Credit Union Legal Update – NCUA’s List of Required Policies for Board of Directors of Credit Unions

By , Credit Union

Dozens of new regulations, or amendments to regulations, require new credit union policies. Yet regulators often fail to specify if board action is required regarding a credit union policy. Several years ago, we published an analysis of which policies require action and due to popular demand, Kaufman & Canoles has updated it and brings the new analysis to its readers.

 Required PolicyExecutive SummaryRegulation/Reference
1.Ability-to-Repay and Qualified Mortgage Standards Under the Truth in Lending ActThis regulation does not state or imply that a policy must be implemented by a Board of Directors12 CFR 1026 as amended by 78 FR 35429
2.Application of Regulation Zs Ability-to-Repay Rule to Certain Situations Involving Successors-in-InterestThis short rule lacks commentary and merely articulates the Bureaus interpretation of Regulation Z, and the Truth-in-Lending Act. It does not detail requirements for implementing the policy12 CFR 1026 as amended by 79 FR 41631
3.Bank Bribery LawAdopt internal codes of conduct or written policies to include explanation of general prohibitions of bank bribery law, alert credit union officials about bank bribery statute, as well as establish and enforce written policies on acceptable business practicesInterpretative Ruling and Policy Statement 87-1

Bank Secrecy Act Compliance Policy

  • Customer Identification Program (CIP) Policy that is required by 326 of the Patriot Act
  • Anti-Money Laundering Program
CU must establish and maintain written compliance program for the BSA. CIP Policy prevents money laundering and terrorist financing scheme12 CFR 748.2(b); pt. 751.214 for state-chartered credit unions
5.Chartering and Field of Membership ManualThe Chartering and Field of Membership Manual must be implemented by a Board. Associational common bond provisions expanded12 CFR 701 as amended by 81 FR 88412
6.Childrens Online Privacy Protection ACT (COPPA) Compliance PolicyAdopt a policy for implementing COPPA that includes providing a privacy notice on website and a notice to parents16 C.F.R. pt. 312.4
7.Compliance Policy/ProgramEach CU should have a compliance officer that is responsible for general compliance. Additionally, officers in different divisions should be responsible for compliance in their divisionsSee Compliance Manual at 8
8.Consumer Leasing Act Policy (Regulation M)This recent amendment lacks commentary and relates to a change that is technical and applies the calculation method set forth elsewhere12 CFR 1013 and 12 CFR 213 as amended by 81 FR 86256
9.Contingency Funding PlanSets out strategies for addressing liquidity shortfalls in emergency situations12 CFR 741.12; NCUA Supervisory Letter No. 14-03
10.Credit by Banks and Persons Other than Brokers or Dealers for the Purpose of Purchasing or Carrying Margin StockAdopt comprehensive procedures for implementing Reg. U (if applicable)Reg. U
11.Credit Practices PolicyAdopt policy re: credit practices12 CFR pt. 706
12.Credit Union Service OrganizationsThe Board of Directors must perform the necessary due diligence to ensure each CUSO complies with all regulations. The final rule requires a FICU to obtain a written agreement from a Credit Union before investing in or lending to the CUSO. This written agreement must provide that the CUSO will annually submit, pursuant to NCUA guidance, a report containing general registration information directly to NCUA and the appropriate SSA12 CFR 712 and 12 CFR 741 as amended by 78 FR 72537
13.Definition of the Term Fiduciary; Conflict of Interest Rule- Retirement Investment AdviceUnder Footnote 4, it relays some of the commentary regarding the implementation procedures, stating the procedures for implementation include drafting and implementing training for staff, drafting client correspondence and explanations of revised product and service offerings, negotiating changes to agreements with product manufacturers to facilitate compliance, and changing employee and agent compensation structures, among other things. There is no reference to implementation via a Board of Directors29 CFR 2509, 29 CFR 2510, and 29 CFR 2550 as amended by 82 FR 16902
14.Denial of ServicesAdopt a policy to limit or restrict member servicesNCUA Office of General Counsel
15.Derivatives PolicyA federal credit union with derivatives authority must operate according to a comprehensive written policy12 CFR pt. 703, Subpart B, 12 CFR 703.106
16.Disaster Recovery and Business Resumption Contingency PlanDevelop contingency plan in preparation of disaster or other event to ensure uninterrupted service to membersNCUA Letter 01-CU-21; NCUA Letter 08-CU-07 FFIEC Updated Business Continuity Planning Examination Handbook; NCUA Letter 08-CU-01; Risk Alert 06-Risk-01; 12 CFR pt. 748; 12 CFR pt. 749
17.Disclosure and Delivery Requirements for Copies of Appraisals and Other written Valuations Under the Equal Credit Opportunity Act (Regulation B)This regulation does not state or imply that it must be implemented by a Board of Directors12 CFR 1002 as amended by 78 FR 7215
18.Dividend Nondiscriminatory PolicyTo establish dividend periods, dividend credit determination dates, distribution dates, any associated penalties, and the method of dividend computationAppendix C to 12 CFR Part 707
19.Electronic Fund Transfer Act Policy (EFT)Adopt policy implementing Reg. EReg. E
20.Employee Incentive or Bonus PolicyAdopt policy for incentives to an employee in connection with loans made by all except senior management12 CFR 701.21(c)(8)(iii)(c)
21.Equal Credit Opportunity Act PolicyEnsure compliance with ECOA and adopt non-discrimination policy for credit transactionsReg. B; 12 CFR pt. 1002
22.E-Sign Act PolicyAdopt policy and procedures regarding use of electronic recordsNCUA Compliance Manual; E-Sign Act 101(C)(1)
23.Expedited Funds Availability Act Policy

