ACH Unauthorized Entry Fee

The Rule is intended to improve ACH Network quality by reducing the incidence of ACH debits that are returned as unauthorized. Under this Rule, an ODFI will pay a fee to the RDFI for each ACH debit that is returned as unauthorized (return reason codes R05 reserved, R07 authorization revoked by customer, R10 customer advises not authorized; ineligible, notice not … Read More

Delay in Overtime Pay Rule Release

On July 6, 2015, the Department of Labor released its proposal to update overtime pay rules. Currently, in order to be considered exempt from overtime pay, employees must meet certain minimum tests related to their primary job duties and be paid on a salary basis not less than $23,660 annually. The proposal rule raises the threshold to $47,892 annual. The … Read More

FFIEC Revised Management Booklet

The Federal Financial Institutions Examination Council (FFIEC) members issued a revised Management booklet, which is part of the FFIEC Information Technology Examination Handbook (IT Handbook). The Management booklet, including the examination procedures, has been substantially revised. The booklet outlines the principles of sound governance and, more specifically, information technology (IT) governance. The booklet explains how IT risk management relates to … Read More

Automated Cybersecurity Tool

The Financial Services Sector Coordinating Council has developed and made available an Automated Cybersecurity Assessment Tool that that can be used in conjunction with the FFIEC’s assessment tool. It is in a user-friendly Excel spreadsheet that provides risk criteria and cybersecurity maturity levels, then presents those results in graphs and charts to better illustrate where users need to focus efforts … Read More

The NCUA has released a video on its risk-based capital (RBC) rule

The video covers the rule’s framework, changes made from proposal to final rule stage and an overview of the NCUA’s three-year implementation plan. Additional materials, including an impact analysis and a RBC estimator, are available on the NCUA’s RBC resource page. The rule applies to federally insured credit unions with more than $100 million in assets. The rule will become … Read More

Joint Statement on Cyber Attacks Involving Extortion

The FFIEC issued a Statement notifying financial institutions of the increasing frequency and severity of cyber attacks involving extortion. The Statement does not contain any new regulatory expectations. Credit unions should develop and implement effective programs to ensure they are able to identify, protect, detect, respond to, and recover from these types of attacks. The Statement recommends that financial institutions … Read More

NCUA Releases Cybersecurity Video

The video provides an overview of how the assessment tool works. The assessment tool can help credit unions pinpoint strengths and weakness in their cyber security programs. “The increasing volume and sophistication of cyber threats pose real risks to the credit union system,” NCUA Board Chairman Debbie Matz said. “NCUA has created this new video to supplement the online information … Read More

Risk-Based Capital Rule

The NCUA released its final rule on risk-based capital requirements. Complex credit unions (those over $100 million in total assets as of its latest Call Report) will be required to calculate their risk-based capital ratio instead of its net worth to determine capital adequacy. Recommended Actions: In preparation for the rule’s effective date of January 1, 2019, credit unions with … Read More

Changes to Information Technology Exams

The DCU has outsourced parts of its credit union IT exams to Security Compliance Associates (SCA) from November 2015 through June 2017. The Bulletin states more resources and hours will be devoted to IT examinations (i.e. one to two additional days will be added to the standard IT exams beginning in 2016). Examination hours will be scaled either down or … Read More

NACHA Third-Party Sender Registration Proposed Rule

The proposed rule would apply to Third-Party Senders that are the ODFI’s direct customers, as well as those other Third-Party Senders that are direct customers of the first Third-Party Sender, otherwise known as “nested” Third-Party Senders (The rule would also apply regardless of whether the ODFI allows the Third-Party Sender Direct Access to an ACH Operator. In the case of … Read More