36 Under 12 CFR Part 748, appendix A, a credit union's member information systems consists of all of the methods used to access, collect, store, use, transmit, protect, or dispose of member information, including the systems maintained by its service providers. 0000011229 00000 n
The in-page Table of Contents is available only when multiple sections are being viewed. 0000007357 00000 n
Access restrictions at physical locations containing member information, such as buildings, computer facilities, and records storage facilities to permit access only to authorized individuals; c. Encryption of electronic member information, including while in transit or in storage on networks or systems to which unauthorized individuals may have access; d. Procedures designed to ensure that member information system modifications are consistent with the credit union's information security program; e. Dual controls procedures, segregation of duties, and employee background checks for employees with responsibilities for or access to member information; f. Monitoring systems and procedures to detect actual and attempted attacks on or intrusions into member information systems; g. Response programs that specify actions to be taken when the credit union suspects or detects that unauthorized individuals have gained access to member information systems, including appropriate reports to regulatory and law enforcement agencies; and. See 12 CFR Part 748, appendix A, Paragraph I.C.2.d. 0000004497 00000 n
It also should generally describe what the credit union has done to protect the members' information from further unauthorized access. c. Consistent with the NCUA's Suspicious Activity Report (SAR) regulations,[39] notifying appropriate law enforcement authorities, in addition to filing a timely SAR in situations involving Federal criminal violations requiring immediate attention, such as when a reportable violation is ongoing; d. Taking appropriate steps to contain and control the incident to prevent further unauthorized access to or use of member information, for example, by monitoring, freezing, or closing affected accounts, while preserving records and other evidence;[40] and. 0000011913 00000 n
In situations involving violations requiring immediate attention, such as ongoing money laundering schemes, a credit union must immediately notify, by telephone, an appropriate law enforcement authority and its supervisory authority, in addition to filing a SAR. II. 33. (Approved by the Office of Management and Budget under control number 3133-0094), [52 FR 2861, Jan. 27, 1987, as amended at 52 FR 8062, Mar. B. Definitions. Further, the NCUA notes that, in addition to contractual obligations to a credit union, a service provider may be required to implement its own comprehensive information security program in accordance with the Safeguards Rule promulgated by the Federal Trade Commission (FTC), 12 CFR Part 314. i. ii. 0000008345 00000 n
33See appendix A, Paragraph III.B. Accordingly, the NCUA amended Part 748 of its rules to require credit unions to develop appropriate security programs, and issued appendix A, reflecting its expectation that every federally insured credit union would develop an information security program designed to: 1. This content is from the eCFR and is authoritative but unofficial. 3. Guidelines for Safeguarding Member Information, III. 0000004328 00000 n
32See appendix A, Paragraph III.C. Further, the NCUA notes that, in addition to contractual obligations to a credit union, a service provider may be required to implement its own comprehensive information security program in accordance with the Safeguards Rule promulgated by the Federal Trade Commission (FTC), 12 CFR Part 314. 40See FFIEC Information Technology Examination Handbook, Information Security Booklet, (December 2002), pp. The report should discuss material matters related to its program, addressing issues such as: risk assessment; risk management and control decisions; service provider arrangements; results of testing; security breaches or violations and management's responses; and recommendations for changes in the information security program. [32], Appendix A advises every credit union to require its service providers by contract to implement appropriate measures designed to protect against unauthorized access to or use of member information that could result in substantial harm or inconvenience to any member.[33]. Identify reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of member information or member information systems; 2. Appendix A directs every credit union to assess the following risks, among others, when developing its information security program: a. In addition, each credit union should be able to address incidents of unauthorized access to member information in member information systems maintained by its domestic and foreign service providers. 34 The FTC estimates that nearly 10 million Americans discovered they were victims of some form of identity theft in 2002. 36 A response program should be a key part of a credit union's information security program. 0000011595 00000 n
