ARLINGTON, Va.--The National Association of State Credit Union Supervisors (NASCUS) has submitted three comment letters to NCUA regarding the agency’s ongoing Deregulation Project and its efforts to modernize federal credit union regulations, while emphasizing the importance of regulatory clarity, supervisory effectiveness, and risk-based oversight.
Collectively, the comment letters address NCUA’s proposed amendments to regulations governing corporate credit unions (Part 704), supervisory committee audits and verifications (Part 715), and the safeguarding of member information and response programs for unauthorized access to member information (Part 748). In each letter, NASCUS said it supports reducing outdated, duplicative, and overly prescriptive requirements, and encourages the NCUA to ensure that regulatory relief is paired with clear expectations and durable supervisory frameworks.
NASCUS said it appreciates the NCUA’s commitment to reviewing its regulations with an eye toward modernization and regulatory relief. However, NASCUS provided additional recommendations for consideration in the individual letters:
NASCUS Comments on NCUA Rules & Regulations Part 704: Corporate Credit Unions
In its comments on Part 704, NASCUS encourages consideration of additional steps to revisit certain constraints placed on corporate credit unions in 2009, which would further reduce regulatory burden and enhance corporate credit union utility to natural person credit unions without exposing the Share Insurance Fund (SIF) to additional risk.
NASCUS Comments on NCUA Rules & Regulations Part 715—Supervisory Committee Audits & Verifications
Regarding Part 715, NASCUS expressed the need to reinforce accurate recordkeeping while providing additional regulatory relief through consolidation of federal insurance rules, clarifying the role of Part 715 Appendix A as rule or guidance, harmonizing the proposed changes with Parts 704, 748, and other rules under review, and modernizing the rule’s “Passbook” terminology.
In its comments on Part 748, NASCUS supported the distinction between regulation and guidance but stressed that regulatory relief should not dilute core cybersecurity expectations, create additional challenges to access guidance, or inhibit transparency and vetting of such guidance. If the NCUA moves forward with the proposal, NASCUS urges the NCUA to ensure that any future guidance is developed transparently, with stakeholder input, and preserves the essential components currently contained in Appendices A and B—risk assessment, written information security programs, incident response protocols, vendor management, board oversight, response program development, and appropriate notifications—which are foundational to effective cybersecurity governance.
"In conclusion, NASCUS encourages the NCUA to coordinate rulemaking efforts with state agencies, align implementation timelines, and support regulatory changes with updated guidance and examiner training. NASCUS emphasizes that a consistent, modern regulatory framework benefits credit unions, regulators, and the broader financial system by reducing compliance complexity while preserving strong supervisory outcomes," NASCUS said.