Newsroom
August 26, 2015
NCUA institutes encryption protocols for data provided to examiners
NCUA has instituted data encryption protocols as suggested by its Office of Inspector General this June following review of an examiner's loss of a thumb drive containing credit union members' data.
The protocols were communicated Aug. 21 in a letter from NCUA Examination and Insurance Director Larry Fazio to the chief executives of federally insured credit unions.
The letter says the agency's examiners now will accept data files from credit unions only if the files are encrypted first by the credit union or, if the credit union is unable or does not wish to do that, via transfer to NCUA's encrypted equipment. In either case, parties involved will sign a "chain of custody" document. The letter, in a footnote, also advises credit unions against electronically transmitting unencrypted data to examiners.
Encryption protocols outlined in the letter will remain in use until the agency acquires a secure file transfer solution that will allow credit unions and exam staff to "securely and efficiently" exchange information, Fazio wrote. That solution is expected to be in place early next year.
NAFCU Director of Regulatory Affairs Alicia Nealon reiterated concerns aired in June about the agency's safekeeping of data. "Credit unions shouldn't be hit with costly new requirements when it is within NCUA's power to ensure against mishaps with credit union members' data," she said.
She also encouraged NCUA to follow through with the numerous other recommendations of the OIG, including better training of staff in the safe handling of credit union members' data.
The protocols were communicated Aug. 21 in a letter from NCUA Examination and Insurance Director Larry Fazio to the chief executives of federally insured credit unions.
The letter says the agency's examiners now will accept data files from credit unions only if the files are encrypted first by the credit union or, if the credit union is unable or does not wish to do that, via transfer to NCUA's encrypted equipment. In either case, parties involved will sign a "chain of custody" document. The letter, in a footnote, also advises credit unions against electronically transmitting unencrypted data to examiners.
Encryption protocols outlined in the letter will remain in use until the agency acquires a secure file transfer solution that will allow credit unions and exam staff to "securely and efficiently" exchange information, Fazio wrote. That solution is expected to be in place early next year.
NAFCU Director of Regulatory Affairs Alicia Nealon reiterated concerns aired in June about the agency's safekeeping of data. "Credit unions shouldn't be hit with costly new requirements when it is within NCUA's power to ensure against mishaps with credit union members' data," she said.
She also encouraged NCUA to follow through with the numerous other recommendations of the OIG, including better training of staff in the safe handling of credit union members' data.
Share This
Related Resources
Add to Calendar 2024-04-15 09:00:00 2024-04-15 09:00:00 Mergers and Acquisitions: Unifying Two Different Executive Total Compensation and Benefits Programs Listen On: Key Takeaways: [03:50] With the merger of a smaller credit union into a larger one you are really only dealing with integrating staff into the larger credit union. [05:53] When working with a merger of equals we start with a deep dive into the executive compensation and benefits of each organization. [09:09] If your current executive benefits provider doesn’t conduct regular plan evaluations, consider having a plan audit anyway. [13:46] Don’t overpay for these things if you don’t have to. When you have more options available that means the cost is more appropriate. [17:11] It is in a unified organization’s best interest to do tier timelines where we look at your top executives who are critical to the unified organization’s success today and then slowly add in the next levels. Web NAFCU digital@nafcu.org America/New_York public
Mergers and Acquisitions: Unifying Two Different Executive Total Compensation and Benefits Programs
preferred partner
Gallagher
Podcast
Add to Calendar 2024-04-11 14:00:00 2024-04-11 14:00:00 Regulation E: Impacts Across Your Institution Dive into regulatory excellence with, Regulation E: Impacts Across Your Institution. This webinar is tailored to empower you with the knowledge and strategies necessary to effectively implement the Electronic Funds Transfer Act (EFTA) and Regulation E within your operations. You’ll explore how to apply Regulation E across various business areas to ensure compliance obligations are met with precision. Key Takeaways Learn the basics of EFTA and Regulation E Understand how to apply Regulation E at your organization to detect processes and transactions that require Regulation E compliance Discover how Regulation E may apply to a large breath of areas in your institutions and functions for which you may rely on third-party vendors Review recent enforcement activity for non-compliance with EFTA and Regulation E Register Now $295 Members | $395 Nonmembers(Additional $50 for USB)One registration gives your entire team access to the live webinar and on-demand recording until April 11, 2025Go to the Online Training Center to access the webinar after purchase » Who Should Attend NCCOs NCRMs Compliance and risk titles Education Credits NCCOs will receive 1.0 CEUs for participating in this webinar NCRMs will recieve 1.0 CEUs for participating in this webinar Web NAFCU digital@nafcu.org America/New_York public
Regulation E: Impacts Across Your Institution
Credits: NCCO, NCRM
Webinar
Refining the Consumer Loan Experience
Credit Unions, Education, Consumer Lending, Growth & Retention, Current Affairs, Marketing
preferred partner
Securian Financial
Blog Post
Knowledge breeds empathy: New research puts credit union lenders in the minds of today’s borrower
Planning, Auto Loans, Research
preferred partner
TruStage
Blog Post
Get daily updates.
Subscribe to NAFCU today.