June 02, 2020

Remittances, FFIEC guidance on NAFCU committee agenda

cyberNAFCU's Cybersecurity and Payments Committee is set to meet today to discuss the latest developments affecting the credit union industry, including new regulations and guidance from regulators. As credit unions work toward restoring normal operations, the committee will also discuss lessons learned from implementing teleworking policies and distributing economic impact payments.

Also on the agenda:

CFPB's Remittance Transfer Rule

Last month, the CFPB issued a final rule increasing the safe harbor threshold under its remittance rule from 100 transfers in the previous and current calendar year to 500 transfers.

NAFCU continuously worked with the bureau to obtain relief for credit unions under the rule and, although the association had advocated for a larger threshold increase, Director of Regulatory Affairs Ann Kossachev called the increase a step in the right direction.

The committee will discuss the extent credit unions provide remittance transfers above the threshold and how the new framework for providing estimates could impact operations.

Federal Financial Institutions Examination Council's (FFIEC) Statement on Risk Management for Cloud Computing

The FFIEC recently released a statement clarifying how risk when using cloud computing services can be managed, suggesting that financial institutions may choose to leverage managed security services. While the statement does not contain new regulatory expectations, it highlighted that management should not assume that effective security and resilience controls exist when technology systems are operating in a cloud computing environment.

During the meeting, NAFCU staff will ask how the statement helped inform vendor due diligence requirements and explore elements of the statement that may be unclear.

Economic Impact Payment (EIPs)

Although most EIPs, allocated under the CAREs Act, have been distributed by the Treasury Department, NAFCU staff will outline the potential for a second round of stimulus payments in future legislation and technical issues related to the screening of EIPs.

Additionally, the committee will discuss the NCUA's recent Letter to Credit Unions on examination procedures and the agency's Risk Alert that provided cybersecurity best practices for credit unions with employees working remotely due to the coronavirus pandemic.

NAFCU President and CEO Dan Berger previously called on the NCUA provide additional examination flexibility and make other regulatory adjustments to ensure credit unions can focus on helping members during the pandemic.

The committee will next meet Sept. 1.