CUNA Comment Letter
Credit Union Reporting
May 26, 2009
Ms. Mary F. Rupp
Secretary of the Board
National Credit Union Administration
1775 Duke Street
Alexandria, Virginia 22314-3428
|RE:||Credit Union Reporting|
Dear Ms. Rupp:
The Credit Union National Association (CUNA) appreciates the opportunity to comment on the National Credit Union Administration (NCUA) Board's proposed rule on the reporting requirements of federally-insured credit unions. By way of background, CUNA is the largest credit union trade organization in this country, representing approximately 90 percent of our nation's 8,000 state and federal credit unions, which serve approximately 92 million members.
Summary of CUNA's Views
- The proposal would amend the existing regulations on reporting procedures and record retention requirements, and would require federally-insured credit unions (FICUs) to submit reports and other important information to NCUA through a new web-based system.
- CUNA supports the objective to increase the efficiency and ease of reporting information to NCUA.
- However, we are concerned that training for FICU staff will be necessary and may be more extensive than anticipated.
- NCUA plans to implement the new system during the third quarter of this year for natural person credit unions, and sometime next year for corporate credit unions.
- If a final rule is ultimately adopted, CUNA urges NCUA to allow sufficient time between adoption of the final rule and implementation of the new reporting system for FICUs to make necessary logistical changes as well as to have staff properly trained.
Discussion of CUNA's Views
NCUA issued this proposal to modernize the reporting process in an effort to increase efficiency, enhance accuracy of data, and to provide a secure, single access portal for FICUs to submit, edit, and view data. CUNA strongly advocates regulatory change to reduce the time and resources required of credit unions. Thus, we support NCUA's objectives in issuing this proposal, but-as discussed below-we have some concern with implementation of the new system.
The proposed rule would establish a centralized, web-based system for the submission and management of FICUs reports. Therefore, NCUA would no longer issue software to FICUs for compiling and submitting the data. However, CUNA is concerned that in shifting to a web-based system certain security monitoring tools and firewalls currently used by FICUs could interfere with, and possibly impede, use of the system. Thus, we ask NCUA to address possible software conflicts that may occur and, if necessary, provide instructions on resolving them.
NCUA plans to implement the new system in the third quarter of 2009 for natural person credit unions, and sometime in 2010 for corporate credit unions. NCUA acknowledges that most users of the new system will initially require at least some training. If NCUA ultimately goes forward with a final rule, CUNA strongly encourages it to allow sufficient time between adoption of the final rule and implementation of the system for the proper training of FICU staff. Inadequate training could not only lead to delays in submitting reports, but could also result in erroneous reporting.
Additionally, the proposed rule states that the new system will periodically scan the user's information as it is being entered and will send an error alert if any information is missing or incomplete. Depending on the level of detail, the alert message may lack sufficient information to assist the user in resolving the problem. The proposal does not mention any sort of technical support for users of the system. Whether live, automated, or via email, we encourage NCUA to provide some form of user assistance at least for a period of time following implementation of the system.
Another issue of concern is with FICU internal security procedures. Although the new system will be entirely web-based, it is unclear whether any (sensitive) data will be stored on the FICUs' computers as they work through the reporting process. Regardless of whether such data is stored, it is also unclear if FICUs will be required to perform and or document any sort of security analysis or internal due diligence when using the system.
The proposed rule also addresses several specific changes to NCUA's regulations on reporting procedures. Currently, the president or other managing official of a FICU must sign and date the compliance statement in the Report of Officials. NCUA adopted this requirement to improve the detection, investigation, and prosecution of fraud in FICUs. The proposal would eliminate the signature requirement, and instead allow the president or managing official to "direct any of the FICU's online system users to certify the compliance statement," although the president or senior official would still be personally responsible for ensuring compliance. While we do not take issue with this particular change, we encourage NCUA to include with the Report of Officials-and similar reports-a thorough explanation about the compliance statement and the liability of the credit union's management.
Thank you for the opportunity to express our views on the Board's proposed rule regarding credit union reporting. If you have questions about our letter, please do not hesitate to give Senior Vice President and Deputy General Counsel Mary Dunn or me a call at (202) 508-6743.
Regulatory Research Counsel