Sign In

Approved Corporate CUSO Activities

​Approved corporate CUSO activities are presented in matrix form, under the following headings: Category (general class of service), Activity (specific service), Description of Service (explanation of service), and Activity Conditions (limitations or requirements on conducting the activity). All corporate CUSOs, when engaging in approved CUSO activities, must comply with all applicable laws and regulations, even if not specifically discussed in the matrix.

In addition to the Activity Conditions listed in the matrix, all corporate CUSOs engaged in a particular approved activity must provide NCUA with the following reports by the 25th of the first month after the quarter-end or year-end, unless indicated otherwise:

Quarterly: Financial statements and performance reports;

Annually: Annual report to Owners, audited financial statements (30 days after receipt), strategic plan, list of current owners with percentages of ownership, and descriptive list of all products and services provided by the CUSO.

Required reports should be sent to: Office of National Examinations and Supervision, National Credit Union Administration, 1775 Duke Street, Alexandria, VA 22314-3428; or by e-mail, to onesmail@ncua.gov.
 

Category - Clerical, Professional, & Management 

Activity Description of Service Activity Conditions

Business Consulting Services

 

Offering consulting services in support of business development, strategic planning, industry analysis, and operational efficiency. Other Conditions: None

Human Resources Services

 

Services addressing human capital needs, reporting, and management considerations to include development of policies, procedures, and employee manuals. Other Conditions: None
​Insurance Brokerage or Agency Referrals ​Making third party insurance services or products available.  This may include endorsing a product or service, negotiating group discounts and making referrals. Other Conditions: None
Marketing and Research Services Systematically gathering, recording, and analyzing data about issues relating to marketing credit union products and services to identify and assess how changing elements of the marketing mix affect member behavior. Producing reports of research, making recommendations for marketing strategies, and other similar market and research services. Other Conditions: None
Payroll Services Management of payroll processing, reporting, and tax filing. Other Conditions: None
Training Services Furnishing pre-packaged training products, developing new or customizing existing training products/modules, and facilitating education and training of credit union staff. Other Conditions: None
Audit & Compliance Consulting Services Performing, as requested and agreed upon in predetermined scope arrangement, audits (internal, operational, financial, or compliance).
Providing education and consultation services for developing statutory and regulatory compliance programs related to the Bank Secrecy Act, Anti Money Laundering provision, Office of Foreign Asset Control, and U.S. Patriot Act.
Other Conditions: None
Product Development Services Research and development of products and services specific to the needs of credit unions and their members/consumers. Other Conditions: None

 

 

 

Category - Currency Services

Activity Description of Service Activity Conditions
Coin and Currency Services Providing replenishment or deposit of excess coin and cash. This may include vault cash orders, ATM replenishments, and other similar services. Coin and currency services may be offered through agreement with another financial institution, direct with the Federal Reserve, through an armored car service agreement, or other similar arrangement. Other Conditions:
  1. Maintain bond/liability insurance as appropriate.
  2. Annually provide OCCU copy of bond/liability insurance.
 

 

Category - Data Processing

Activity Description of Service Activity Conditions
Electronic Document Management Providing document and record management systems which may allow for document archival, reporting, secure remote access, and similar services. Other Conditions: None
Core processing Offering a back-end system in a service bureau environment used to process and record daily transactions, and post updates to accounts and other financial records. This typically includes deposit, loan and credit-processing capabilities, with interfaces to general ledger systems and reporting tools, and may allow for or integrate with front-end member access platforms. Other Conditions:
  1. Maintain business recovery plan ensuring uninterrupted operations.
  2. Maintain bond/liability insurance appropriate for activity.
  3. Adhere to AICPA audit standards for reporting on controls at a service organization.
  4. Annually provide OCCU copy of bond/liability insurance, business contingency plans & test results.
 

 

Category - Lending/Deposit

Activity Description of Service Activity Conditions
Business Banking - Consulting and Turnkey Services Provide either in-house, or through turnkey operation, suite of financial products. Products may include loan products, risk monitoring, and consulting services for business loan, deposit, payment and cash management products. Other Conditions: Comply with the Member Business Loan Regulation - Part 723 of the NCUA Rules and Regulations.
Business loan origination Provide business loan consulting and origination services. Examples of business loan origination include commercial real estate, term loans, lines of credit, construction, agriculture, SBA loans, and loan participation servicing and brokering. Other Conditions: Comply with the Member Business Loan Regulation - Part 723 of the NCUA Rules and Regulations.
Business Loan Support Services Provide business loan processing and sales to include pre- and post closing underwriting, risk monitoring reports, document preparation, and servicing. Loan support services may also include debt collection services and sale of repossessed collateral. Other Conditions: None
 

 

