Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

News Now: December 18, 2014

NCUA issues statement on info breach involving FCU exam

Washington
ALEXANDRIA, Va. (12/18/14)--The National Credit Union Administration issued a statement Wednesday saying the information breach associated with the federal examination of a California credit union is an "unfortunate, but isolated, incident," resulting from a failure to follow agency policies on securing sensitive data that have been in place since 2008.

The agency will, however, reinforce training on protecting sensitive information and review data security policies and procedures.

NCUA Executive Director Mark Treichel said in the agency statement, "The security of credit union members' personally identifiable information is a top priority for NCUA. The agency takes its responsibilities in this area very seriously and expects credit unions to do likewise. NCUA is also committed to ensuring that the data shared in exams is protected at all times."

The NCUA Tuesday confirmed to News Now the loss of a thumb drive during a federal examination of $12 million-asset Palm Springs FCU. Treichel reiterated that the thumb drive did not include passwords or PINs and that the agency has received no indication of any unauthorized access to members' accounts or attempts to gain improper access.

The executive director said that since 2008 the agency's procedures require NCUA examiners "at all times to properly secure and control electronic devices containing sensitive or confidential information." He added that the agency has conducted more than 28,000 examinations since these security policies have been in effect "without encountering a notable problem."

The NCUA said it will use this event "as an opportunity to learn." 

"We are reinforcing training on protecting sensitive information, we are reviewing our policies and procedures in this area, and we are moving as quickly as possible to consider and adopt additional safeguards to protect electronic data," Treichel added. Those actions include:
  • Creating a team to review the circumstances surrounding this incident;
  • Directing the already-established review team responsible for NCUA's Guidelines for Safeguarding Member Information (Part 748 of regulations) to study whether to require federally insured credit unions to encrypt electronic member information; and
  • Evaluating the development of a system for sharing information between the agency and federally insured credit unions through a secure portal, rather than using hardware such as a thumb drive.
The NCUA requires all staff to complete annual security awareness training, which includes training on the protection of personally identifiable information. That was last done in November. Further, field staff has been reminded of their responsibilities for maintaining information security, and field directors will review certain security policies at their next group meetings.

The agency plans additional security training in 2015.

McWatters: NCUA should take 'unambiguous' responsibility for info breach

Washington
ALEXANDRIA, Va. (12/18/14)--National Credit Union Administration board member J. Mark McWatters called on his agency Wednesday to "unambiguously" take responsibility for a lost flash drive of sensitive data that went missing during the federal examination of a California credit union. McWatters made the comments in an email sent to the Credit Union National Association.

The NCUA Tuesday confirmed a data breach caused by the loss of that flash drive containing member information during an examination of Palm Springs FCU.

After the NCUA released an official comment on the situation Wednesday from its executive director, Mark Treichel (see related story: NCUA issues statement on info breach involving FCU exam), McWatters contacted CUNA to make the following observations he said reflect his understanding of the facts as presented by NCUA staff.

McWatters said, "An officer of the Palm Springs Credit Union gave an NCUA examiner an unencrypted flash drive containing sensitive and confidential information. While in the possession of the NCUA examiner the flash drive went missing and has not been recovered.

"The credit union sent a letter to its members notifying them of the data breach. The letter stated that the breach was caused by 'auditors' or during an audit process. NCUA staff reviewed the letter before it was sent to the credit union members.

"NCUA should have unambiguously taken responsibility for the breach. The credit union was not at fault and the credit union's auditors were not at fault. NCUA was at fault. Any attempt to shift culpability to unnamed auditors was ill advised. NCUA performs an examination and supervision function and not an audit function.

"The resolution of this matter and the payment of any amounts in settlement of any claims to the credit union, it's members or other persons should be addressed in an open and fully transparent meeting of the NCUA board.

"In my view, the NCUA (Office of Inspector General)should consider investigating this matter."


When contacted by CUNA for comment, NCUA Chief of Staff Steve Bosack offered the following information about the agency's notification process:

"NCUA follows the data breach guidance from the U.S. Office of Management and Budget (OMB).  According to OMB's Recommendations for Identity Theft Related Data Breach Notification: 'Whenever possible, to avoid creating confusion and anxiety, the actual notice should come from the entity which the affected individuals are reasonably likely to perceive as the entity with which they have a relationship  (i.e. their credit union).