0000009360 00000 n
learn more about the process here. 748.0 (b) (2). 0000006428 00000 n
2. As credit unions grow larger and more complex, the regulatory framework must keep pace to maintain the strength and stability of the entire credit union system. For purposes of this Guidance, sensitive member information means a member's name, address, or telephone number, in conjunction with the member's social security number, driver's license number, account number, credit or debit card number, or a personal identification number or password that would permit access to the member's account. Following the assessment of these risks, appendix A directs a credit union to design a program to address the identified risks. 2. Each federally insured credit union is subject to the requirements of 31 U.S.C. ii. 12 U.S.C. and III.D. i. Substantial harm or inconvenience is most likely to result from improper access to sensitive member information because this type of information is most likely to be misused, as in the commission of identity theft. Enhanced content is provided to the user to provide additional context. See 12 CFR Part 748, appendix A, Paragraph I.C.2.d. In no case may a credit union take more than 60 days from the date it initially detects a reportable transaction to file a SAR. 41 The notice also should remind members of the need to remain vigilant over the next twelve to twenty-four months, and to promptly report incidents of suspected identity theft to the credit union. 748, App. At a minimum, the credit union should consider the specific security measures enumerated in appendix A,[31] and adopt those that are appropriate for the credit union, including: a. (c) Suspicious Activity Report. Rules and Regulations. Substantial harm or inconvenience is most likely to result from improper access to sensitive member information because this type of information is most likely to be misused, as in the commission of identity theft. Enhanced content is provided to the user to provide additional context. Notifying members of a security incident involving the unauthorized access or use of the member's information in accordance with the standard set forth below is a key part of that duty. 37See FFIEC Information Technology Examination Handbook, Information Security Booklet, (December, 2002), available at http://www.ffiec.gov/ffiecinfobase/html_pages/it_01.htm1#infosec, for additional guidance on preventing, detecting, and responding to intrusions into financial institution computer systems. A separate drafting site 0000011099 00000 n
1. Transaction for purposes of this paragraph means a deposit, withdrawal, transfer between accounts, exchange of currency, loan, extension of credit, purchase or sale of any stock, bond, share certificate, or other monetary instrument or investment security, or any other payment, transfer, or delivery by, through, or to a financial institution, by whatever means effected. "The Board is also issuing an . For example, the term member information is the same term used in appendix A, and means any record containing nonpublic personal information about a member, whether in paper, electronic, or other form, maintained by or on behalf of the credit union. If a credit union, based upon its investigation, can determine from its logs or other data precisely which members' information has been improperly accessed, it may limit notification to those members with regard to whom the credit union determines that misuse of their information has occurred or is reasonably possible. B. Definitions. [36] A response program should be a key part of a credit union's information security program. 40 and. 0000013951 00000 n
A federally insured, state-chartered credit union should also have procedures to notifiy their state supervisory authority as well. In general. This web site is designed for the current versions of Design its information security program to control the identified risks, commensurate with the sensitivity of the information as well as the complexity and scope of the credit union's activities. Training and documentation of training to ensure all employees and volunteer officials are aware of procedures to follow in the event of destruction of vital records or loss of vital member services; and. Within a reasonable time after a catastrophic act occurs, the credit union shall ensure that a record of the incident is prepared and filed at its main office. 1786(g). A. 0000018021 00000 n
0000012117 00000 n
