Credit Union Legal Update – NCUA’s List of Required Policies for Board of Directors of Credit Unions
By , Credit Union
Dozens of new regulations, or amendments to regulations, require new credit union policies. Yet regulators often fail to specify if board action is required regarding a credit union policy. Several years ago, we published an analysis of which policies require action and due to popular demand, Kaufman & Canoles has updated it and brings the new analysis to its readers.
| Required Policy | Executive Summary | Regulation/Reference | |
|---|---|---|---|
| 1. | Ability-to-Repay and Qualified Mortgage Standards Under the Truth in Lending Act | This regulation does not state or imply that a policy must be implemented by a Board of Directors | 12 CFR 1026 as amended by 78 FR 35429 |
| 2. | Application of Regulation Zs Ability-to-Repay Rule to Certain Situations Involving Successors-in-Interest | This short rule lacks commentary and merely articulates the Bureaus interpretation of Regulation Z, and the Truth-in-Lending Act. It does not detail requirements for implementing the policy | 12 CFR 1026 as amended by 79 FR 41631 |
| 3. | Bank Bribery Law | Adopt internal codes of conduct or written policies to include explanation of general prohibitions of bank bribery law, alert credit union officials about bank bribery statute, as well as establish and enforce written policies on acceptable business practices | Interpretative Ruling and Policy Statement 87-1 |
| 4. | Bank Secrecy Act Compliance Policy
| CU must establish and maintain written compliance program for the BSA. CIP Policy prevents money laundering and terrorist financing scheme | 12 CFR 748.2(b); pt. 751.214 for state-chartered credit unions |
| 5. | Chartering and Field of Membership Manual | The Chartering and Field of Membership Manual must be implemented by a Board. Associational common bond provisions expanded | 12 CFR 701 as amended by 81 FR 88412 |
| 6. | Childrens Online Privacy Protection ACT (COPPA) Compliance Policy | Adopt a policy for implementing COPPA that includes providing a privacy notice on website and a notice to parents | 16 C.F.R. pt. 312.4 |
| 7. | Compliance Policy/Program | Each CU should have a compliance officer that is responsible for general compliance. Additionally, officers in different divisions should be responsible for compliance in their divisions | See Compliance Manual at 8 |
| 8. | Consumer Leasing Act Policy (Regulation M) | This recent amendment lacks commentary and relates to a change that is technical and applies the calculation method set forth elsewhere | 12 CFR 1013 and 12 CFR 213 as amended by 81 FR 86256 |
| 9. | Contingency Funding Plan | Sets out strategies for addressing liquidity shortfalls in emergency situations | 12 CFR 741.12; NCUA Supervisory Letter No. 14-03 |
| 10. | Credit by Banks and Persons Other than Brokers or Dealers for the Purpose of Purchasing or Carrying Margin Stock | Adopt comprehensive procedures for implementing Reg. U (if applicable) | Reg. U |
| 11. | Credit Practices Policy | Adopt policy re: credit practices | 12 CFR pt. 706 |
| 12. | Credit Union Service Organizations | The Board of Directors must perform the necessary due diligence to ensure each CUSO complies with all regulations. The final rule requires a FICU to obtain a written agreement from a Credit Union before investing in or lending to the CUSO. This written agreement must provide that the CUSO will annually submit, pursuant to NCUA guidance, a report containing general registration information directly to NCUA and the appropriate SSA | 12 CFR 712 and 12 CFR 741 as amended by 78 FR 72537 |
| 13. | Definition of the Term Fiduciary; Conflict of Interest Rule- Retirement Investment Advice | Under Footnote 4, it relays some of the commentary regarding the implementation procedures, stating the procedures for implementation include drafting and implementing training for staff, drafting client correspondence and explanations of revised product and service offerings, negotiating changes to agreements with product manufacturers to facilitate compliance, and changing employee and agent compensation structures, among other things. There is no reference to implementation via a Board of Directors | 29 CFR 2509, 29 CFR 2510, and 29 CFR 2550 as amended by 82 FR 16902 |
| 14. | Denial of Services | Adopt a policy to limit or restrict member services | NCUA Office of General Counsel |
| 15. | Derivatives Policy | A federal credit union with derivatives authority must operate according to a comprehensive written policy | 12 CFR pt. 703, Subpart B, 12 CFR 703.106 |
| 16. | Disaster Recovery and Business Resumption Contingency Plan | Develop contingency plan in preparation of disaster or other event to ensure uninterrupted service to members | NCUA Letter 01-CU-21; NCUA Letter 08-CU-07 FFIEC Updated Business Continuity Planning Examination Handbook; NCUA Letter 08-CU-01; Risk Alert 06-Risk-01; 12 CFR pt. 748; 12 CFR pt. 749 |
| 17. | Disclosure and Delivery Requirements for Copies of Appraisals and Other written Valuations Under the Equal Credit Opportunity Act (Regulation B) | This regulation does not state or imply that it must be implemented by a Board of Directors | 12 CFR 1002 as amended by 78 FR 7215 |
| 18. | Dividend Nondiscriminatory Policy | To establish dividend periods, dividend credit determination dates, distribution dates, any associated penalties, and the method of dividend computation | Appendix C to 12 CFR Part 707 |
| 19. | Electronic Fund Transfer Act Policy (EFT) | Adopt policy implementing Reg. E | Reg. E |
| 20. | Employee Incentive or Bonus Policy | Adopt policy for incentives to an employee in connection with loans made by all except senior management | 12 CFR 701.21(c)(8)(iii)(c) |
| 21. | Equal Credit Opportunity Act Policy | Ensure compliance with ECOA and adopt non-discrimination policy for credit transactions | Reg. B; 12 CFR pt. 1002 |
| 22. | E-Sign Act Policy | Adopt policy and procedures regarding use of electronic records | NCUA Compliance Manual; E-Sign Act 101(C)(1) |
| 23. | Expedited Funds Availability Act Policy | Adopt policies to comply with Regulation CC and all related regulatory requirements. This includes adopting:
| Reg. CC |
| 24. | Fair Credit Reporting Act Policy | Ensure procedures are in place for implementing and complying with FCRA | FCRA |
| 25. | Fair Debt Collection Practices Act Policy | Ensure procedures are in place for implementing and complying with FDCPA | FDCPA |
| 26. | Fair Housing Act Policy | Board must ensure that policy for implementing FHA does not tolerate illicit discrimination in any transaction relating to residential real-estate | FHA; 24 CFR pt. 100 |
| 27. | Federal Credit Union Ownership of Fixed Assets | The rule requires supervisory guidance and states that such guidance will reflect current supervisory expectations that require an FCU to demonstrate appropriate due diligence, ongoing Board and management oversight, and prudent financial analysis to ensure the FCU can afford any impact on earnings and net worth levels caused by its purchase of fixed assets. Additionally, under Footnote 16 it states, the credit unions Board needs to approve plans for any investment in fixed assets that will materially affect the credit unions earning and that credit union management should only purchase fixed assets in compliance with policy approved by the credit unions Board | 12 CFR 701 as amended by 80 FR 45844 |
| 28. | Fiduciary Duties Policy | Adopt policy that specifies the fiduciary duties of the Board of Directors | 12 CFR 701.4 |
| 29. | Financial Education Program for the Board of Directors | Implement a policy that makes training available for enhancing the financial knowledge of the directors | NCUA Letter to Federal Credit Unions 11-FCU-02 12; 12 CFR 701.4 |
| 30. | Flood Disaster Protection Act Policy or National Flood Insurance Act Compliance Policy | Adopt policy for implementing National Flood Insurance Act | FDPA; 12 CFR pt. 760 |
| 31. | Foreclosure and Repossession Policy | Adopt policy to address mortgage foreclosure concerns | NCUA Accounting Manual for FCUs; See NCUA Letter to Credit Unions 11-CU-01; NCUA Letter 08-CU-25 |
| 32. | High-Cost Mortgage and Homeownership Counseling Amendments to the Truth in Lending Act (Regulation Z) and Homeownership Counseling Amendments to the Real Estate Settlement Procedures Act (Regulation X) | This regulation does not state or imply that it must be implemented by a Board of Directors | 12 CFR 1024 and 12 CFR 1026 as amended by 78 FR 6855 |
| 33. | Home Mortgage Disclosure (Regulation C) Adjustment to Asset-Size Exemption Threshold | The amendment to this final rule is technical and non-discretionary, and it merely applies the formula established by Regulation C for determining any adjustments to the exemption threshold | 12 CFR 1003 as amended by 80 FR 79673 |
| 34. | Home Mortgage Disclosure Act Policy | Adopt policy for implementing HMDA when collecting and maintaining accurate of covered loans/applications | Reg. C |
| 35. | Homeowner’s Protection Act (HOPA) | Adopt HOPA compliance policies because NCUA may enforce HOPA | HOPA |
| 36. | Indirect Lending Policies | Adopt comprehensive policies re: indirect lending, including underwriting and monitoring, and clear policies for selecting third party vendors | NCUA Letter to Credit Unions, Letter No. 10-CU-15 |
| 37. | Information Security Program | Each CU must institute a written security program to protect CU from robberies, etc., prevent destruction of vital records, layered security, member account authentication, multifactor identification of members, and risk assessment process | 12 CFR pt. 748; 12 CFR pt. 749; NCUA Letter to Credit Unions, 11-CU-09, 05-CU-18, 06-CU-13; FFIEC Supplement to Authentication in an Internet Banking Enviroment |
| 38. | Interest Rate Risk Policy | Adopt policies as part of the asset liability management of the credit union | 12 CFR pt. 741 |
| 39. | Investment and Deposit Activities-Bank Notes | The NCUA Board (Board) is finalizing a rule that amends the maturity requirement for bank notes to be permissible investments for federal credit unions (FCUs) by removing the word original from the current requirement that bank notes have “original weighted average maturities of less than 5 years” | 12 CFR 703 as amended by 81 FR 17601 |
| 40. | Investment Policy | Adopt policies re: liquidity, investment objectives, cash deposits, etc. Review annually (can be part of a broader ALM policy) | 12 CFR 703.3; Supervisory Letter No. 14-03 |
| 41. | Liquidity and Contingency Funding Policy | The final rule requires FICUS with less than $50 million in assets to maintain a basic written policy that provides a credit union board-approved framework for managing liquidity and a list of contingent liquidity sources that can be employed under adverse circumstances. Additionally, the policy establishes a reporting requirement to keep the Board apprised of the institution’s liquidity position | 12 CFR Part 741.12 |
| 42. | Loans Participation Policy | Adopt policies re: member loan participation policies and procedures | 12 CFR 701.22 (b) and (c) |
| 43. | Loan Workout Policy | Develop written policy and standards that control the use of loan workouts | Appendix C to 12 CFR pt. 741 |
| 44. | Loans and Lines of Credit Policies/Loan Incentive Practices | Written policies for loans and lines of credit consistent with the relevant provisions applicable laws and regulations; to contain real estate leanding policies related to appraisal and evaluation program | Interagency Appraisal & Evaluation Guidelines; 12 CFR 701.21 (c)(2); 12 CFR 741.3; 12 CFR 701.21 (c)(8) |
| 45. | Management Officials Interlocks Act Compliance Policy | Adopt compliance policy for Interlocks Act | 12 U.S.C. 1823(k), 3207; 12 CFR pt. 711.4-.6 |
| 46. | Member Business Loan Policy; Commercial Lending | Establish guidelines and overall lending strategy to integrate with overall asset liability management. There are numerous procedures required of a Board of Directors. First, a credit union’s Board of Directors is ultimately responsible for the credit union’s commercial loan risk, and… the Board must establish adequate controls and provide sound governance for the credit union’s commercial lending program. A credit union’s Board of Directors can delegate the responsibility to a committee. However, the Board of Directors is ultimately accountable for the safety and soundness of the credit union’s commercial lending activities. | 12 CFR pt. 723, NCUA Letter to Credit Unions 10-CU-02; 12 CFR 701, and 12 CFR 741 as amended by 81 FR 13529 |
| 47. | Military Lending Act – Limitations on Terms of Consumer Credit Extended to Service Members and Dependents | There is no discussion regarding board-approved procedures or Board requirements | 32 CFR 232 as amended by 80 FR 43559 |
| 48. | Office of Foreign Asset Control (OFAC) Policy and Procedure | Credit Unions must monitor all financial transactions performed by or through in order to detect entities/persons subject to OFAC laws and regulations (see also BSA) | Various OFAC laws and regulations |
| 49. | Overdraft Policy | Develop written policy that sets a cap on th total dollar amount of all overdrafts the CU will honor, establish any applicable fees, establish time limit for repayment, etc. | 12 CFR 701.21 (c)(3) |
| 50. | Preservation of Consumer Claims and Defense Policy (Holder in Due Course) | Board must adopt policy for implementing the Preservation of Consumers’ Claims and Defenses Rule | FTC Holder in Due Course Rule – 16 CFR pt. 433.2 |
| 51. | Privacy Policy | Adopt policy re: non-disclosure of nonpublic information, to determine whether nonpublic information will be shared and proper delivery of disclosures | 12 CFR pt. 1016 |
| 52. | Purchase, Sale, and Pledge of Eligible Obligations Policy | Written Policies that address the credit union’s purchase, sale, or pledge of all or part of a loan of its members should address incentive or bonus payments to employees if using this practice | 12 CFR 701.23 |
| 53. | Real Estate Settlement Procedures Act policy | Adopt policy for implementing RESPA and Reg. X. This includes explaining coverage of regulation, exemption, and disclosure requirements | 24 CFR pt. 3500; Reg. X |
| 54. | Records Preservation Program and Record Retention Policy | Adopt vital records preservation program and document retention policy | 12 CFR pt. 749 |
| 55. | Reimbursement for Providing Financial Records Policy | Adopt policy for implementing Reg. S for collecting expenses associated with assembling and copying subpoenaed members’ records | Reg. S |
| 56. | Reserves on Transaction Accounts | Adopt policy for implementing Regulation D | Reg. D |
| 57. | Risk-Based Lending Policies | Policies that define parameters of risks assumed and internal controls; manage risks; implement information systems or monitoring information | See NCUA Letter to Credit Unions, Letter No. 99-CU-05 |
| 58. | Secure and Fair Enforcement for Mortgage Licensing Act (SAFE Act) Compliance Policies | Establish written policies providing basic framework for compliance with SAFE Act (if employing one or more mortgage loan originators). Policies appropriate for the size/complexity/scope of mortgage lending activities | Reg. G; 12 CFR pt. 1007 and Appendix A; NCUA Letter to Credit Unions, Letter No. 10-CU-13 |
| 59. | Service-members’ Civil Relief Act Policy | Adopt policy for implementing SCRA | See Compliance Manual; 50 U.S.C. App. 526 |
| 60. | Truth in Lending Act | Adopt policy for implementing Truth in Lending Act | Reg. Z |
| 61. | Truth in Lending (Regulation Z) Annual Threshold Adjustments (CARD ACT, HOEPA and ATR/QM) | This is a recent technical change in the formula, as the regulation states the amendments in this final rule are technical and nondiscretionary, and they merely apply the method previously established in Regulation Z for determining adjustments to the thresholds | 12 CFR 1026 as amended by 29 FR 48015 |
| 62. | Truth in Lending Act (Regulation Z) Adjustment to Asset-Size Exemption Threshold | This also appears to be a technical change in the formula | 12 CFR 1026 as amended by 81 FR 93581 |
| 63. | Truth in Savings Act Compliance Policy | Adopt a policy for implementing Truth in Savings Act, this includes adopting proocedures related to activities like: account opening disclosure, dividend calculations, subsequent disclosures, member inquiries, training, record retention, advertising, monitoring | 12 CFR pt. 707 |
| 64. | Unfair or Deceptive Acts or Practices | The Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) repealed NCUA’s rulemaking authority under the Federal Trade Commission Act (FTC Act). As a result, the NCUA Board (Board) is now repealing NCUA’s regulations governing unfair or deceptive acts or practices. Additionally, the Board is amending NCUA’s payday alternative loans regulation to replace all references to short-term, small amount loans | 12 CFR 701, 12 CFR 706, and 12 CFR 790 as amended by 79 CFR 10/03/2014 |
| 65. | Unlawful Internet Gambling Enforcement Act (UIGEA) Policy | Establish policies and procedures that are reasonably designed to identify and block or otherwise prevent restricted transactions | Unlawful Internet Gambling Enforccement Act of 2006 |
| 66. | Volunteer Reimbursement Policy | Board members and other volunteers must abide by approved Board reimbursement policies | 12 CFR 701.33 |
| 67. | Website Policy | Written policies or procedures to address implementation and ongoing management of website | NCUA Letter to Credit Unions, 02-CU-17; NCUA e-Commerce Guide for Credit Unions |
The contents of this publication are intended for general information only and should not be construed as legal advice or a legal opinion on specific facts and circumstances. Copyright 2019.