Adopt policies to comply with Regulation CC and all related regulatory requirements. This includes adopting:

  • Funds Availability Policy
  • Notices of Changes in Availability Policy
Reg. CC
24.Fair Credit Reporting Act PolicyEnsure procedures are in place for implementing and complying with FCRAFCRA
25.Fair Debt Collection Practices Act PolicyEnsure procedures are in place for implementing and complying with FDCPAFDCPA
26.Fair Housing Act PolicyBoard must ensure that policy for implementing FHA does not tolerate illicit discrimination in any transaction relating to residential real-estateFHA; 24 CFR pt. 100
27.Federal Credit Union Ownership of Fixed AssetsThe rule requires supervisory guidance and states that such guidance will reflect current supervisory expectations that require an FCU to demonstrate appropriate due diligence, ongoing Board and management oversight, and prudent financial analysis to ensure the FCU can afford any impact on earnings and net worth levels caused by its purchase of fixed assets. Additionally, under Footnote 16 it states, the credit unions Board needs to approve plans for any investment in fixed assets that will materially affect the credit unions earning and that credit union management should only purchase fixed assets in compliance with policy approved by the credit unions Board12 CFR 701 as amended by 80 FR 45844
28.Fiduciary Duties PolicyAdopt policy that specifies the fiduciary duties of the Board of Directors12 CFR 701.4
29.Financial Education Program for the Board of DirectorsImplement a policy that makes training available for enhancing the financial knowledge of the directorsNCUA Letter to Federal Credit Unions 11-FCU-02 12; 12 CFR 701.4
30.Flood Disaster Protection Act Policy or National Flood Insurance Act Compliance PolicyAdopt policy for implementing National Flood Insurance ActFDPA; 12 CFR pt. 760
31.Foreclosure and Repossession PolicyAdopt policy to address mortgage foreclosure concernsNCUA Accounting Manual for FCUs; See NCUA Letter to Credit Unions 11-CU-01; NCUA Letter 08-CU-25
32.High-Cost Mortgage and Homeownership Counseling Amendments to the Truth in Lending Act (Regulation Z) and Homeownership Counseling Amendments to the Real Estate Settlement Procedures Act (Regulation X)This regulation does not state or imply that it must be implemented by a Board of Directors12 CFR 1024 and 12 CFR 1026 as amended by 78 FR 6855
33.Home Mortgage Disclosure (Regulation C) Adjustment to Asset-Size Exemption ThresholdThe amendment to this final rule is technical and non-discretionary, and it merely applies the formula established by Regulation C for determining any adjustments to the exemption threshold12 CFR 1003 as amended by 80 FR 79673
34.Home Mortgage Disclosure Act PolicyAdopt policy for implementing HMDA when collecting and maintaining accurate of covered loans/applicationsReg. C
35.Homeowner’s Protection Act (HOPA)Adopt HOPA compliance policies because NCUA may enforce HOPAHOPA
36.Indirect Lending PoliciesAdopt comprehensive policies re: indirect lending, including underwriting and monitoring, and clear policies for selecting third party vendorsNCUA Letter to Credit Unions, Letter No. 10-CU-15
37.Information Security ProgramEach CU must institute a written security program to protect CU from robberies, etc., prevent destruction of vital records, layered security, member account authentication, multifactor identification of members, and risk assessment process12 CFR pt. 748; 12 CFR pt. 749; NCUA Letter to Credit Unions, 11-CU-09, 05-CU-18, 06-CU-13; FFIEC Supplement to Authentication in an Internet Banking Enviroment
38.Interest Rate Risk PolicyAdopt policies as part of the asset liability management of the credit union12 CFR pt. 741