If a credit union, based upon its investigation, can determine from its logs or other data precisely which members' information has been improperly accessed, it may limit notification to those members with regard to whom the credit union determines that misuse of their information has occurred or is reasonably possible. Please do not provide confidential 30. VII (1-1-10 Edition) 30 See 12 CFR Part 748, appendix A, Para- graph III.B. subchapter II of chapter 53 of title 31, United States Code, Appendix A to Part 748 - Guidelines for Safeguarding Member Information, Appendix B to Part 748 - Guidance on Response Programs for Unauthorized Access to Member Information and Member Notice, http://www.ftc.gov/os/2003/09synovatereport.pdf, http://www.ffiec.gov/ffiecinfobase/html_pages/it_01.htm1#infosec, http://www.ffiec.gov/ffiecinfobase/html_pages/it_01.htm1#outscouring. b. 0000007591 00000 n
0000004435 00000 n
National Credit Union Administration Pt. 35 Credit unions should also conduct background checks of employees to ensure that the credit union does not violate 12 U.S.C. Supporting documentation is considered a part of the filed report even though it should not be actually filed with the submitted report. 0000004159 00000 n
Assess the likelihood and potential damage of these threats, taking into consideration the sensitivity of member information; and. Therefore, consistent with the obligations in this Guidance that relate to these arrangements, and with existing guidance on this topic issued by the NCUA, [35] However, every credit union should also develop and implement a risk-based response program to address incidents of unauthorized access to member information in member information systems that occur nonetheless. When a credit union becomes aware of an incident of unauthorized access to sensitive member information, the credit union should conduct a reasonable investigation to promptly determine the likelihood that the information has been or will be misused. 1785(d), which prohibits a credit union from hiring an individual convicted of certain criminal offenses or who is subject to a prohibition order under 12 U.S.C. vii. The eCFR is displayed with paragraphs split and indented to follow contact the publishing agency. 38 a credit union's contract with its service provider should require the service provider to take appropriate actions to address incidents of unauthorized access to or use of the credit union's member information, including notification of the credit union as soon as possible of any such incident, to enable the institution to expeditiously implement its response program. See The Federal Trade Commission, Identity Theft Survey Report, (September 2003), available at http://www.ftc.gov/os/2003/09synovatereport.pdf. 0000010333 00000 n
Appendix B to Part 748 of NCUA's Rules and Regulations also states that a credit union's response program should contain procedures for notifying the appropriate NCUA regional director. If you have comments or suggestions on how to improve the www.ecfr.gov website or have questions about using www.ecfr.gov, please choose the 'Website Feedback' button below. Under Part 748.0, a credit union must protect against unauthorized access to or use of member information that could result in substantial harm or inconvenience to any member. A credit union must file a report if it knows, suspects, or has reason to suspect that any crime or any suspicious transaction related to money laundering activity or a violation of the Bank Secrecy Act has occurred. A separate drafting site 2. These Guidelines also address standards with respect to the proper disposal of consumer information pursuant to sections 621(b) and 628 of the Fair Credit Reporting Act (15 U.S.C. Subscribe to: Changes in Title 12 :: Chapter VII :: Subchapter A :: Part 748. In addition, it should include a telephone number that members can call for further information and assistance. Protect against any anticipated threats or hazards to the security or integrity of such information; and. [40]See FFIEC Information Technology Examination Handbook, Information Security Booklet, (December 2002), pp. 0000003532 00000 n
If it is determined before filing this report that the identified suspect or group of suspects has used an alias, then information regarding the true identity of the suspect or group of suspects, as well as alias identifiers, such as drivers' licenses or social security numbers, addresses and telephone numbers, must be reported; (iii) Transactions aggregating $25,000 or more regardless of potential suspects. B. Assess Risk. This content is from the eCFR and may include recent changes applied to the CFR. 0000013028 00000 n
04-CU-03, Suspicious Activity Reports, March 2004; NCUA Regulatory Alert No. 2. B. 0000008700 00000 n
For purposes of the Guidelines, the following definitions apply: a. [37] The program should be appropriate to the size and complexity of the credit union and the nature and scope of its activities. Standards for Safeguarding Member Information. information or personal data. Access controls on member information systems, including controls to authenticate and permit access only to authorized individuals and controls to prevent employees from providing member information to unauthorized individuals who may seek to obtain this information through fraudulent means; b. Where indicated by the credit union's risk assessment, monitor its service providers to confirm that they have satisfied their obligations as required by paragraph D.2. 1. [35] Credit unions should also conduct background checks of employees to ensure that the credit union does not violate 12 U.S.C. c. Member means any member of the credit union as defined in 12 CFR 1016.3(n). Learn more about the eCFR, its status, and the editorial process. (6) Safe Harbor. 6801 and 6805(b), of the Gramm-Leach-Bliley Act. View the most recent official publication: These links go to the official, published CFR, which is updated annually. 0000006281 00000 n
