Data Exchange Application Frequently Asked Questions

General Questions

What Is DEXA?

DEXA is the NCUA’s new web-based data ingest tool used primarily by credit unions and examiners to import credit union member loan and share data for examination supervision purposes.  DEXA replaces and improves functionality previously used in AIRES.

Close and return to top

How Do I Get Access to DEXA?

Once the pilot is complete, approved users will access DEXA by logging into NCUA Connect.  DEXA will be a tile on the user’s dashboard.

Close and return to top

Has the AIRES loan/share schema changed?

No.  The member loan and share download requirements remain unchanged at this time.  Files that follow the schema in NCUA Letter to Credit Unions 03-CU-05 can be imported into DEXA.

Close and return to top

What is the loan/share type map template and where can I find it?

The mapping template is used to map the credit union’s loan/share type codes to a standard NCUA list of type codes for better analytics and loan review selection.  There are separate type map templates for loans and another one for shares.   A type map template is required to upload loan and share files through DEXA.  The type map templates can be found on the DEXA webpage. 

Close and return to top

What Are NCUA’s Information Security Requirements?

The NCUA exercises great care in protecting sensitive information such as personally identifiable information and its information systems. As a federal agency, the NCUA must comply with security standards for federal information and information systems. All systems operated by the NCUA must meet the minimum information security requirements established by the National Institute of Standards and Technology. In addition to NIST standards and guidelines, the NCUA is subject to federal statutes such as the Federal Information Security Modernization Act of 2014, the E-Government Act of 2002, the Privacy Act of 1974 and various OMB policies and guidance concerning federal information management, FISMA reporting, and privacy.

The NCUA uses administrative, technical, and physical controls, including but not limited to: assessment and authorization of information systems; proactive threat assessments and continuous monitoring; and annual general and role-based security training for employees and contractors. 

The Office of the Inspector General conducts independent audits, investigations and other activities to verify the NCUA’s compliance with applicable standards, laws and regulations related to privacy and information security. The derived reports are used to keep the NCUA Board and U.S. Congress informed of any deviation from requirements.

Close and return to top
Last modified on