39.Investment and Deposit Activities-Bank NotesThe NCUA Board (Board) is finalizing a rule that amends the maturity requirement for bank notes to be permissible investments for federal credit unions (FCUs) by removing the word original from the current requirement that bank notes have “original weighted average maturities of less than 5 years”12 CFR 703 as amended by 81 FR 17601
40.Investment PolicyAdopt policies re: liquidity, investment objectives, cash deposits, etc. Review annually (can be part of a broader ALM policy)12 CFR 703.3; Supervisory Letter No. 14-03
41.Liquidity and Contingency Funding PolicyThe final rule requires FICUS with less than $50 million in assets to maintain a basic written policy that provides a credit union board-approved framework for managing liquidity and a list of contingent liquidity sources that can be employed under adverse circumstances. Additionally, the policy establishes a reporting requirement to keep the Board apprised of the institution’s liquidity position12 CFR Part 741.12
42.Loans Participation PolicyAdopt policies re: member loan participation policies and procedures12 CFR 701.22 (b) and (c)
43.Loan Workout PolicyDevelop written policy and standards that control the use of loan workoutsAppendix C to 12 CFR pt. 741
44.Loans and Lines of Credit Policies/Loan Incentive PracticesWritten policies for loans and lines of credit consistent with the relevant provisions applicable laws and regulations; to contain real estate leanding policies related to appraisal and evaluation programInteragency Appraisal & Evaluation Guidelines; 12 CFR 701.21 (c)(2); 12 CFR 741.3; 12 CFR 701.21 (c)(8)
45.Management Officials Interlocks Act Compliance PolicyAdopt compliance policy for Interlocks Act12 U.S.C. 1823(k), 3207; 12 CFR pt. 711.4-.6
46.Member Business Loan Policy; Commercial LendingEstablish guidelines and overall lending strategy to integrate with overall asset liability management.
There are numerous procedures required of a Board of Directors. First, a credit union’s Board of Directors is ultimately responsible for the credit union’s commercial loan risk, and… the Board must establish adequate controls and provide sound governance for the credit union’s commercial lending program.
A credit union’s Board of Directors can delegate the responsibility to a committee. However, the Board of Directors is ultimately accountable for the safety and soundness of the credit union’s commercial lending activities.
12 CFR pt. 723, NCUA Letter to Credit Unions 10-CU-02; 12 CFR 701, and 12 CFR 741 as amended by 81 FR 13529
47.Military Lending Act – Limitations on Terms of Consumer Credit Extended to Service Members and DependentsThere is no discussion regarding board-approved procedures or Board requirements32 CFR 232 as amended by 80 FR 43559
48.Office of Foreign Asset Control (OFAC) Policy and ProcedureCredit Unions must monitor all financial transactions performed by or through in order to detect entities/persons subject to OFAC laws and regulations (see also BSA)Various OFAC laws and regulations
49.Overdraft PolicyDevelop written policy that sets a cap on th total dollar amount of all overdrafts the CU will honor, establish any applicable fees, establish time limit for repayment, etc.12 CFR 701.21 (c)(3)
50.Preservation of Consumer Claims and Defense Policy (Holder in Due Course)Board must adopt policy for implementing the Preservation of Consumers’ Claims and Defenses RuleFTC Holder in Due Course Rule – 16 CFR pt. 433.2
51.Privacy PolicyAdopt policy re: non-disclosure of nonpublic information, to determine whether nonpublic information will be shared and proper delivery of disclosures12 CFR pt. 1016