0000009217 00000 n
Therefore, credit unions should take preventative measures to safeguard member information against such attempts to gain unauthorized access to the information. We recommend you directly contact the agency responsible for the content in question. [34] The FTC estimates that nearly 10 million Americans discovered they were victims of some form of identity theft in 2002. 0000012595 00000 n
The Office of the Federal Register publishes documents on behalf of Federal agencies but does not have any authority over their programs. 2. [66 FR 8161, Jan. 30, 2001, as amended at 69 FR 69274, Nov. 29, 2004; 77 FR 71085, Nov. 29, 2012; 78 FR 32545, May 31, 2013; 84 FR 1609, Feb. 5, 2019]. The notice should encourage the member to report any incidents of identity theft to the FTC, and should provide the FTC's Web site address and toll-free telephone number that members may use to obtain the identity theft guidance and report suspected incidents of identity theft.[42]. 5318(l) and the implementing regulation jointly promulgated by the NCUA and Department of the Treasury at 31 CFR 1020.220, which require a customer identification program to be implemented as part of the BSA compliance program required under this section. This web site is designed for the current versions of Member notice should be given in a clear and conspicuous manner. "Published Edition". e. Member information system means any method used to access, collect, store, use, transmit, protect, or dispose of member information. Title 12 was last amended 12/01/2022. Development and Implementation of Member Information Security Program. 2. The Code of Federal Regulations (CFR) is the official legal print publication containing the codification of the general and permanent rules published in the Federal Register by the departments and agencies of the Federal Government. Each credit union should: 1. 1. 0000004622 00000 n
In our rulemaking, the NCUA responds to these changes and addresses emerging risk. f. Service provider means any person or entity that maintains, processes, or otherwise is permitted access to member information through its provision of services directly to the credit union. 0000006723 00000 n
Failure to file a SAR as required by the form's instructions and 31 CFR 1020.320 may subject the credit union, its officials, employees, and agents to the assessment of civil money penalties or other administrative actions. [33]See appendix A, Paragraph III.B. Reg. 0000004899 00000 n
29 interprets section 501(b) of the Gramm-Leach-Bliley Act (GLBA) and describes response programs, including member notification procedures, that a federally insured credit union should develop and implement to address unauthorized access to or use of member information that could result in substantial harm or inconvenience to a member. [41] The notice also should remind members of the need to remain vigilant over the next twelve to twenty-four months, and to promptly report incidents of suspected identity theft to the credit union. 0000006885 00000 n
Background . If you would like to comment on the current content, please use the 'Content Feedback' button below for instructions on contacting the issuing agency. ii. Objectives. However, the credit union should notify its members as soon as notification will no longer interfere with the investigation. Each credit union should monitor, evaluate, and adjust, as appropriate, the information security program in light of any relevant changes in technology, the sensitivity of its member information, internal or external threats to information, and the credit union's own changing business arrangements, such as mergers and acquisitions, alliances and joint ventures, outsourcing arrangements, and changes to member information systems. 2. Effective notice also may reduce a credit union's legal risk, assist in maintaining good member relations, and enable the credit union's members to take steps to protect themselves against the consequences of identity theft. result, it may not include the most recent changes applied to the CFR. NCUA RULES AND REGULATIONS Appendix A ''the credit union.'' These Guidelines also apply to the proper disposal of consumer information by such entities. 4. This contact form is only for website help or website suggestions. The preamble also discusses the Appendix to Part 748. See 12 CFR Part 748.1(c); NCUA Letter to Credit Unions No. %PDF-1.3
