On Oct. 19, NCUA proposed to allow hiring those with some offenses.
NCUA reported board approved issuance of proposed rule on fair hiring in banking.
Proposal would incorporate the NCUA’s Second chance interpretive ruling, policy statement (IRPS 19-1), and the fair hiring in banking act (FHBA) into its regulations.
Also, would amend the statutory prohibitions imposed by Federal CU act S. 205(d).
Allow people convicted of certain minor offenses to work in CU without board approval.
At 9th open meeting 2023, also issued share insurance simplification, see #188852.
Board also received briefing on cybersecurity issues facing credit unions, their vendors.
Fair Hiring in Banking
Section 205(d) prohibits person convicted of certain criminal offenses on dishonesty or breach of trust/entered pretrial diversion or similar from participating in CU affairs.
Such participation prohibited except with prior written consent of NCUA Board,.
Proposal would address, among other topics, individuals and types of offenses covered by Section 205(d) and the NCUA’s procedures for reviewing a consent application.
Would amend NCUA’s policies and procedures governing an application to rescind a prohibition per 205(d), as currently reflected in the Second Chance policy statement.
Consistent with FHBA amendments and comparable FDIC regulations, see #121712.
Also, regulation governing conditions newly chartered/troubled federally insured CUs (FICU) must notify NCUA of proposed change to board, committees, senior executives.
Additionally, conforming changes; would amend 12 CFR 701, federal CU organization, operation, 12 CFR 741, requirements for insurance, 12 CFR 746, appeals procedures.
Further, would amend 12 CFR 748, security program, suspicious transactions, catastrophic acts, cyber incidents, BSA compliance; would add new part 12 CFR 752.
If final rule approved, Second chance interpretive rule, policy statement rescinded.
Cybersecurity
Employees from Office of examination and insurance and Office of the executivedirectorbriefed the Board on trending cybersecurity attack tactics, vendor incidents.
Staff also briefed the Board on the implementation of the NCUA’s Information security examination program and reviewed the results of the Cyber incident reporting rule.
CU's were encouraged to download the Automated Cybersecurity Evaluation Toolbox.
ACET is available at no cost and can be found online on the NCUA’s website.
146 incidents were reported in the first 30 days of the cyber incident reporting rule
More than 60% of reported incidents were due to compromises to 3rd party vendors.
Credit union staff, boards of directors are encouraged to review their third-party vendor relationships, assess and mitigate potential risk associated with products.
Stressed strengthening their institution’s cyber vigilance and preparedness efforts.
Consultation
Comments must be submitted in 60 days from pending publication in federal register.
Nov. 2023 Fed Reg Proposal
On Nov. 7, 2023, NCUA published proposal in federal register, comments Jan. 8, 2024.
Sep. 19, 2024 NCUA Final Rule Approval
On Sep. 19, 2024, NCUA issuedBoard Action Bulletin reporting approval of final rule.
Codified Sec 205(d) of Federal CU act, and incorporated IRPS 19-1 and Fair hiring in banking act into NCUA regs; IRPS 19-1 rescinded with the issuance of final rule.
NCUA Board had generally adopted provisions of final rule as they were proposed.
Notable change from proposal was deleted proposed section on requirement for fidelity bond coverage and the disclosure of de minimis offenses to insured credit unions.
Will publish guidance to clarify other persons who are not institution-affiliated parties.
Final rule becomes effective 30 days following its publication in the federal register.
Sep. 30, 2024 Fed Reg Final Rule
On Sep. 30, 2024, NCUA published final rule in federal register, effective Oct. 30, 2024