource Center. As records continue to move online, and cyber theft becomes more sophisticated, regulators are increasingly looking at institutions’ cybersecurity measures, including infrastructure and documentation procedures. Additionally, the Federal Financial Institutions Examination Council released a cybersecurity assessment tool this summer that all credit unions may find benefit in using, even though this is currently optional.
Vendor management. The increased focus on cybersecurity will lead to additional regulatory scrutiny of credit unions’ third-party service providers. That means credit unions must have determined whether a vendor is a “significant” or a “critical” vendor, and they must know exactly how their vendors are addressing compliance obligations. Additionally, institutions must be able to demonstrate ongoing vigilance around their vendor relationships, including performing periodic contract reviews.
Community charter/asset size. Recently, the National Credit Union Administration voted to change the definition of “small entity” in the Regulatory Flexibility Act from credit unions with less than $50 million in assets to credit unions with less than $100 million in assets. The act requires NCUA to determine and consider the impact of rules—both existing and proposed—on small entities. With this change, an additional 733 credit unions are now covered under the act, bringing the total number of credit unions covered up to 4,690, or about 75 percent of federally insured credit unions. The change means more credit unions will be considered for regulatory relief when future rules are considered and established.
Institutions should continue to keep an eye on NCUA moves in the year ahead. It’s likely that credit unions will see an increasing shift toward regulations and standards similar to those in the banking industry, as well as increased scrutiny of credit unions’ internal safety and soundness.
Use the short time remaining in 2015 to resolve any compliance weaknesses you’ve identified. To do so, you may need to put a comprehensive compliance management program—and possibly an automated compliance management system—in place.
Pam Perdue is EVP/regulatory operations for Continuity, New Haven, Conn.