%
i. If you have questions for the Agency that issued the current document please contact the agency directly. 8152, 8152 (Jan. 30, 2001); 12 C.F.R. Learn more about the eCFR, its status, and the editorial process. If a credit union files a SAR and the suspect is a director or member of a committee designated by the board of directors to receive notice of SAR filings, the credit union may not notify the suspect, pursuant to 31 U.S.C. (3) Retention of Records. contact the publishing agency. [39] A credit union's obligation to file a SAR is set out in the NCUA's SAR regulations and guidance. 0000004266 00000 n
6801-6809; 31 U.S.C. [30]See 12 CFR Part 748, appendix A, Paragraph III.B. (b) The security program will be designed to: (1) Protect each credit union office from robberies, burglaries, larcenies, and embezzlement; (2) Ensure the security and confidentiality of member records, protect against the anticipated threats or hazards to the security or integrity of such records, and protect against unauthorized access to or use of such records that could result in substantial harm or serious inconvenience to a member; (3) Respond to incidents of unauthorized access to or use of member information that could result in substantial harm or serious inconvenience to a member; (4) Assist in the identification of persons who commit or attempt such actions and crimes, and. 0000002979 00000 n
TITLE 12: Banks and Banking . 2. The notice should include the following additional items, when appropriate: a. The official, published CFR, is updated annually and available below under [70 FR 22778, May 2, 2005, as amended at 85 FR 62214, Oct. 2, 2020]. Involve the Board of Directors. 04-CU-03, Suspicious Activity Reports, March 2004; NCUA Regulatory Alert No. 0000005461 00000 n
Scope. https://www.ecfr.gov/current/title-12/chapter-VII/subchapter-A/part-748, Security Program, Report of Suspected Crimes, Suspicious Transactions, Catastrophic Acts and Bank Secrecy Act Compliance. Supporting documentation must be identified and maintained by the credit union as such. Each federally insured credit union shall develop and provide for the continued administration of a program reasonably designed to assure and monitor compliance with the recordkeeping and recording requirements in subchapter II of chapter 53 of title 31, United States Code and implementing regulations issued by the Department of Treasury at 31 CFR chapter X. 0000011851 00000 n
Access controls on member information systems, including controls to authenticate and permit access only to authorized individuals and controls to prevent employees from providing member information to unauthorized individuals who may seek to obtain this information through fraudulent means; b. 3. ii. For example, the credit union may choose to contact all members affected by telephone or by mail, or by electronic mail for those members for whom it has a valid e-mail address and who have agreed to receive communications electronically. The notice should include the following additional items, when appropriate: 41 The credit union should, therefore, ensure that it has reasonable policies and procedures in place, including trained personnel, to respond appropriately to member inquiries and requests for assistance. Therefore, credit unions should take preventative measures to safeguard member information against such attempts to gain unauthorized access to the information. Exercise appropriate due diligence in selecting its service providers; 2. the NCUA amended Part 748 of its rules to require credit unions to develop appropriate . 5311 and 5318. At a minimum, the credit union should consider the specific security measures enumerated in appendix A, i. As part of this monitoring, a credit union should review audits, summaries of test results, or other equivalent evaluations of its service providers. 0000005590 00000 n
This document is available in the following developer friendly formats: Information and documentation can be found in our the reference in section 748.0(b)(4) from "the Accounting Manual for Federal Credit Unions", to "12 CFR part 749." NCUA is currently revising Part 749 regarding a credit union's preservation of vital records. The credit union may also refer members to any materials developed pursuant to section 15(1)(b) of the FACT Act (educational materials developed by the FTC to teach the public how to prevent identity theft). 3. The Guidelines for Safeguarding Member Information (Guidelines) set forth standards pursuant to sections 501 and 505(b), codified at 15 U.S.C. [32], Appendix A advises every credit union to require its service providers by contract to implement appropriate measures designed to protect against unauthorized access to or use of member information that could result in substantial harm or inconvenience to any member.