52.Purchase, Sale, and Pledge of Eligible Obligations PolicyWritten Policies that address the credit union’s purchase, sale, or pledge of all or part of a loan of its members should address incentive or bonus payments to employees if using this practice12 CFR 701.23
53.Real Estate Settlement Procedures Act policyAdopt policy for implementing RESPA and Reg. X. This includes explaining coverage of regulation, exemption, and disclosure requirements24 CFR pt. 3500; Reg. X
54.Records Preservation Program and Record Retention PolicyAdopt vital records preservation program and document retention policy12 CFR pt. 749
55.Reimbursement for Providing Financial Records PolicyAdopt policy for implementing Reg. S for collecting expenses associated with assembling and copying subpoenaed members’ recordsReg. S
56.Reserves on Transaction AccountsAdopt policy for implementing Regulation DReg. D
57.Risk-Based Lending PoliciesPolicies that define parameters of risks assumed and internal controls; manage risks; implement information systems or monitoring informationSee NCUA Letter to Credit Unions, Letter No. 99-CU-05
58.Secure and Fair Enforcement for Mortgage Licensing Act (SAFE Act) Compliance PoliciesEstablish written policies providing basic framework for compliance with SAFE Act (if employing one or more mortgage loan originators). Policies appropriate for the size/complexity/scope of mortgage lending activitiesReg. G; 12 CFR pt. 1007 and Appendix A; NCUA Letter to Credit Unions, Letter No. 10-CU-13
59.Service-members’ Civil Relief Act PolicyAdopt policy for implementing SCRASee Compliance Manual; 50 U.S.C. App. 526
60.Truth in Lending ActAdopt policy for implementing Truth in Lending ActReg. Z
61.Truth in Lending (Regulation Z) Annual Threshold Adjustments (CARD ACT, HOEPA and ATR/QM)This is a recent technical change in the formula, as the regulation states the amendments in this final rule are technical and nondiscretionary, and they merely apply the method previously established in Regulation Z for determining adjustments to the thresholds12 CFR 1026 as amended by 29 FR 48015
62.Truth in Lending Act (Regulation Z) Adjustment to Asset-Size Exemption ThresholdThis also appears to be a technical change in the formula12 CFR 1026 as amended by 81 FR 93581
63.Truth in Savings Act Compliance PolicyAdopt a policy for implementing Truth in Savings Act, this includes adopting proocedures related to activities like: account opening disclosure, dividend calculations, subsequent disclosures, member inquiries, training, record retention, advertising, monitoring12 CFR pt. 707
64.Unfair or Deceptive Acts or PracticesThe Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) repealed NCUA’s rulemaking authority under the Federal Trade Commission Act (FTC Act). As a result, the NCUA Board (Board) is now repealing NCUA’s regulations governing unfair or deceptive acts or practices. Additionally, the Board is amending NCUA’s payday alternative loans regulation to replace all references to short-term, small amount loans12 CFR 701, 12 CFR 706, and 12 CFR 790 as amended by 79 CFR 10/03/2014
65.Unlawful Internet Gambling Enforcement Act (UIGEA) PolicyEstablish policies and procedures that are reasonably designed to identify and block or otherwise prevent restricted transactionsUnlawful Internet Gambling Enforccement Act of 2006
66.Volunteer Reimbursement PolicyBoard members and other volunteers must abide by approved Board reimbursement policies12 CFR 701.33
67.Website PolicyWritten policies or procedures to address implementation and ongoing management of websiteNCUA Letter to Credit Unions, 02-CU-17; NCUA e-Commerce Guide for Credit Unions


The contents of this publication are intended for general information only and should not be construed as legal advice or a legal opinion on specific facts and circumstances. Copyright 2020.