ARLINGTON, Va.–The National Association of State Credit Union Supervisors (NASCUS) and its Credit Union Advisory Council have approved new policies addressing cybersecurity and cannabis banking.
NASCUS said the new cybersecurity policy would authorize it to support federal legislation that:
- Applies cybersecurity requirements and disclosure obligations to merchants that handle consumers personally identifiable information and personal financial information
- Preserves the authority of states to regulate and supervise cybersecurity and privacy protections for the benefit of their citizens by setting federal standards only as a floor, not a ceiling, for state specific protections
Federal Law Needed
“Since the vast majority of organizations responsible for data breaches are not financial institutions and are not subjected to the same rigorous requirements as financial service providers, federal cybersecurity legislation should require any entity that collects or stores personally identifiable information to be held responsible for protecting that data and informing the public when data security measures fail,” said NASCUS President and CEO Lucy Ito. “Further, many states have data security regulations and breach notification requirements in place. Where a state has an existing data security and breach notification structure in place that provides for more stringent protections, deference should be given to the state law. We believe a state’s legislature and state supervisory agency are best equipped to determine the most effective means to protect its consumers.”
Meeting Member Needs
According to NASCUS the newly approved cannabis banking policy moves the association from merely calling for clarification—permissible or impermissible—to explicitly supporting federal legislation making it permissible for financial institutions to provide financial services to state authorized cannabis businesses and to third-party businesses that serve the cannabis businesses.
“Financial institutions in the states that have legalized some form of cannabis use, should be able to provide financial services to the state-sanctioned cannabis business in their communities,” said Ito. “Without access to the financial system, these businesses would have to operate in cash which could lead to tremendous public safety issues and fraud instances. The new NASCUS policy would ensure credit unions could serve their members and meet the needs.”