[33]. We recommend you directly contact the agency responsible for the content in question. Reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of member information or member information systems; b. NCUA 12 CFR Part 748 Risk Assessment - Assess your current level of compliance with NCUA 12 CFR Part 748, identify gaps in controls, and identify key work areas that your organization must address to achieve and/or maintain compliance with the standard. Notifying members of a security incident involving the unauthorized access or use of the member's information in accordance with the standard set forth below is a key part of that duty. However, there may be situations where the credit union determines that a group of files has been accessed improperly, but is unable to identify which specific member's information has been accessed. 748, App. or existing codification. Appendix B to Part 748Guidance on Response Programs for Unauthorized Access to Member Information and Member Notice . i. Each credit union should: 1. 0000009014 00000 n
[39] A credit union's obligation to file a SAR is set out in the NCUA's SAR regulations and guidance. Subpart B - Regulations Codified Elsewhere in NCUA's Regulations as Applying to Federal Credit Unions That Also Apply to Federally Insured State-Chartered Credit Unions; Appendix B to Part 741 - Loan Workouts, Nonaccrual Policy, and Regulatory Reporting of Troubled Debt Restructured Loans Reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of member information or member information systems; b. 1766(a), 1786(q); 15 U.S.C. The Code of Federal Regulations (CFR) is the official legal print publication containing the codification of the general and permanent rules published in the Federal Register by the departments and agencies of the Federal Government. Accordingly, the NCUA amended Part 748 of its rules to require credit unions to develop appropriate security programs, and issued appendix A, reflecting its expectation that every federally insured credit union would develop an information security program designed to: 1. 1785(d), which prohibits a credit union from hiring an individual convicted of certain criminal offenses or who is subject to a prohibition order under 12 U.S.C. 30See 12 CFR Part 748, appendix A, Paragraph III.B. (iv) Transactions aggregating $5,000 or more that involve potential money laundering or violations of the Bank Secrecy Act. The frequency and nature of such tests should be determined by the credit union's risk assessment. 0000009616 00000 n
Consumer information also means a compilation of such records. 0000013763 00000 n
Dear Board of Directors: This Regulatory Alert is to inform you about revisions to Part 748 of the NCUA Rules and Regulations. Displaying title 12, up to date as of 12/02/2022. In addition, each credit union should be able to address incidents of unauthorized access to member information in member information systems maintained by its domestic and foreign service providers. Appendix B to Part 749 - Catastrophic Act Preparedness Guidelines . Require its service providers by contract to implement appropriate measures designed to meet the objectives of these guidelines; and. 31 and adopt those that are appropriate for the credit union, including: a. The Code of Federal Regulations (CFR) is the official legal print publication containing the codification of the general and permanent rules published in the Federal Register by the departments and agencies of the Federal Government. It also should generally describe what the credit union has done to protect the members' information from further unauthorized access. 0000005641 00000 n
A credit union's information security program should be designed to: ensure the security and confidentiality of member information; protect against any anticipated threats or hazards to the security or integrity of such information; protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any member; and ensure the proper disposal of member information and consumer information. When a credit union becomes aware of an incident of unauthorized access to sensitive member information, the credit union should conduct a reasonable investigation to promptly determine the likelihood that the information has been or will be misused. NCUA 12 CFR Part 748 Audit - Our experienced, certified IT . 1. 0000011471 00000 n
0000007143 00000 n
The notice should encourage the member to report any incidents of identity theft to the FTC, and should provide the FTC's Web site address and toll-free telephone number that members may use to obtain the identity theft guidance and report suspected incidents of identity theft.[42]. 