Reg review letter urges reorganizing rules

(Aug. 20, 2021) Reorganizing its rules to lessen confusion over application of anti-money laundering rules, and working with state regulators to implement those rules, are among the recommendations made by NASCUS in its letter to NCUA concerning the latest annual review of the agency’s regulations.

In February, NCUA asked for comments on its annual review of agency rules, which covers one-third of the regulations (the review is conducted over a three-year period to ensure all agency rules are reviewed at least once every three years). Among the rules being reviewed in 2021: Security program, report of suspected crimes, suspicious transactions, catastrophic acts and Bank Secrecy Act compliance (Part 748 of the agency’s rules), among other things.

The state system offered comments in several areas, including BSA/AML compliance, reporting of suspicious transactions, and organization of NCUA rules (particularly those affecting state credit unions).

Regarding anti-money laundering rules, NASCUS noted that Treasury’s Financial Crimes Enforcement Network (FinCEN) is proceeding with a “no-action letter” program for BSA/AML rules over which that agency has enforcement authority. The program will not affect NCUA rules, NASCUS noted. To mitigate confusion, NASCUS recommended that NCUA rules be reorganized to co-locate or otherwise more clearly identify BSA/AML “FinCEN” rules and NCUA specific rules.

NASCUS also urged NCUA to revisit the monthly requirement that credit union boards be informed of suspicious activity reports (SARs) required under BSA/AML. While that may work for federal credit unions (which are required to meet monthly), NASCUS noted, it does not work for state credit unions where boards are only required to meet quarterly. “In other covered industries, including banking, best practice for reporting to the entity’s board is quarterly, or synchronized to regularly scheduled board meetings,” NASCUS wrote. “NCUA should clarify its expectations for how reporting is handled and make clear that for credit unions with less-than-monthly board meeting, reporting SAR filings at the next available board meeting, or quarterly, would satisfy the regulatory requirement.”

In other comments, NASCUS:

  • Reiterated the importance of NCUA working with state regulators to develop regulations to implement the Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) National Priorities (National Priorities) as published by the Treasury Department on June 30. NASCUS recommended the agency create a working group with state regulators to develop pending regulations.
  • Recommended the agency reinstate the policy of publishing a summary and response to stakeholder comments. “There is real value for stakeholders in understanding NCUA’s response to recommended changes and in gaining insight into the agency’s rational for resisting making various recommended changes,” NASCUS wrote.
  • Repeated its call that NCUA reorganize its rules to consolidate and co-locate all National Credit Union Share Insurance Fund (NCUSIF) rules for federally insured credit unions (FISCUs) in one section (or series of consecutive sections), which NASCUS asserted would “provide significant regulatory relief to credit unions without increasing risk to the NCUSIF.”
  • Proposed the agency develop a regular review of guidance as a companion to the annual regulatory review. “While not carrying the force of regulation or statute, supervisory guidance provides stakeholders crucial insight into how NCUA interprets compliance with regulation, and as such is just as critical to be regularly evaluated.,” NASCUS wrote.
  • Observed that agency rules could be made more consistent by ensuring regulatory provisions containing mandatory elements of compliance contain mandatory language rather than permissive language. “Requirements should also be stated in the active tense such as ‘a credit union shall design its information security program’ rather than passive construction such as a ‘credit union information security program should be designed,’” NASCUS stated.


NASCUS comment letter: 2021 NCUA regulatory review