Last week proved compliance news does not run on summer hours. Between the NCUA’s town hall, the CFPB’s ambitious (if blink-and-you-missed-it) rulemaking agenda, new AI guidance from NCUA, and NY DFS cracking down on cybersecurity lapses, the docket is full. Think of this roundup as your compliance espresso shot: strong, focused, and exactly what you need to stay alert.
NCUA Town Hall
The National Credit Union Administration (NCUA) will host a Strategic Plan Town Hall on Tuesday, September 9 from 2-3 p.m. Eastern. The event invites credit union industry stakeholders to provide input on the NCUA Strategic Plan and the upcoming priorities of the agency.
Here is the link to register: Strategic Plan Town Hall registration – WebEx Enterprise Site
Now You See Me-CFPB Spring 2025 Regulatory Agenda
The CFPB published, and then quickly unpublished, its Spring 2025 Rulemaking Agenda. So, while there is not yet an official version of the Agenda, what we did see is plan with twice as many items as the Fall 2024 Agenda with a paradoxical focus on consumer protection and deregulation.
NCUA Launches AI Resource Webpage for Credit Unions
Following on its discussion of Artificial Intelligence at its July Board meeting, the NCUA unveiled a brand-new webpage packed with AI resources designed specifically for credit unions exploring or expanding AI usage. The hub covers areas like AI implementation, risk management, data security, use cases, and cyber-risk considerations.
The site is meant to guide credit unions through the often tricky terrain of vendor vetting, algorithmic transparency, fair lending safeguards, and privacy protections as you explore or enhance AI risk management practices.
NY DFS Enforces $2 Million Cybersecurity Settlement
The New York Department of Financial Services secured a $2 million settlement via consent order with Healthplex, Inc. for cybersecurity regulation violations, highlighting failures in phishing-resistant multi-factor authentication, risk assessments, and timely breach reporting.
While Healthplex is not a credit union, the message is crystal clear even if the DFS does not directly regulate your institution: regulators continue to focus on cybersecurity vulnerabilities and take an aggressive enforcement approach to compliance.
Looking Ahead
With enforcement actions highlighting the importance of internal controls and cybersecurity compliance, new resources to help explore AI solutions, this is an excellent time for credit unions to review their risk management programs and ensure robust oversight of both employees and third-party partnerships.
Let’s Make This Useful
I want this blog to be as relevant as possible to the people reading it. So:
- Got a topic you’d like me to break down?
- Burning desire to know more about that headline you read the other day?
- Have an industry-related question you want addressed?
Reach out to me at jeremy.newman@nycua.org. Let’s talk.
Until Next Time
From the big picture to the fine print, we’ve got you covered. Thanks for reading, and CU in the next post.