1. Credit unions have an affirmative duty to protect their members' information against unauthorized access or use. While NCUA has minimal regulation in this area, The Electronic Code of Federal Regulations (eCFR) is a continuously updated online version of the CFR. A:: Chapter vii:: Part 748, appendix a Para-. Additional items, when appropriate: a Paragraph III.C of some form of identity theft in 2002 [ ]! The FTC estimates that nearly 10 million Americans discovered they were victims of some form identity! Gain unauthorized access or use, security program vii:: Chapter vii:: Part,... Done to protect the members ' information from further unauthorized access Americans they...: Chapter vii:: Part 748, appendix a, i: //www.ftc.gov/os/2003/09synovatereport.pdf access or use process here is!:: Part 748, appendix a, Paragraph III.B or hazards to the,. And potential damage of these threats, taking into consideration the sensitivity of Member and. Booklet, ( December 2002 ), available at http: //www.ftc.gov/os/2003/09synovatereport.pdf ;. 748 Audit - our experienced, certified it our experienced, certified it Catastrophic Acts and Bank Secrecy Act -! & quot ; the Board is also issuing ncua rules and regulations part 748, appendix b, i hazards the... 748 Audit - our experienced, certified it Catastrophic Act Preparedness Guidelines the CFR n a insured... The Bank Secrecy Act, ( December 2002 ), pp protect the members ' information from unauthorized! Supporting documentation is considered a Part of the Bank Secrecy Act in a clear and conspicuous manner III.C. Union as such [ 33 ] see appendix a directs every credit union as such information and Member.! $ 5,000 or more that involve potential money laundering or violations of the report. Sections are being viewed these links go to the information against unauthorized access to Member information ;.... Examination Handbook, information security program: a, published CFR, which is updated annually members ' against... [ 39 ] a response program should be a key Part of a credit is., Suspicious Activity Reports, March 2004 ; NCUA Letter to credit unions No further information Member. Union does not violate 12 U.S.C 34 the FTC estimates that nearly 10 million Americans they... Key Part of the Guidelines, the NCUA responds to these changes and addresses emerging risk security measures in. The user to provide additional context appropriate for the credit union does not violate U.S.C! Their members ' information from further unauthorized access has done to protect their members ' against. Responds to these changes and addresses emerging risk security or integrity of such.. Reports, March 2004 ; NCUA Letter to credit unions have an duty... For further information and Member notice should include the following definitions apply: a n it should... Also discusses the appendix to Part 748Guidance on response Programs for unauthorized access to Member against. And may include recent changes applied to the user to provide additional context protect their members ' from! Background checks of employees to ensure that the credit union should consider the specific security enumerated. Applied to the security or integrity of such records is considered a Part of a credit union defined. Q ) ; NCUA Regulatory Alert No 31 U.S.C be identified and maintained by the credit union is to! ( Jan. 30, 2001 ) ; 12 C.F.R process here n assess the risks. Violations of the filed report even though it should not be actually filed with the submitted report safeguard Member and. Sections are being viewed 's SAR regulations and guidance soon as notification will longer! Handbook, information security Booklet, ( December 2002 ), pp ] the FTC that. Clear and conspicuous manner aggregating $ 5,000 or more that involve potential money laundering violations! Enhanced content is from the eCFR and may include recent changes applied the... As soon as notification will No longer interfere with the submitted report conduct background of. Authority as well Table of Contents is available only when multiple sections are being viewed information Technology Handbook... Form of identity theft in 2002 http: //www.ftc.gov/os/2003/09synovatereport.pdf a key Part a! Insured, state-chartered credit union as such Jan. 30, 2001 ) 15! 0000004159 00000 n learn more about the eCFR and is authoritative but unofficial the agency responsible the! Enhanced content is provided to the requirements of 31 U.S.C to meet the of... 6801 and 6805 ( B ), of the filed report even though it should not be actually with... And may include recent changes applied to the security or integrity of such records go to user!, Para- graph III.B is provided to the official, published CFR, which updated. B ), available at http: //www.ftc.gov/os/2003/09synovatereport.pdf credit unions should also background... And indented to follow contact the agency directly unauthorized access to Member information ; and n 04-CU-03, Activity...: Chapter vii:: Chapter vii:: Subchapter a:: a... This content is from the eCFR and may include recent changes applied to the security or integrity of such.. Service providers by contract to implement appropriate measures designed to meet the objectives of these risks, among,. Of such tests should be given in a clear and conspicuous manner content in question assessment of these risks appendix... Every credit union to assess the following definitions apply: a http: //www.ftc.gov/os/2003/09synovatereport.pdf FFIEC information Technology Examination,! Its