"'(P)ublic announcement of the breach could itself cause criminals engaged in fraud under the guise of providing legitimate assistance, to use various techniques, including email or the telephone, to deceive individuals affected by the breach in disclosing their credit card numbers, bank account information, SSNs, passwords, or other sensitive information…'

"When determining the level of risk of identity theft, 'the agency should consider not simply the data that was compromised, but all of the circumstances of the data loss, including...the means by which the loss occurred, including whether the incident might be the result of a criminal act or is likely to result in criminal activity...and the evidence that the compromised information is actually being used to commit identity theft...for example, as a general matter, the risk of identity theft is greater if the covered information was stolen by a thief who was targeting the data (such as a computer hacker) than if the information was inadvertently left unprotected in a public location, such as a brief case in a lobby.'

"OMB's supplemental guidance to agencies, Safe Guarding Against and Responding to the Breach of Personally Identifiable Information, cites: 'Chilling Effects of Notices.  A number of experts have raised concerns about unnecessary notification and the chilling effect this may have on the public. In addition, agencies should consider the costs to individuals and businesses of responding to notices where the risk of harm may be low.  Agencies should exercise care to evaluate the benefit of notifying the public of low-impact incidents.'

"A lost thumb drive at a 1,600-member credit union, with no evidence of theft or misuse, would qualify as a 'low-impact incident.' In fact, this is the only incident we know of among tens of thousands of NCUA exams conducted since the OMB guidance was established in 2006."

Other Resources

Consumers trust CUs over merchants for data security: Bizrate

CU System
LOS ANGELES (12/18/14)--Online shoppers trust their credit unions more than merchants when it comes to data security, according to a new survey.

In a poll of 62,000 online shoppers conducted by Bizrate Insights, when asked which company they most trust with their payment and personal information, 72% of respondents listed their credit union or bank.
 
Click to view larger image (CUNA Graphic)
The second most-trusted entity was PayPal, which was named by 48.9% of respondents, followed by Amazon, which garnered 45.4% of responses. Apple was fourth, with 21% of responses.
 
Overall, three of four (76%) online buyers are dissatisfied with the strength of credit card and personal information security among retailers. Across all generations and both genders, a shopper's own financial institution is trusted the most with credit card data and personally identifiable information.
 
The Credit Union National Association has stepped up its advocacy efforts to protect credit unions and other financial institutions, as well as consumers' data, from ever-increasing data breaches. Resources recently made available include a Stop the Data Breaches website , a video providing an overview of retailer data breaches and increased communications to legislators and other stakeholders pressing for stricter merchant security standards.

NCUA sues U.S. Bank, BofA alleging failure in RMBS trustee duties, seeks damages

Washington
ALEXANDRIA, Va. (12/18/14)--A lawsuit has been filed by the National Credit Union Administration alleging two banks failed to fulfill their duties as trustees for 99 residential mortgage-backed securities trusts. The agency announced the lawsuit, which has been filed against U.S. Bank National Association and Bank of America National Association, Wednesday.

"NCUA will diligently continue to pursue legal remedies against parties that contributed to losses suffered by the credit union system," said NCUA Chair Debbie Matz. "U.S. Bank and Bank of America had obligations under federal and state law, and they failed to live up to those obligations. This caused significant harm to trust beneficiaries, including the corporate credit unions and ultimately consumer credit unions. Our legal efforts are aimed at promoting accountability within the financial system."

Credit Union National Association General Counsel Eric Richard commended the NCUA for continuing actions to recover lost assets.

"We appreciate NCUA's continued pursuit of recoveries in court on the assets of the conserved corporates," he said. "Any recovered funds should be credited to the estates of the failed corporates. We hope to someday see a return of capital to the credit unions that had capitalized the corporates."

The NCUA's complaint states the value of the securities depended on the quality of the pooled mortgage loans the trusts contained, and the banks, as trustees, had contractual and statutory duties to protect the interests of certificate holders.

The complaint states that, despite knowing about defects in the mortgage loans, U.S. Bank and Bank of America failed to provide required notices to certificate holders and other parties and failed to take timely action to force the repurchase, substitution or cure of defective mortgage loans or otherwise preserve trust remedies.

