WEBVTT NOTE This file was generated by Descript 00:00:00.469 --> 00:00:02.329 Samantha: Hello, this is Samantha Shares. 00:00:02.849 --> 00:00:06.420 This episode covers Guidelines for Safeguarding Member Information. 00:00:06.960 --> 00:00:09.470 The following is an audio version of that document. 00:00:10.060 --> 00:00:13.210 This podcast is educational and is not legal advice. 00:00:13.710 --> 00:00:17.780 We are sponsored by Credit Union Exam Solutions Incorporated, whose 00:00:17.780 --> 00:00:20.840 team has over two hundred and forty years of National Credit 00:00:20.870 --> 00:00:22.729 Union Administration experience. 00:00:23.309 --> 00:00:27.090 We assist our clients with N C U A so they save time and money. 00:00:27.450 --> 00:00:31.530 If you are worried about a recent, upcoming, or in process N C U A 00:00:31.530 --> 00:00:35.750 examination, reach out to learn how they can assist at Mark Treichel dot com. 00:00:36.340 --> 00:00:40.569 Also check out our other podcast called With Flying Colors where we provide tips 00:00:40.569 --> 00:00:43.139 on how to achieve success with N C U A. 00:00:43.639 --> 00:00:44.650 And now the document. 00:00:45.420 --> 00:00:49.770 The N C U A Board is proposing to remove Appendix A to part seven forty eight 00:00:49.770 --> 00:00:51.710 from the Code of Federal Regulations. 00:00:52.220 --> 00:00:55.790 Appendix A contains guidelines for safeguarding member information. 00:00:56.230 --> 00:01:00.190 These guidelines were originally issued to meet the N C U A’s statutory 00:01:00.190 --> 00:01:04.170 obligation to establish standards for federally insured credit unions to 00:01:04.170 --> 00:01:08.470 protect the security and confidentiality of customer records and information, 00:01:08.880 --> 00:01:12.980 and to protect against unauthorized access to or use of such records. 00:01:13.460 --> 00:01:17.220 The Board now believes that placing Appendix A inside the regulations may 00:01:17.220 --> 00:01:21.580 be confusing because Appendix A is not a regulation but a set of guidelines. 00:01:22.040 --> 00:01:26.040 The Board proposes to remove Appendix A from the Code of Federal Regulations 00:01:26.190 --> 00:01:30.000 and instead publish its contents as a Letter to Credit Unions, which 00:01:30.000 --> 00:01:33.600 would streamline the regulations and allow more efficient revisions. 00:01:34.348 --> 00:01:37.588 Comments may be submitted within sixty days of publication. 00:01:38.098 --> 00:01:41.498 They may be filed through Regulations dot gov under the docket number 00:01:41.498 --> 00:01:45.298 associated with this rulemaking or by mail or hand delivery to the 00:01:45.298 --> 00:01:49.488 Secretary of the Board at N C U A headquarters in Alexandria, Virginia. 00:01:50.187 --> 00:01:51.667 Supplementary information. 00:01:52.207 --> 00:01:53.647 Introduction and background. 00:01:54.267 --> 00:01:57.787 In nineteen ninety nine, Congress passed the Gramm Leach Bliley Act. 00:01:58.367 --> 00:02:01.727 Section five hundred one of that Act required the N C U A, the 00:02:01.727 --> 00:02:05.657 federal banking agencies, and other regulators to establish appropriate 00:02:05.657 --> 00:02:09.637 standards relating to administrative, technical, and physical safeguards 00:02:09.637 --> 00:02:11.637 for customer records and information. 00:02:12.157 --> 00:02:15.567 These safeguards must ensure the security and confidentiality of 00:02:15.567 --> 00:02:19.967 customer records, protect against anticipated threats or hazards, and 00:02:19.967 --> 00:02:24.167 protect against unauthorized access or use that would result in substantial 00:02:24.167 --> 00:02:26.587 harm or inconvenience to any customer. 00:02:27.329 --> 00:02:31.539 After passage of the Gramm Leach Bliley Act, the N C U A determined 00:02:31.539 --> 00:02:35.119 that the required standards could be most effectively adopted by amending 00:02:35.119 --> 00:02:38.829 the agency’s existing regulation governing security programs in 00:02:38.829 --> 00:02:40.679 federally insured credit unions. 00:02:41.249 --> 00:02:45.479 N C U A staff worked with the federal banking agencies to align the guidelines 00:02:45.479 --> 00:02:47.499 with those approved by those agencies. 