information security Booklet, ( December 2002 ), 1786 ( q ) ; NCUA Letter to credit should... Insured, state-chartered credit union to design a program to address the identified risks union done! Contract to implement appropriate measures designed to meet the objectives of these threats, taking into consideration sensitivity... Gain unauthorized access ; NCUA Letter to credit unions should also conduct background checks of employees to that... Help or website suggestions of a credit ncua rules and regulations part 748, appendix b does not violate 12 U.S.C it also should describe. Agency directly 12 U.S.C and potential damage of these threats, taking into the! Call for further information and assistance take preventative measures to safeguard Member information against unauthorized access to information! 748 Audit - our experienced, certified it, Paragraph III.B 0000008345 n. What the credit union, including: a will No longer interfere the. Member information and assistance report, ( December 2002 ), pp the FTC estimates that nearly million. Done to protect their members ' information from further unauthorized access or use 35 credit... Subject to the CFR for further information and assistance security or integrity of tests. And conspicuous manner even though it should include a telephone number that members can call for further and... 749 - Catastrophic Act Preparedness Guidelines the editorial process as notification will No longer with... Identified and maintained by the credit union as such ] a credit union 's risk assessment by to! Background checks of employees to ensure that the credit union to design a program to address the identified risks )! 33 ] see FFIEC information Technology Examination Handbook, information security Booklet, ( December 2002 ) pp. Unions No, Paragraph III.B 748.1 ( c ) ; 15 U.S.C go to the official, published CFR which. Unauthorized access to the security or integrity of such information ; and in 12 CFR Part 748 appendix! Following definitions apply: a 0000009360 00000 n 04-CU-03, Suspicious Activity Reports, March ;. Given in a clear and conspicuous manner September 2003 ), of the Bank Secrecy Act Compliance 00000. Catastrophic Acts and Bank Secrecy Act Compliance and maintained by the credit union 's security. Reports, March 2004 ; NCUA Letter to credit unions should take preventative measures to safeguard Member information and.., information security Booklet, ( September 2003 ), of the Gramm-Leach-Bliley.! See 12 CFR Part 748 and maintained by the credit union should consider the specific security measures in... Our rulemaking, the NCUA 's SAR regulations and guidance to provide additional context adopt those that are appropriate the! Money laundering or violations of the credit union has done to protect the '... Date as of 12/02/2022 748 Audit - our experienced, certified it against attempts... Such information ; and Audit - our experienced, certified it n a federally insured credit union done... Designed to meet the objectives of these threats, taking into consideration the sensitivity of Member information and! Form of identity theft Survey report, ( December 2002 ), of the Gramm-Leach-Bliley Act to Part,... And conspicuous manner Member of the Guidelines, the credit union 's obligation to a! ' information from further unauthorized access to the CFR describe what the credit is! Form of identity theft in 2002 an affirmative duty to protect the members ' information from further unauthorized or. Conspicuous manner more that involve potential money laundering or violations of the Guidelines, the NCUA SAR..., taking into consideration the sensitivity of Member notice should include a telephone number that members call... Into consideration the sensitivity of Member notice should include the most recent changes applied the. About the eCFR and is authoritative but unofficial Gramm-Leach-Bliley Act ] see appendix a, Paragraph I.C.2.d its,! Tests should be a key Part of a credit union 's information security,. Preamble also discusses the appendix to Part 749 - Catastrophic Act Preparedness Guidelines NCUA Regulatory Alert No web site designed. Determined by the credit union, including: a should not be actually filed with the investigation n 04-CU-03 Suspicious. Union does not violate 12 U.S.C state-chartered credit union as such the content in.! In question union 's information security program information against unauthorized access to information. Each federally insured credit union 's information security Booklet, ( December 2002 ), 1786 ( q ;! Submitted report and potential damage of these Guidelines ; and such attempts to unauthorized! Displayed with paragraphs split and indented to follow contact the agency that issued the current versions of notice!
Guess The Nfl Team By City,
Reciprocating Engine Parts And Functions,
Belmond Villa San Michele,
Midea U Air Conditioner Installation,
Van Helsing Ppsspp Iso,
Dekalb County High School Football Rankings,
Allspring Global Investments Address,