Category - Payments and Electronic Transaction Services

Activity Description of Service Activity Conditions
Automated Clearing House (ACH) Providing services for the receipt, processing, distribution, and settlement of electronic credits and debits among financial institutions for final posting to business entities, credit unions and members/consumers. Activities include receipt of ACH files; file distribution; receipt and processing of returned items and notification of change files; offering and/or processing ACH origination files; assisting with ACH exceptions and transaction disputes; providing settlement of ACH files; and other similar ACH services. Other Conditions:
  1. Restrict CUSO ownership to one corporate unless approved by NCUA.
  2. Comply with NACHA rules.
  3. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
  4. Comply with the Security Program Requirements – Part 748 to safeguard consumer information.
  5. Maintain bond/liability insurance as appropriate.
  6. Adhere to AICPA audit standards for reporting on controls at a service organization.
  7. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results.
  8. Utilize distributed settlement model if providing services to other corporate credit unions.
Wire Transfer Services (Domestic and International) Electronically transferring funds through the Federal Reserve Bank, other financial institution, or other similar third-party funds transfer agent (i.e., Western Union, etc.) directly to a domestic or foreign financial institution or receiving transfer agent with final credit to business entities, credit unions, and member/consumers. Other Conditions:
  1. Restrict CUSO ownership to one corporate unless approved by NCUA..
  2. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
  3. Comply with the Security Program Requirements – Part 748 to safeguard consumer information.
  4. Comply with NCUA and FFIEC Guidance for Authentication in an Internet Banking Environment as applicable.
  5. Prefund transactions prior to processing.
  6. Maintain bond/liability insurance as appropriate.
  7. Adhere to AICPA audit standards for reporting on controls at a service organization.
  8. . Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results.
Forward Check Collection / Remote Deposit Capture Services Offering a suite of image, electronic, and paper forward check processing, collection, clearing, settlement, adjustment, and reporting services. Deposit processing may occur as either “traditional” paper processing, electronic truncation, or image capture, processing, and transmission of check images from remote or centralized locations. Remote deposit capture services may include branch, teller, merchant, ATM, and consumer capture, and other similar forward check collection services. Activities may include resale of equipment through negotiated agreement, bundled services, and support agreements. Other Conditions:
  1. Restrict CUSO ownership to one corporate unless approved by NCUA.
  2. Comply with Federal Reserve Operating circulars and/or image clearing house operating agreements.
  3. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
  4. Comply with the Security Program Requirements – Part 748 to safeguard consumer information.
  5. Comply with NCUA and FFIEC Guidance for Authentication in an Internet Banking Environment as applicable.
  6. Maintain bond/liability insurance as appropriate.
  7. Adhere to AICPA audit standards for reporting on controls at a service organization.
  8. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results.
  9. Utilize distributed settlement model if providing services to other corporate credit unions.
Share Draft (Check) Processing Offering inclearing services for the receipt and processing of share drafts (checks) either as electronic images or physical checks received from the Federal Reserve Bank, image exchange networks, or through direct presentment arrangements with other financial institutions. Services include receipt and processing of inclearing checks for file distribution, processing of return files, adjustments, dispute resolution assistance, financial settlement of files, and other similar services. Other Conditions:
  1. Restrict CUSO ownership to one corporate unless approved by NCUA.
  2. Comply with Federal Reserve Operating circulars and/or image clearing house operating agreements.
  3. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
  4. Comply with the Security Program Requirements – Part 748 to safeguard consumer information.
  5. Comply with NCUA and FFIEC Guidance for Authentication in an Internet Banking Environment as applicable.
  6. Maintain bond/liability insurance as appropriate.
  7. Adhere to AICPA audit standards for reporting on controls at a service organization.
  8. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results.
  9. Utilize distributed settlement model if providing services to other corporate credit unions.
Share Draft, Check Imaging, and Archival Services Providing services for capturing and storing images of physical share drafts or checks for the purpose of facilitating forward check collection, maintaining electronic archives, and facilitating electronic access to check images for consumers’ statements, integration with internet banking websites, and other similar purposes. Service may also include creating copies of archival history to facilitate “in-house” storage or transfers to new third-party service providers. Other Conditions:
  1. Restrict CUSO ownership to one corporate unless approved by NCUA.
  2. Comply with Federal Reserve Operating circulars and/or image clearing house operating agreements.
  3. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
  4. Comply with the Security Program Requirements – Part 748 to safeguard consumer information.
  5. Comply with NCUA and FFIEC Guidance for Authentication in an Internet Banking Environment as applicable.
  6. Maintain bond/liability insurance as appropriate.
  7. Adhere to AICPA audit standards for reporting on controls at a service organization.
  8. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results.
Share Draft Fraud and Risk Management Services Offering complementary services for share draft processing designed to identify and prevent checking account fraud and losses during the share draft clearing process. Other Conditions:
  1. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
  2. Comply with the Security Program Requirements – Part 748 to safeguard consumer information.
  3. Maintain bond/liability insurance as appropriate.
  4. Adhere to AICPA audit standards for reporting on controls at a service organization.
  5. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results.
Official Check Services Offering business share drafts (checks), official checks, and money order programs to include processing, clearing, and settlement of items, maintaining list of issued drafts, and providing daily reports for reconciliation. Other Conditions:
  1. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
  2. Comply with the Security Program Requirements – Part 748 to safeguard consumer information.