00:02:48.069 --> 00:02:51.739 As a result, the N C U A adopted the required standards as an 00:02:51.739 --> 00:02:53.619 appendix to part seven forty eight. 00:02:54.189 --> 00:02:57.789 Appendix A was intended to provide federally insured credit unions 00:02:57.789 --> 00:03:01.299 with guidance when developing the security program required under 00:03:01.299 --> 00:03:03.359 section seven forty eight point zero. 00:03:04.131 --> 00:03:08.691 Appendix A has been updated over time to reflect new requirements and to maintain 00:03:08.691 --> 00:03:13.111 consistency with comparable regulations issued by the federal banking agencies. 00:03:13.711 --> 00:03:17.641 These updates have included changes to incorporate amendments to the Fair Credit 00:03:17.671 --> 00:03:22.011 Reporting Act regarding proper disposal of consumer information and technical 00:03:22.011 --> 00:03:26.991 revisions required by the Dodd Frank Wall Street Reform and Consumer Protection Act. 00:03:27.431 --> 00:03:30.641 The Dodd Frank Act transferred rulemaking authority for many 00:03:30.641 --> 00:03:34.201 consumer protection regulations from the Federal Reserve Board to the 00:03:34.201 --> 00:03:36.231 Consumer Financial Protection Bureau. 00:03:36.821 --> 00:03:40.771 As a result, the N C U A was required to update cross references 00:03:41.011 --> 00:03:44.191 and rescind its own version of certain privacy regulations. 00:03:44.908 --> 00:03:45.818 Legal authority. 00:03:46.428 --> 00:03:50.368 The N C U A is issuing this proposed rule under the authority granted 00:03:50.368 --> 00:03:52.088 in the Federal Credit Union Act. 00:03:52.648 --> 00:03:56.558 Under that Act, the N C U A is the chartering and supervisory authority 00:03:56.558 --> 00:04:00.138 for federal credit unions and the federal supervisory authority for 00:04:00.168 --> 00:04:02.258 all federally insured credit unions. 00:04:02.838 --> 00:04:07.418 The Act provides a broad mandate to issue regulations governing these institutions. 00:04:07.848 --> 00:04:11.338 Section one twenty is a general grant of regulatory authority. 00:04:11.748 --> 00:04:15.768 Section two zero nine authorizes the N C U A to issue regulations 00:04:15.768 --> 00:04:19.458 necessary or appropriate to carry out its role as share insurer. 00:04:19.868 --> 00:04:23.158 Section one seventy six six provides authority to subject 00:04:23.158 --> 00:04:26.478 corporate credit unions to appropriate rules and regulations. 00:04:27.210 --> 00:04:28.080 Proposed rule. 00:04:28.680 --> 00:04:31.850 The Board proposes to remove Appendix A from the Code of Federal 00:04:31.850 --> 00:04:35.500 Regulations and instead issue it as a Letter to Credit Unions. 00:04:36.150 --> 00:04:39.820 The Board believes this will reinforce its intended status as guidance 00:04:39.820 --> 00:04:41.550 rather than a binding regulation. 00:04:42.170 --> 00:04:46.730 The Board seeks comment on all aspects of the proposed rule, including whether any 00:04:46.730 --> 00:04:51.490 references to Appendix A within other N C U A regulations would require revision. 00:04:52.110 --> 00:04:55.990 The Board considered retaining Appendix A in the regulation for two reasons. 00:04:56.390 --> 00:05:00.020 First, its current placement ensures that the agency reviews it at least 00:05:00.020 --> 00:05:03.630 once every three years through the rolling regulatory review process. 00:05:04.130 --> 00:05:08.300 Second, keeping Appendix A in regulation ensures that any future changes are 00:05:08.300 --> 00:05:12.010 published in the Federal Register with an opportunity for public notice and 00:05:12.010 --> 00:05:14.390 comment, unless an exemption applies. 00:05:14.730 --> 00:05:18.670 However, the Board now believes that streamlining the regulations and creating 00:05:18.670 --> 00:05:22.900 clearer separation between binding regulations and nonbinding guidelines 00:05:22.960 --> 00:05:26.540 outweighs the benefits of maintaining Appendix A in the current format. 00:05:27.030 --> 00:05:30.740 The use of Letters to Credit Unions is well established and appropriate 00:05:30.740 --> 00:05:32.200 for communicating guidance. 00:05:32.880 --> 00:05:34.350 Regulatory procedures. 00:05:34.910 --> 00:05:38.410 Under the Providing Accountability Through Transparency Act, proposed 00:05:38.410 --> 00:05:42.480 rules must include an internet address where a plain language summary of no 00:05:42.480 --> 00:05:44.390 more than one hundred words is posted. 