NCUA has developed and implemented Phase I of its Information Systems & Technology Examination Program (ISTEP). Phase I of the program focuses on electronic financial services and more specifically, e-Commerce services (see the Appendix for definitions). If your credit union offers e-Commerce services to its membership, federal or state examiners may use the ISTEP during the examination of your credit union. The ISTEP tools provided to examiners include the following:
- e-Commerce I (EC1): High level e-Commerce questionnaire for reviewing eCommerce services and activities.
- e-Commerce II (EC2): Detailed questionnaire for reviewing e-Commerce services and activities.
- EDP Review (EDPR): Electronic Data Processing review program for reviewing a credit union’s overall information and technology systems.
Examiners will use EC1 if your credit union provides e-Commerce services. Examiners may also use EC2 to address areas not sufficiently covered by EC1 or in those instances where your operating environment and services provided suggest a more in-depth review is advisable. Examiners may also elect to use the EDPR to conduct a general review of your electronic data processing systems.
For your information, I have enclosed with this Letter copies of the two e-Commerce questionnaires and EDPR program. Since technology changes at a rapid pace, NCUA expects to update the program as needed to keep pace with those changes. The most recent version of the program will be continuously available for download from our website (www.ncua.gov).
In the near future and ongoing, NCUA will issue Letters to Credit Unions, guidance papers, and articles specifically addressing information systems and technology issues. These documents will also be available for download from our website.
If you have any questions or concerns, please contact your NCUA Regional Office or State Supervisory Authority.
Norman E. D’Amours
National Credit Union Administration Board