ALEXANDRIA, Va. (6/15/15)--An audit by the Office of Inspector General (OIG) of the National Credit Union Administration’s measures to protect sensitive, confidential or personally identifiable electronic credit union member information during the examination process has yielded seven recommendations.
The recommendations mean that federally insured credit unions could face a proposed rule that would require them to provide encrypted, password-protected or other protected data to the agency during their exams.
Given the wave of data breaches at a variety of institutions and retail companies, “CUNA agrees that credit union member data should be protected during the exam process. However, we don’t want another regulation added to the regulatory burden that credit unions already face,” said Lance Noggle, CUNA’s senior director of advocacy and counsel.
OIG’s June 8 report said the NCUA has provided examiners with the appropriate tools for securely receiving electronic information from credit unions during the examination process. However, it noted that the agency does not require credit unions to provide sensitive member information to the agency in a protected or encrypted manner and does not require use of the tools for protecting the information.
The NCUA needs to improve its policies, procedures and training to help ensure its staff appropriately protect sensitive data during the examination and improve its guidance to require staff to use specific tools to transfer the sensitive data, said OIG.
The seven recommendations, and the NCUA’s responses are: