Credit union association asks NCUA to evaluate data security in its exam process

The National Association of Federally Insured Credit Unions (NAFCU) is urging the National Credit Union Administration (NCUA) to evaluate data security measures in its review of the electronic data collection during credit union examinations.

Currently, the NCUA is undergoing a review of loan, deposit and investment information gathered electronically during exams. The review is part of an effort to update and standardize data formats. The agency is looking to identify challenges that could arise from a new standardized data format.

NAFCU said a big concern throughout this process should be data security. In a letter to the NCUA, NAFCU Regulatory Affairs Counsel Ann Kossachev stressed the need for NCUA to use proper encryption and storage procedures to secure the data.

NAFCU is requesting that NCUA provide specific details on the data security standards that providers must meet. It would also like to see NCUA conduct a cost-benefit analysis of all potential data fields. Further, NAFCU asked agency officials to include NAFCU member companies in any stakeholder calls or workgroups that emerge from this initiative.

Kossachev also outlined several recommendations for NCUA. Among them, NAFCU said credit unions should be given a flexible timeline to work with their third-party vendors to provide the requested data to examiners. NAFCU also asked for the creation of a secure portal for credit unions to upload the necessary documents. In addition, NAFCU would like to see AIRES Exam Questionnaires added to the portal so credit unions can see examiner comments in one location.

Additionally, NAFCU is requesting that NCUA review the scope of data collected by other federal banking regulators, as well as their methods of data collection and storage.