NCUA: Derivatives Proposal, Corporate CU Rule, Cybersecurity

Logo for the National Credit Union Administration

The National Credit Union Administration (NCUA) Board has issued a proposed rule that would amend the NCUA’s derivatives rule in Subpart B to Part 703.

The proposed rule: 

  • Intends to modernize the NCUA’s current derivatives rule and make it more principles-based.
  • Retains key safety and soundness components, while providing more flexibility for federal credit unions (FCUs) to manage their interest rate risk (IRR) through the use of derivatives.
  • Would streamline the regulation and expand credit unions’ authority to purchase and use derivatives for the purpose of managing IRR.
  • Reorganizes rule content related to loan pipeline management into one section, which will aid in readability and clarity.

The NCUA will accept public comments on the proposal for 60 days following publication in the Federal Register.
Final Rule: Corporate CUs (Part 704)
The NCUA Board adopted a final rule that amends the NCUA’s corporate credit union regulation. The final rule updates, clarifies, and simplifies several provisions of Part 704, including:

  • Permitting a corporate credit union to make a minimal investment in a CUSO without the CUSO being classified a corporate CUSO under the NCUA’s rules.
  • Expanding the categories of senior staff positions at member credit unions eligible to serve on a corporate credit union’s board.
  • Amending the minimum experience and independence requirement for a corporate credit union’s enterprise risk management expert.

The final rule will become effective 30 days after publication in the Federal Register.
Cybersecurity Consideration for CU Boards During COVID-19
The NCUA Board also received a briefing on cybersecurity considerations for credit union boards of directors during the pandemic. The briefing addressed various types of cyber-attacks, including:

  • Phishing and malspam.
  • Credential stuffing.
  • Ransomware.
  • RDP (remote desktop protocol).
  • Targeting.
  • Unintentional DDoS attacks.

The briefing also suggested a number of questions for credit union boards to consider, including:

  • Business continuity.
  • Cyber hygiene.
  • Incident/breach management.
  • Digital strategy.

Following the briefing, Board Chairman Rodney Hood reiterated his call for Congress to provide the NCUA with vendor authority to allow the agency to better supervise third-party cybersecurity risk. The chairman made clear that he believes such authority should be provided during post-pandemic recovery. Board Members Todd Harper and J. Mark McWatters echoed the chairman’s call for vendor authority.

Pin It