  3. Maintain bond/liability insurance as appropriate.
  4. Adhere to AICPA audit standards for reporting on controls at a service organization.
  5. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results.
Lockbox & Remittance Services Providing wholesale or small batch retail remittance processing services. Service includes receiving and processing payments, providing reports or files of activity, depositing of funds, and forward collection of items. Other Conditions:
  1. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
  2. Comply with the Security Program Requirements – Part 748 to safeguard consumer information.
  3. Maintain bond/liability insurance as appropriate.
  4. Adhere to AICPA audit standards for reporting on controls at a service organization.
  5. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results.
Online & Mobile Banking Offering internet-based technological services which may provide real-time, 24/7 access to consumers’ financial information. This includes the ability to manage a variety of transactional and non/transactional activities within and between accounts which may include electronic transfers, payments, on-line loan applications, and other similar banking activities. Access to accounts may be through internet web applications and/or portable electronic devices. Other Conditions:
  1. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
  2. Comply with the Security Program Requirements – Part 748 to safeguard consumer information.
  3. Comply with NCUA and FFIEC Guidance for Authentication in an Internet Banking Environment as applicable.
  4. Maintain bond/liability insurance as appropriate.
  5. Adhere to AICPA audit standards for reporting on controls at a service organization.
  6. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results.
Bill Pay and Electronic Bill Presentment and Payment (EBPP) Services Offering services to allow consumers to send money to a creditor or vendor to be credited against a specific account. Bill payments may be executed electronically, via paper check or banker's draft, or other similar electronic payment means. Services may also include electronically presenting bills and/or billing statements. Other Conditions:
  1. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
  2. Comply with the Security Program Requirements – Part 748 to safeguard consumer information.
  3. Comply with NCUA and FFIEC Guidance for Authentication in an Internet Banking Environment as applicable.
  4. Maintain bond/liability insurance as appropriate.
  5. Adhere to AICPA audit standards for reporting on controls at a service organization.
  6. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results.
Electronic Statements/Paper Statements Providing electronic and paper delivery of periodic account statements. Other Conditions:
  1. Comply with the Security Program Requirements – Part 748 to safeguard consumer information.
  2. Comply with NCUA and FFIEC Guidance for Authentication in an Internet Banking Environment as applicable.
  3. Maintain bond/liability insurance as appropriate.
  4. Annually provide OCCU copy of bond/liability insurance, business continuity plans and test results.
Credit Card, Debit Card, and Gift or Prepaid Card Program Services Offering debit, credit, and gift or prepaid card programs and processing to include: access to card networks and gateways, authorization and settlement of signature debit transactions, including settlement of related funds; fraud monitoring, risk management, and case support services to include neural networks and charge-back processing services; back office card support and management, reconciliation of daily settlement and adjustment processing; card maintenance, issuance, and transaction reports; card program project management and implementation; and other similar services. Gift or prepaid cards may be reloadable or non-reloadable. Other Conditions:
  1. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
  2. Maintain bond/liability insurance as appropriate.
  3. Maintain and certify compliance with current PCI/DSS (Payment Card Industry/Data Security Standards).
  4. Maintain neural network or other industry standard fraud detection system.
  5. Comply with network processing agreements and standards.
  6. Adhere to AICPA audit standards for reporting on controls at a service organization.
  7. Annually provide OCCU copy of bond/liability insurance, business continuity plans and test results, report on controls at a service organization, and PCI/DSS compliance certification.
Automated Teller Machine (ATM), Electronic Funds Transfer (EFT), and Point of Sale (POS) Services and Networks Offering programs that allow access to a network of EFT terminals and ATMs to initiate PIN-based debit or ATM card transactions. ATM services include utilizing a shared ATM network, setting up a private ATM network, monitoring of ATM connectivity and availability, including the management of telecom circuits and modems, assisting with the implementation of new ATMs, ensuring data security and integrity, providing network access, authorization of PIN transactions completed at ATMs, including settlement of related funds. Other services include fraud monitoring of PIN transactions, adjustment and dispute resolution processing to include card blocking, chargeback processing, related research and other similar services. Other Conditions:
  1. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
  2. Maintain bond/liability insurance as appropriate.
  3. Maintain and certify compliance with current PCI/DSS.
  4. Maintain neural network or other industry standard fraud detection system.
  5. Comply with network processing agreements and standards.
  6. Adhere to AICPA audit standards for reporting on controls at a service organization.
  7. Annually provide OCCU copy of bond/liability insurance, business continuity plans and test results, report on controls at a service organization, and PCI/DSS compliance certification.
Shared Branching Services Providing for the sharing of infrastructure to establish a private, secure, cooperative processing network that accepts transactions from members of participating credit unions. Shared branching functionality includes conducting deposits, account balance inquiries, and check cashing, and requesting funds transfers, official checks, or other similar services. Other Conditions:
  1. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
  2. Comply with the Security Program Requirements – Part 748 to safeguard consumer information.
  3. Comply with NCUA and FFIEC Guidance for Authentication in an Internet Banking Environment as applicable.
  4. Maintain and certify compliance with current PCI/DSS network standards or other similar shared network security standard, if applicable.
  5. Maintain bond/liability insurance as appropriate.
  6. Adhere to AICPA audit standards for reporting on controls at a service organization.
  7. Annually provide OCCU copy of bond/liability insurance, business continuity plans and test results, report on controls at a service organization, and PCI/DSS compliance certification, if applicable.
 