Five corporate credit unions--U.S Central, WesCorp, Members United, Southwest and Constitution--purchased roughly $5.8 billion in residential mortgage-backed securities issued from the trusts between 2004 and 2007. Those securities lost value, contributing to the failure of all five.

According to the NCUA, the lawsuit seeks damages to be determined at trial.

Other Resources

IOLTA bill a 'big win' for CU movement, CUs note

Washington
WASHINGTON (12/18/14)--The passage of the Credit Union Share Insurance Fund Parity Act has been met with optimism by credit unions that believe the law will open up new relationship possibilities.

The bill, passed by the Senate last week, would allow the National Credit Union Administration to extend share insurance coverage to trust accounts such as Interest on Lawyer Trust Accounts (IOLTAs) opened and managed by credit union members. It now awaits President Barack Obama's signature, and the Credit Union National Association has sent a letter urging him to sign it into law.

According to an article from the California and Nevada Credit Union Leagues, passage of the bill "is big news for federally insured credit unions in California and Nevada that serve attorney firms and other businesses, and could open the door to deepening current relationships and attracting new prospects."

Robert Reck, first vice president and business services department manager, North Island CU, San Diego, with $1.1 billion in assets, said there are "seven or eight" attorney firms his credit union will reach out to right away if the bill is signed by Obama.

Some firms chose not to establish a business relationship with North Island because the credit union couldn't offer IOLTAs, Reck said, due to the "accounting headache" created by the legal requirement of paying interest to the State of California on these accounts. By offering IOLTAs, which attorneys are required to use, new relationships can be formed.

"We offer a complete line of business products, but IOLTAs have been the only exception," Reck said. "I always hated saying, 'You need to go somewhere else for that.' I'll never have to say that again if this bill becomes law. We'd be able to offer a complete business relationship."

Greg Badovinac, assistant vice president of compliance and government relations, Western FCU, Hawthorne, Calif., said the passage of the bills makes it a "good day for credit unions."

The legislation allows the $1.9 billion-asset credit union to "serve members, including business owners, who desire to keep all their business checking accounts in one financial institution," Badovinac said, adding that Western FCU plans to offer those accounts to members as soon as they are permitted to do so by the NCUA.

Other Resources

Final House race ends, league hosts new Fla. legislator

Washington
WASHINGTON (12/18/14)--Martha McSally has defeated credit union-supported Rep. Ron Barber (D-Ariz.) in the battle to represent Arizona's 2nd Congressional District. The Associated Press called the race Wednesday afternoon, ending the final outstanding congressional race from the Nov. 4 election.

McSally won by 167 votes of roughly 220,000 cast. The race was the closest in Arizona history, triggering the state's automatic recount since the race was within a 0.1% margin. The recount added six votes to McSally's tally.

Despite Barber's defeat, the Credit Union National Association had a successful election season with 375 of the 396 CUNA-supported candidates declaring victory--a 95% success rate. This led CUNA President/CEO Jim Nussle to declare a "credit union-friendly majority" has been elected to Congress.

CUNA and the Credit Union Legislative Action Council spent roughly $6 million this election season, including more than $3 million in direct contributions.

CUNA's staff and state leagues have been meeting with members of the upcoming 114th Congress, particularly freshman legislators.
Click to view larger image Jennifer Martin, director of governmental affairs, League of Southeastern Credit Unions (LSCU), left; Andy Gonzalez, LSCU grassroots and political action coordinator; Lisa Brown, president/CEO, Tallahassee-Leon FCU; David Southall, president/CEO, Innovations FCU; U.S. Rep.-elect Gwen Graham (D-Fla.); Jim Warren, president/CEO, Tyndall FCU; Jared Ross, LSCU senior vice president of association services; and Jordan Burroughs, LSCU governmental affairs specialist. (League of Southeastern Credit Unions Photo)

For example, the League of Southeastern Credit Unions hosted a lunch with one such legislator--Rep.-elect Gwen Graham (D-Fla.)--Tuesday. According to the league, the lunch was a way for credit unions to get to know Graham and speak about the major issues facing credit unions.

This includes the credit union tax status, member business lending and data security, as well as ways credit unions save their members money.

"I look for opportunities to work together on the issues. I care about who has good ideas and what is best for Florida," Graham told the league ( eSignal Daily Dec. 17).

