CUNA urges NCUA to reduce credit unions regulatory burden

(August 4, 2014) — The Credit Union National Association (CUNA) submitted comments to the National Credit Union Administration (NCUA) regarding the Office of General Counsel’s list of regulations scheduled for review this year.  Additionally, CUNA pushed for reducing the creeping complexity of credit union regulatory burden by: 1) urging NCUA to go beyond clarifications and reduce regulatory requirements substantially to provide meaningful regulatory relief for credit unions; and 2) urging NCUA to add new or expand existing rules only if required to do so by law, or doing so is clearly warranted based on a compelling safety and soundness reason that can be satisfactorily addressed in no other manner.

See full letter below:

August 4, 2014

Office of the General Counsel
National Credit Union Administration
1775 Duke Street
Alexandria, VA 22314

Re:  2014 Regulatory Review

To Whom It May Concern:

The Credit Union National Association (CUNA) appreciates the opportunity to submit comments regarding the Office of General Counsel’s list of regulations scheduled for review this year.  By way of background, CUNA is the country’s largest credit union advocacy organization, representing our nation’s state and federal credit unions, which serve over 99 million members.

We appreciate NCUA’s willingness to accept public input on the regulations that are scheduled for review this year.  We support the agency’s policy of continually reviewing its regulations to determine whether they should be updated, clarified, simplified, or eliminated.  Each year, NCUA examines one-third of its regulations as part of this annual review process.

As NCUA is aware, the cumulative regulatory burden on credit unions is at an all-time high, due not only to NCUA’s activities but also resulting from the activities of other agencies, including new regulations pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act.

In light of the imperative need to reduce credit unions’ regulatory obligations, we urge NCUA to add new or expand existing rules only if required to do so by law, or doing so is clearly warranted based on a compelling safety and soundness reason that can be satisfactorily addressed in no other manner.

We also encourage the agency to consider what is categorized as regulatory relief.  NCUA and other agencies often label updates and clarifications as regulatory relief.  However, to a credit union, real regulatory relief is only achieved when less time and money are required to fulfill regulatory requirements.  We urge NCUA to go beyond clarifications and reduce regulatory requirements substantially to provide meaningful regulatory relief for credit unions.

CUNA will be sending the agency more ideas and recommendations for credit union regulatory reductions in the coming weeks.  In the meantime, our comments in this letter focus on Part 748, Security Program, Report of Suspected Crimes, Suspicious Transactions, Catastrophic Acts, and Bank Secrecy Act Compliance, as well as the process for identifying rules for review and soliciting comments.  We will also provide input on NCUA’s Economic Growth and Regulatory Paperwork Reduction Act request for comments by the September 2 deadline.

Security Program, Report of Suspected Crimes, Suspicious Transactions, Catastrophic Acts and Bank Secrecy Act Compliance (Part 748)

Bank Secrecy Act

Compliance with Bank Secrecy Act (BSA) and anti-money laundering (AML) requirements remains a substantial regulatory issue for a number of credit unions and other financial institutions.  Credit unions are concerned with existing and new regulatory burdens in these areas.

FinCEN’s recently proposed customer due diligence rule is a prime example of a problematic regulation for credit unions.  While we support the objective of improving the tracking of money laundering and terrorist financing, we are concerned with the seemingly endless changes, including the proposed expansion of “beneficial ownership” requirements.  CUNA encourages NCUA to work with FinCEN and other regulators to exempt credit unions from or improve the proposed requirements.

Credit unions are also interested in greater regulatory and examination consistency among different regulators, including NCUA, state regulators, and FinCEN.  We continue to hear of instances in which different regulators and examiners interpret BSA requirements and guidance differently, which makes it difficult for credit unions to satisfy examiners and plan accordingly throughout their organizations.  Greater consistency would also be helpful with the interpretation of requirements regarding BSA reports.  In general, the BSA portion of the examination for credit unions should be based on the types of activities the credit union actually engages in and focus on its risks.  Such exams should not be “one-size-fits-all” as some credit unions have indicated is the case.  Further, we support efforts by NCUA and other regulators to work together on additional guidance on BSA compliance and to minimize the overlap of regulations among different agencies.

NCUA should also work with regulators to support meaningful legislative and regulatory changes to minimize the costs and problems financial institutions encounter in meeting BSA/AML requirements.  Increasing reporting thresholds would help reduce some of these compliance costs.  Investigating and filing Suspicious Activity Reports (SAR) and Currency Transaction Reports (CTR) remain very costly, as doing so requires constant vigilance and reporting by credit union employees.  We support increasing the CTR threshold from the $10,000 level established decades ago to $20,000 and at least doubling other key thresholds, such as the $3,000 trigger for reporting wire transfers and $5,000 threshold for filing a SAR.  In addition, credit unions support ways to improve and reduce the reporting of SARs and CTRs that have limited usefulness to law enforcement.

Further, CUNA supports and participates on the U.S. Treasury’s Bank Secrecy Act Advisory Group (BSAAG) with NCUA and other regulators and financial institutions.  For the BSAAG “Delta Team” project, we encourage NCUA and others to explore more effective and efficient BSA rules, and to reduce compliance burdens for credit unions.

Data Security and Cybersecurity

In February of this year, NCUA launched a new webpage that provides links to cybersecurity and data security resources for credit union staff, including, regulations, guidance, and best practices.  We understand the agency is also working on better understanding the evolving cyber threat environment with other financial regulators, law enforcement, and intelligence communities.  NCUA previously issued a risk alert (13-Risk-01) to credit unions on cybersecurity, focusing on Distributed Denial-of-Service (DDoS) attacks.  These are positive steps but credit unions remain very concerned about cybersecurity issues.  Of course, credit unions have no control about when cyber attackers will strike.  NCUA should continue to provide cybersecurity resources and assistance to credit unions.

While credit unions are seriously concerned about cybersecurity, they are equally concerned about the potential for the development of complex, overlapping new rules in this area.  In that connection, we urge NCUA to continue to coordinate closely with the Department of Homeland Security, the National Institute for Standards and Technology (NIST), the Financial Services Sector Coordinating Council for Critical Infrastructure (FSSCC), and others on the implementation of the President’s Executive Order on “critical infrastructure” cybersecurity and the voluntary NIST framework finalized this February.  We also urge NCUA to ensure that the U.S. cybersecurity framework will recognize that credit unions and financial institutions are already subject to robust data security requirements and standards, such as NCUA and FFIEC rules, and should not be subject to additional regulations.

Further, we urge the agency to establish a credit union cybersecurity council or working group to help identify and address data security concerns in a manner that recognizes the unique nature and needs of credit unions, without imposing a new layer of regulatory compliance.

Process for Identifying Rules for Review and Soliciting Comments

As we have stated before, we believe the process for seeking comments on regulations included in the agency’s Regulatory Review could be improved.  For example, some of the rules included for review may already be the subject of proposed changes or recent modifications.  It is confusing when such rules are included on the regulatory review list as well.

In addition, the notice for the regulatory review is difficult to find on NCUA’s website.  It is possible that many credit unions and other stakeholders are unaware of the agency’s pending request for comments.

We urge NCUA to provide a report on its website each year on how it plans to address the recommendations it receives through the regulatory review comment process.  Further, we ask that NCUA provide annually a synopsis of comments received for which the agency chooses not to act on.


Thank you for the opportunity to express our views on NCUA’s 2014 Regulatory Review.  If you have any questions about our comments, please do not hesitate to contact me.


Mary Mitchel Dunn

CUNA SVP and Deputy General Counsel

More News