 

Service Category - Information Technology Services

Activity Description of Service Activity Conditions
Web Development, Hosting, & Content Management Developing and designing non-transaction public web sites, private or internal web sites, and web applications. Web site hosting to include maintaining the servers and html code for public and private web sites, intranets, and Web applications used on customer websites. Offering web content management (WCM) systems to simplify the publication of web content and updates to web sites and mobile devices. Other Conditions:
  1. Maintain business recovery plan ensuring uninterrupted operations.
  2. Maintain bond/liability insurance appropriate for activity.
  3. Adhere to AICPA audit standards for reporting on controls at a service organization.
  4. Annually provide OCCU copy of bond/liability insurance, business contingency plans & test results.
Web Authentication & Security Monitoring Web security and monitoring services such as authentication and encryption of passwords and other similar techniques for secure member login to intranets, extranets, and private websites; host based intrusion protection and detection; log monitoring; hacker-safe monitoring programs; and configuration and daily administration web security and other similar monitoring services. Other Conditions:
  1. Comply with the Security Program Requirements - Part 748 of the NCUA Rules and Regulations.
  2. Comply with NCUA and FFIEC Guidance for Authentication in an Internet Banking Environment as applicable.
  3. Maintain bond/liability insurance appropriate for activity.
  4. Adhere to AICPA audit standards for reporting on controls at a service organization.
  5. Annually provide OCCU copy of bond/liability insurance, business contingency plans & test results
Software Systems Development / Application Programming Interface (API) Development Designing, coding, testing and updating custom software system data programs and other code (e.g., scripts). Application Programming Interface (API) development includes developing, testing, and updating custom applications which interface with other existing systems and applications such as core processing systems. Other Conditions:
  1. Comply with the Security Program Requirements - Part 748 of the NCUA Rules and Regulations.
  2. Conduct independent code review for custom software systems and applications.
  3. Adhere to audit standards for third-party service providers.
  4. Maintain source code for custom developed software systems in escrow or in similar arrangement.
Secure Collaboration Services Programs, systems, or sites for establishing secure communication channels for private document storage and distribution, and dissemination of confidential or sensitive information for the purpose of collaboration between authorized parties. Other Conditions:
  1. Comply with the Security Program Requirements - Part 748 of the NCUA Rules and Regulations.
Information Technology (IT) Consulting and Management Services Consulting and management services for IT infrastructure design and architecture, system security, administration, support, resource management and monitoring. Services include offering Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and planning and management, and the provisioning (*) of hardware and software for business continuity planning to include online data backup and recovery services.

(*) Providing or supplying the actual IT hardware/software necessary for Business Continuity/Disaster Recovery.
Other Conditions:
  1. Comply with the Security Program Requirements - Part 748 and Records Preservation Program and Records Retention Appendix – Part 749 of the NCUA Rules and Regulations.
  2. Maintain bond/liability insurance appropriate for activity.
  3. Annually provide OCCU copy of bond/liability insurance, vendor due diligence reports, security program, business contingency plans & test results.
 

 

Service Category – Investment/ALM

Activity Description of Service Activity Conditions
Asset Liability Management (ALM) Consulting, Advisory, and Reporting Services Consulting, advisory, and reporting services for balance sheet and interest rate risk management. This includes ALM interest rate risk modeling, measurement, and reporting; ALM model validation services; consulting services for ALM policy development, core deposit studies, lending pool analysis and valuations, and other similar services. Other Conditions: None