- This event has passed.
2022 National Regulator Meeting
April 11 @ 8:00 am - April 14 @ 11:00 am
Event participants can access live sessions, download presentations, and rewatch on-demand videos in the Attendee Hub.
- Click on the button above for access
- You will be asked for a verification code, which is generated to your email and mobile number (if entered during registration). * Please check your spam/junk folders, if you don’t receive it within a minute or two.
- Once inside the Hub, move towards the top navigation and choose “Sessions” then find the session that interests you. Presentations will be loaded into individual sessions.
National Meeting for State Regulators Recap
Photos can be downloaded and shared from the photo gallery. A full set of images will be available in next week’s NASCUS Report.
National Meeting Recap
Hosted in sunny San Diego, the National Meeting for State Regulators brought together more than 100 participants from across the country to network, learn and collaborate on the industry’s most pressing issues.
Working Together – Building Relationships
One of the benefits of attending the National Meeting is the ability to network and collaborate with other state agencies across the country. In addition to working within the state system, regulators need to collaborate with federal-level agencies as well. As a result, NCUA Chairman Todd Harper and NCUA Executive Director Larry Fazio participated in two separate sessions focused on building relationships and streamlining collaboration within overlapping priorities. During the three days of discussion, attendees expressed significant concern of two primary areas that affect everyone within the industry: evolving technologies/crypto and cybersecurity/ransomware attacks.
In a world of “crypto-curious” entities (businesses and individuals), state supervisors need to define rapidly evolving technologies and determine the best approaches and regulation practices.
For example, in a presentation by Joseph Vincent, regulators learned about four separate categories of distinction within the digital asset spectrum, from decentralized to centralized. This includes 100% decentralized stablecoins [i.e., Ethereum] in Permissionless Public Shared Networks; to Permissioned, Public Shared Systems, [i.e., Ripple (XRP)]; to Permissioned Private Shared Systems [i.e., JPMorgan Coin]; and the 100% Centralized Ledger System [i.e., Digital Yuan and other Central Bank Digital Currencies].
Members also discussed the impacts, benefits, and challenges associated with Banking as a Service (BaaS) with Dr. Lamont Black. Including a clarification of terms and applications of this growing sector, “BaaS is a model in which chartered banks or credit unions integrate their digital banking services directly into the products of other non-bank businesses.”
While BaaS benefits include reducing IT costs, improved consumer experiences, and fee-based income, challenges include being characterized as “rent-a-charter” entities and giving consumer relationships to third-party providers – not the credit union. Another vital consideration, third-parties rely on partner financial institutions for regulatory management. Regulators and credit unions need to carefully weigh the implications for Field of Membership as third-party consumers are not always members of the credit union.
Breaches and Ransomware
“Ransomware-related data breaches have doubled in each of the past two years. At the current growth rate, ransomware attacks will pass phishing as the number one root cause of data compromises in 2022.”
As a result, cybersecurity and ransomware issues are top of mind for most supervisory agencies with some stating a ransomware attack would be their “worst nightmare.” Particularly with the heightened tensions around Ukraine, agencies are closely examining the cybersecurity landscape, including changes to cybersecurity reporting rules. At the current time, only a handful of agencies have dedicated cyber experts, while others are in the process of securing a dedicated position.
With the average ransomware payment nearing $350K, NASCUS brought in speakers CUNA Mutual Group’s Carlos Molina and Derek Laczniak, Director of Cyber Liability, M3 Insurance, to discuss the effects of ransomware on the industry. One of the most compelling segments of the presentation covered a “checklist of things to know” when responding to a ransomware attack. This includes:
- Know who is on your incident response team.
- Have multiple forms of communication available.
- Be prepared to make decisions about voluntarily taking systems offline.
- Be prepared with an internal communication plan.
- Do not allow employees to reach out to the threat actor themselves.
- You’ll be asked to sign two agreement letters within the first 24 hours.
- You do not need to have your own cryptocurrency on hand.
- You need underwriting approval to pay a ransom.
- Know your backups and understand that they are not always the answer.
- Think about whom the organization needs to tell and when.
Additionally, state supervisors discussed in-depth perspectives over the following:
- The need to retain, recruit, and replenish staff. With unemployment levels low in many states and the complication of virtual workplace demands from potential recruits, agencies struggle to be competitive and hire talented staff. This experience is common throughout the industry; as more and more Baby Boomers meet retirement, agencies are working to fill the shoes of seasoned staff in hybrid workplaces.
- Challenges within the real estate market. The pandemic has altered how employees view the modern workspace, and many employees are moving out of city centers requiring companies to rethink commercial spacing needs as part of their cost-benefit analysis. Additionally, some expressed concerns over a potential housing bubble given market changes spurred by the pandemic.
- A rise in credit unions mergers. Succession plan issues have been a strong driver for mergers in several states, with ‘one in three credit unions citing a lack of a succession plan’ as the main reason driving a merger.
- Wide spectrum of overlapping topics. The regulatory world is a complex environment and the National Meeting provided a platform for synergy on field of membership reform, interstate branching, CUSO advancements in FinTechs, and more.
As we move into the future, attendees noted sensitivities to other potential bubbles, including delinquencies. While delinquencies have been flat throughout the pandemic, supervisors are concerned with credit quality, student and auto loans, in addition to net-worth ratios.
Events such as these are essential to the state system, as they provide a stage for discovery, extensive issue remediation, and collaboration. NASCUS offers several more collaborative learning opportunities, including the 2022 Cannabis Symposium, S3: State System Summit, Directors’ Colleges, and more.