Removing Barriers Blog

NCUA Board Issues Derivates Proposal, Adopts Corporate CU Final Rule

Board Briefing – Cybersecurity Considerations for Boards of Directors During COVID-19

The Board received a briefing on cybersecurity considerations for boards of directors during the pandemic. The briefing addressed various types of cyber-attacks:

  • Phishing and Malspam
  • Credential Stuffing
  • Ransomware
  • RDP Targeting
  • Unintentional DDoS Attacks

The briefing also suggested a number of questions for boards to consider:

  • Business Continuity
  • Cyber Hygiene
  • Incident/Breach Management
  • Digital Strategy

Following the briefing, Chairman Hood reiterated his call for Congress to provide the NCUA with vendor authority to allow the agency to better supervise third-party cyber security risk. The Chairman made clear that he believes such authority should be provided post-pandemic recovery. Board Members Harper and McWatters echoed the Chairman’s call for vendor authority.

Proposed Rule – Derivatives (Part 703)

The Board issued a proposal to amend the NCUA’s derivatives rule in Subpart B to part 703. The proposal is intended to modernize the derivatives rule and make it more principles based. Further, the proposal would retain key safety and soundness components, while providing more flexibility for FCUs to manage their interest rate risk through the use of derivatives. The proposed changes are intended to streamline the regulation and expand credit unions’ authority to purchase and use derivatives for the purpose of managing interest rate risk.

The NCUA will accept public comments on the proposal for 60 days following publication in the Federal Register.

Final Rule – Corporate Credit Unions (Part 704)

The Board adopted a final rule that amends the NCUA’s corporate credit union regulation. The final rule updates, clarifies, and simplifies several provisions of the corporate credit union regulation, including:

  • Permitting a corporate credit union to make a minimal investment in a CUSO without the CUSO being classified as a corporate CUSO under the NCUA’s rules;
  • Expanding the categories of senior staff positions at member credit unions eligible to serve on a corporate credit union’s board; and
  • Amending the minimum experience and independence requirement for a corporate credit union’s enterprise risk management expert.

CUNA filed a comment letter largely in support of the rulemaking, as we believe it will clarify and simplify several provisions of part 704. However, one proposed change that we did not support, which was not adopted in the final rule, would have transferred the list of permissible activities for corporate CUSOs from the NCUA’s website to a new appendix to part 704.

The final rule will become effective 30 days after publication in the Federal Register