ARLINGTON, Va. — The National Association of State Credit Union Supervisors (NASCUS) has submitted three comment letters to NCUA regarding the agency’s ongoing Deregulation Project.
Collectively, NASCUS said the comment letters address the NCUA’s proposed amendments to regulations governing corporate credit unions (Part 704), supervisory committee audits and verifications (Part 715), and the safeguarding of member information and response programs for unauthorized access to member information (Part 748).
In each letter, NASCUS said it supports reducing outdated, duplicative, and overly prescriptive requirements, and encourages the NCUA to ensure that regulatory relief is paired with clear expectations and durable supervisory frameworks.
Recommendations Offered
NASCUS has offered several recommendations in its three letters, including:
NASCUS appreciates the NCUA’s commitment to reviewing its regulations with an eye toward modernization and regulatory relief. However, NASCUS provided additional recommendations for consideration in the individual letters as outlined below.
NASCUS Comments on NCUA Rules & Regulations Part 704: Corporate Credit Unions
In its comments on Part 704, NASCUS said it has encouraged consideration of additional steps to revisit certain constraints placed on corporate credit unions in 2009, which would further reduce regulatory burden and enhance corporate credit union utility to natural person credit unions without exposing the Share Insurance Fund (SIF) to additional risk.
NASCUS Comments on NCUA Rules & Regulations Part 715—Supervisory Committee Audits & Verifications
Regarding Part 715, NASCUS said it expressed the need to reinforce accurate recordkeeping while providing additional regulatory relief through consolidation of federal insurance rules, clarifying the role of Part 715 Appendix A as rule or guidance, harmonizing the proposed changes with Parts 704, 748, and other rules under review, and modernizing the rule’s “Passbook” terminology.
In its comments on Part 748, NASCUS said it supported the distinction between regulation and guidance but stressed that regulatory relief should not dilute core cybersecurity expectations, create additional challenges to access guidance, or inhibit transparency and vetting of such guidance.
“If the NCUA moves forward with the proposal, NASCUS urges the NCUA to ensure that any future guidance is developed transparently, with stakeholder input, and preserves the essential components currently contained in Appendices A and B—risk assessment, written information security programs, incident response protocols, vendor management, board oversight, response program development, and appropriate notifications—which are foundational to effective cybersecurity governance,” the association said.