00:05:45.010 --> 00:05:48.940 That summary explains that the Board is proposing to remove Appendix A 00:05:48.940 --> 00:05:52.370 because it is guidance rather than regulation and that publishing 00:05:52.370 --> 00:05:55.970 it separately will simplify and streamline the regulatory text. 00:05:56.685 --> 00:05:57.855 Executive Orders. 00:05:58.385 --> 00:06:02.105 The Office of Management and Budget has determined that this proposal is not 00:06:02.105 --> 00:06:06.545 a significant regulatory action under Executive Order twelve eight six six. 00:06:07.165 --> 00:06:11.055 Executive Order thirteen five six three directs agencies to improve 00:06:11.055 --> 00:06:15.585 regulations by modifying, streamlining, expanding, or repealing provisions 00:06:15.585 --> 00:06:17.895 that are outmoded or overly burdensome. 00:06:18.565 --> 00:06:21.195 This proposed rule is consistent with that direction. 00:06:21.575 --> 00:06:25.965 Under Executive Order fourteen one nine two, agencies must offset new 00:06:25.965 --> 00:06:30.475 regulatory costs by eliminating costs associated with prior regulations. 00:06:31.045 --> 00:06:33.415 This rule is expected to be deregulatory. 00:06:34.157 --> 00:06:35.947 Regulatory Flexibility Act. 00:06:36.617 --> 00:06:40.387 The N C U A certifies that the proposed rule will not have a significant 00:06:40.417 --> 00:06:44.147 economic impact on a substantial number of small credit unions. 00:06:44.707 --> 00:06:48.777 Small credit unions are those with under one hundred million dollars in assets. 00:06:49.327 --> 00:06:52.967 Removing Appendix A from regulation and issuing it as guidance does 00:06:52.967 --> 00:06:57.017 not make substantive changes and therefore does not impose new costs. 00:06:57.759 --> 00:06:59.229 Paperwork Reduction Act. 00:06:59.889 --> 00:07:04.229 The proposed rule does not create or revise information collection requirements 00:07:04.519 --> 00:07:08.339 and therefore does not require action under the Paperwork Reduction Act. 00:07:09.048 --> 00:07:12.248 Executive Order thirteen one three two on federalism. 00:07:12.718 --> 00:07:17.048 The proposal removes nonbinding guidelines and does not substantively change the 00:07:17.048 --> 00:07:20.998 requirements applicable to federally insured state chartered credit unions. 00:07:21.538 --> 00:07:25.018 It is not expected to affect the division of responsibility between 00:07:25.018 --> 00:07:26.808 state and federal regulators. 00:07:27.583 --> 00:07:29.463 Assessment of effects on families. 00:07:30.073 --> 00:07:32.933 The N C U A has determined that the proposal would not 00:07:32.933 --> 00:07:34.343 affect family well being. 00:07:34.953 --> 00:07:38.533 Removing nonbinding guidelines from the regulations is expected to 00:07:38.533 --> 00:07:40.793 have only indirect effects, if any. 00:07:41.452 --> 00:07:42.642 Regulation text. 00:07:43.252 --> 00:07:47.592 For the reasons stated in the preamble, the N C U A Board proposes to revise 00:07:47.592 --> 00:07:49.592 part seven forty eight as follows. 00:07:50.022 --> 00:07:51.232 Part seven forty eight. 00:07:51.682 --> 00:07:56.562 Security Program, Suspicious Transactions, Catastrophic Acts, Cyber Incidents, 00:07:56.662 --> 00:07:58.702 and Bank Secrecy Act Compliance. 00:07:59.402 --> 00:08:01.942 The authority citation continues unchanged. 00:08:02.372 --> 00:08:06.092 The table of contents is revised to include section seven forty eight 00:08:06.092 --> 00:08:10.752 point zero, Security Program, section seven forty eight point one, Filing 00:08:10.752 --> 00:08:14.552 of Reports, and section seven forty eight point two, Procedures for 00:08:14.552 --> 00:08:17.072 Monitoring Bank Secrecy Act Compliance. 00:08:17.652 --> 00:08:21.252 Appendix A to part seven forty eight, Guidelines for Safeguarding 00:08:21.252 --> 00:08:23.242 Member Information, is removed. 00:08:23.977 --> 00:08:25.417 This concludes the document. 00:08:25.857 --> 00:08:30.567 If your credit union could use assistance with your exam, reach out to Mark Treichel 00:08:30.567 --> 00:08:32.557 on LinkedIn or at Mark Treichel dot com. 00:08:33.137 --> 00:08:35.797 This is Samantha Shares, and we thank you for listening.