NCUA clarifies credit union use of digital ledger technologies

NCUA issued a Letter to Credit Unions (22-CU-07) clarifying certain expectations for credit unions contemplating the use of new or emerging distributed ledger technologies (DLT).

“The NCUA does not prohibit credit unions from developing, procuring, or using DLT. DLT used as an underlying technology by credit unions is not prohibited if it is deployed for permissible activities and in compliance with all applicable laws and regulations, including applicable state laws or state supervisory authority requirements.”

“NCUA also believes that DLT-related activities are rapidly evolving, and present questions and evolving risks not yet well understood,” it adds.

The letter covers expectations for:

• Governance, oversight, and planning. Boards should be notified of the use of DLT; staff and third parties should be in compliance; effective risk management practices should be followed, and risk assessment and audit functions should be used.
• Risk and risk-mitigation strategies. This includes consideration of information, cybersecurity, legal, compliance, strategic, reputation, liquidity, and third-party risk.

It adds credit unions must “remain alert to new and evolving risks,” and states examiners will “evaluate the rigor with which credit unions exercised good judgement, applied sound risk management, and executed compliance and risk oversight of acquisition or development and deployment of new systems and technology.”