The league also reported that Graham heard about a lack of access to capital for small businesses during a jobs tour last week, and was interested in learning more about Rep. Jeff Miller's (R-Fla.) bill to allow credit unions to offer veterans member business loans that do not count against the cap.

"We're all working together as a team to benefit the people of the district. lawmakers, businesses and the people of the district," she said.

Other Resources

First 2015 NCUA low-income CU grant round opens Feb. 2

Washington
ALEXANDRIA, Va. (12/18/14)--Applications for the first round of 2015 technical assistance grants from the National Credit Union Administration will open Feb. 2. The grants are designed for low-income credit unions to pay for training for staff and volunteers or for hiring interns.

Details for the two grant categories for the first round are:
  • Staff or volunteer training: $3,000 will be available for selected credit unions to pay for in-person or web-based training including, but not limited to, compliance, lending and collections, and business operations. A bid or cost estimate is not required to apply. NCUA is allocating $150,000 for this initiative; and

  • Student internships: Up to $4,000 will be available to each credit union to hire students enrolled in high school or college. Credit unions receiving grants must select interns by June 15, with internships completed by Aug. 14. NCUA is allocating more than $200,000 for this initiative.
According to the NCUA, it will provide at least $360,000 in grants for more than 100 credit unions during the first round of 2015. The intern and training grants are considered separate initiatives by the NCUA, and interested credit unions can apply for both.

The funds come from the Community Development Revolving Loan Fund (CDRLF), which was created by Congress to support low-income credit unions. A funding bill containing $2 million for the CDRLF was approved by the Senate last weekend.

The fund was originally scheduled to receive $1.071 million, but the Credit Union National Association, among others, advocated for the higher amount that was eventually incorporated into the bill.

The grant program is administered by the NCUA's Office of Small Credit Union Initiatives. Credit unions can apply online between Feb. 2 and March 3.

Other Resources

U.K. regulators approve CU for Church of England

CU System
LONDON (12/18/14)--U.K. financial regulators have given formal authorization for the Church of England to form a credit union.
 
"Fair returns to savers, fair interest rates on loans and the aspiration to be a flagship credit union are among the aims of the Churches' Mutual Credit Union (CMCU)," the Church of England announced on its website this week.
 
CMCU has been formed to serve ordained ministers, licensed lay ministers, elders, employees and trustees of the Church of England, the Methodist Church of Great Britain, the Church of Scotland, the Scottish Episcopal Church and the Church in Wales as well as their charities.

Plans call for the cooperative financial institution to eventually serve those who worship at the churches; however that expansion will require further regulator approval.
 
"CMCU will help many, even in its first year of operation and, in due course, it should become a significant financial resource to the church and individuals throughout England, Wales and Scotland. CMCU will enable a virtuous re-cycling of money within the church community, through a combined portfolio of savings and loan products," said Canon Anthony MacRow-Wood, CMCU president.
 
CMCU plans to begin to offer savings and loan services, including vehicle loans, to those eligible for membership in February.

Other Resources

Shop for Miracles day nets $450K for CUs for Kids

CU System
WASHINGTON (12/18/14)--It's hard to put a price tag on a miracle, but nearly a half-million dollars raised in one day might be getting close.

Shop for Miracles, a one-day event to raise funds for Credit Unions for Kids ( CU4Kids ), amassed more than $450,000 thanks to the widespread participation from credit unions nationwide.

The fundraiser was held on International Credit Union (ICU) Day in October.

Through the daylong event, which took place in coordination with the Credit Union National Association and the World Council of Credit Unions, credit unions pledged 25 cents, or a different predetermined amount, to their local Children's Miracle Network (CMN) Hospital for each transaction made by members with their credit union-issued debit or credit cards.

"We far exceeded our expectations for the inaugural year of this program at a national level; we had over 100 credit unions from 33 states participate," said Joe Dearborn, senior director of CU4Kids with CMN Hospitals. "Included in the $450,000 projection is over $100,000 from CO-OP Financial Service's Miracle Match program, which provides matching dollars for approved credit union applicants."

In addition to raising funds for CMN Hospitals, the event also led to stronger credit- and debit-card activity during the day for credit unions.

Desert Schools FCU, Phoenix, with $3.8 billion in assets, reported a 33% increase in transaction volume on Shop for Miracles day.

