NCUA Chairman Urges Credit Unions To
Enhance Due Diligence Of
Third Party Vendors and Consumer Compliance
Johnson Focuses on Information Technology and Consumer Compliance
San Francisco, CA, May 13, 2005 – Enhanced due diligence by America’s credit unions of all third party vendors and compliance should be a top safety and soundness priority, says National Credit Union Administration (NCUA) Board Chairman JoAnn Johnson.
Addressing the Information Technologies Credit Union Association, Chairman Johnson said “due diligence must remain a priority for credit unions.” She said the NCUA is focusing closer on information technology and system controls in credit unions, because safe integration of technology and proper data security for credit union members are important safety and soundness priorities.
“Just as modernizing technology is an important investment for credit unions, likewise, we at NCUA believe that maintaining modernization in our information systems is vital for the regulator and the regulated,” said Chairman Johnson.
“However, there are data security threats occurring across the country and credit unions have been affected. Such scams, as phishing, have contributed to a rise in identify theft, credit card fraud, and other Internet-based fraud. Therefore, these security threats must be considered as part of a credit union’s information technology security plan.”
In addition to technology issues, Chairman Johnson reiterated that violations of the Bank Secrecy Act and Office of Foreign Assets Control (OFAC) regulations remain a focus and any violations will be addressed by NCUA.
The most frequently reported violations of the Bank Secrecy Act are weaknesses in member and/or customer identification policies, comprehensive anti-money laundering policies, and independent testing.
“NCUA takes BSA and OFAC violations seriously and encourages credit unions to have the appropriate compliance plans in place,” reiterated Chairman Johnson. “We also recognize as credit unions continue to modernize technology and implement compliance measures, it may require increased investments in fixed assets.”
“While data security threats to credit unions have been limited compared to other financial institutions, we must not rest on our laurels, but should plan accordingly to meet the challenges ahead.”
| 