Having “the Talk” … with your IT Team

October 16, 2020 at 9:46 am Leave a comment

When Rodney Hood started talking about the importance of cybersecurity for credit unions shortly after becoming Chairman, to me, he sounded like the guy who comes about an hour late to the party. After all, cybersecurity has been a key priority of financial regulators for years now. But the COVID-19 pandemic has proven me wrong. With the number of credit union employees now working remotely, consumers relying more heavily than ever before on electronic transactions, and hackers being so brazen that they now steal from Robinhood (I couldn’t resist), your credit union is dealing with new cyber challenges coming from directions it could never have anticipated. 

This puts the credit union senior management, and ultimately their boards of directors, in the hot seat given they’re the entities ultimately responsible for making sure your IT team is implementing the proper policies and procedures to both protect members and keep the place going. But in order to do this, boards have to know the right questions to ask. At yesterday’s board meeting, Johnny E. Davis, Special Advisor to the Chairman on Cybersecurity, provided an easy-to-understand list of questions in his presentation that a board member could use to zero in on how it’s IT staff has responded to the pandemic. For example, has anyone asked your credit union what policies and procedures it has put in place related to remote access by employees? Another basic but crucial question to consider is how your credit union is preparing in the mid to long-term for the changes that have been accelerated by COVID. For example, in it’s quarterly earnings discussion with financial analysts earlier this week, JP Morgan commented on how it has seen an increased use of online banking resources by consumers, and how it believes that much of the shift is permanent. As a colleague of mine recently said, credit unions better have the technology locked and loaded, because even grandparents are getting used to remote deposit. 

All of this of course introduces a compliance component to consider. Cybersecurity is a point of emphasis for your examiner, and irrespective of your size and sophistication, you should be able to document in your board minutes the steps you are taking with regard to your IT infrastructure. 

NCUA Takes the Wheels Off when it Comes to Derivatives

In yesterday’s board meeting, the NCUA also proposed updates to regulations which would give sophisticated credit unions (with 500 million or more in assets) greater flexibility to use derivatives to hedge against interest rate risk. Under the proposal, these credit unions would no longer require prior approval from NCUA to use derivatives, nor would they be restrained to a specific list of permissible investments. At the same time, board members continue to stress that examiners will evaluate derivative activity to ensure that they are being properly used, and that the credit union and its board have the proper expertise and knowledge required to administer such a program. 

On that note, enjoy your weekend, I’ll be back on Monday.

Entry filed under: Compliance, COVID-19, Regulatory, technology. Tags: , , , , , .

Some Good News About This Lousy Pandemic Are You Properly Paying Your Employees?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Authored By:

Henry Meier, Esq., Senior Vice President, General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association. In addition, although Henry strives to give his readers useful and accurate information on a broad range of subjects, many of which involve legal disputes, his views are not a substitute for legal advise from retained counsel.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 683 other followers

Archives