"We promoted Shop for Miracles with an online banking banner, a social media post (and print materials) for our branches to hand out to members in advance of the actual day," said Ron Amstutz, executive vice president at Desert Schools FCU. "Our members responded. They understand how important giving back to Children's Miracle Network Hospitals is, and they embrace this fundraiser enthusiastically."

The uptick in activity was not unique to Desert Schools FCU either--of the 54 credit unions to respond to a survey about the event, only 14% said transaction volume had not increased.

Other highlights from the event included Florida Customs FCU, Tampa, Fla., with $9.4 million in assets--a credit union that doesn't issue credit cards, given its size--donating $1 for every debit card transaction made by its members on the day.

"Even though we are a small credit union, we know every dollar makes a difference, and we are proud to support our local CMN Hospital," said Leianne E. Harden, Florida Customs FCU president/CEO.

The largest donation came from SchoolsFirst FCU, Santa Ana, Calif., raising $60,000 on the day.  

"Both ICU Day and CU4Kids are integral ways credit unions 'Unite for Good' to create awareness about our industry," said Jill Tomalin, deputy chief of staff for the Credit Union National Association. 

Efforts to support Credit Unions for Kids march on, meanwhile.

Credit unions and their members can contribute to the cause through the Credit Unions for Kids' Holiday Icon Campaign, which runs through Dec. 31.

Through the campaign, credit unions can order paper icons in fun, holiday-themed shapes at no charge. Then, credit unions can encourage members to donate dollars in exchange for writing their names on icons to display at their branches.

Other Resources

Kenyon named chair of AACUL, Lyons steps down from board

CU System
WASHINGTON (12/18/14)--Montana Credit Union Network President/CEO Tracie Kenyon is the new chair of the American Association of Credit Union Leagues (AACUL).
 
Kenyon, who most recently was AACUL's first vice chair, is succeeding Kentucky Credit Union League President/CEO Wendell Lyons, who stepped down from the position this week. 
 
Kenyon has led the Montana league for 13 years and has been on the AACUL board since 2010, serving as secretary, treasurer and second vice chair.
 
"Tracie Kenyon has a long and deep understanding of the needs of credit unions, both in her state of Montana and across the country--the result of her work on the national level over these many years," said Jim Nussle, president/CEO, Credit Union National Association. "In this new role as AACUL chair, I know she will call on this experience to best serve credit unions and leagues, as they strive to best serve credit union members. I look forward to working with Tracie in the coming months, reflecting the continued close partnership between CUNA and AACUL."
 
He added, "My thanks also to Wendell Lyons, the former chair, for his long dedication and continued service to the leagues and to credit unions nationwide."
 
While serving as first vice chair, Kenyon simultaneously served as chair of the Credit Union Legislative Action Council during its record-setting 2014 election cycle during which CULAC raised more than $4 million and won more than 90% of the races in which the organization contributed.
 
"On behalf of the entire board, I want share my appreciation for the leadership that Wendell has provided over the past year, and we are pleased that he will continue to be an active member of AACUL," Kenyon said. 
 
Other members of the board will transition to the following positions:
  • First vice chair: Mark Cummins, president/CEO, Minnesota Credit Union Network;
  • Second vice chair: Scott Simpson, president/CEO, Utah Credit Union Association; and
  • Treasurer: Diana Dykstra, president/CEO, California and Nevada Credit Union Leagues.
Ex officio members are AACUL Executive Director Susan Newton and immediate past chair Bill Mellin, president/CEO, New York Credit Union Association.
 
The secretary position will be filled by appointment.

Other Resources

RSS





print
News Now LiveWire
Strong biz lending leads 3Q loan growth at Minn. #creditunions http://t.co/DKYjyj6iC3
51 minutes ago
.@FAACreditUnion named a top Okla workplace by @TheOklahoman via @Cornerstone_CUL http://t.co/qQP1zpxJrO
2 hours ago
NY @NYGovCuomo signs historic FOM law @NYCUAtweets http://t.co/NMTlgkpYqs
2 hours ago
Shop for Miracles day nets $450K for CUs for Kids #NewsNow #System http://t.co/N809BLkzGP
3 hours ago
2 Calif. #creditunions on why the #IOLTA reg relief bill is important. See #NewsNow http://t.co/TvBTGR3qed
3 hours ago