Friday, July 6, 2012

NCUA's Policy and Procedures on Protecting FSOC Information

The NCUA's Inspector General (IG) determined NCUA’s existing policies and procedures are not sufficiently comprehensive to help the agency protect confidential non-public Financial Stability Oversight Council (FSOC) information from unauthorized disclosure, according to a recently released audit report.

The audit was part of a larger audit that the Council of Inspectors General on Financial Oversight (CIGFO) initiated. (Read CIGFO report)

NCUA's IG decided to issue this separate report to help the agency in determining how to handle and control confidential non-public FSOC information and protect it from unauthorized disclosure.

The IG report identified specific areas where NCUA needs to improve or supplement its policies and procedures. The specific areas that need to be addressed are:

• Protecting oral communication of confidential non-public FSOC information;

• Inventorying or tracking FSOC information requests/responses;

• Controlling access to and authorizing release of confidential non-public information to FSOC, FSOC member agencies or other external parties (e.g., Congress);

• Placing appropriate markings on FSOC information to identify it as containing confidential information;

• A central person/group to coordinate all FSOC communications;

• Membership on FSOC committees, including authorized alternate representatives and corresponding duties and responsibilities of the NCUA representatives;

• Identifying, controlling and monitoring who within NCUA will have access to and who has accessed specific FSOC information and systems;

• Handling, controlling, and protecting FSOC information during teleconferences and telework sessions; and

• Consequences for the breach/unauthorized disclosure of FSOC information.

The IG recommended that NCUA should coordinate with FSOC and its member agencies to supplement or improve its policies, procedures, and practices regarding non-public FSOC information.

However, NCUA management believes its existing policies, procedures, and training are effective; but acknowledges that its policy and procedures could be more comprehensive.

Read the report.

1 comment:

  1. Grading the grader.
    NCUA grade on protecting information- F.
    NCUA grade on providing transparent, complete and informative information on the lossess in toxic Corporate bonds- F.

    If you are a credit union manager or director, you should read the KPMG June letter on the Temporary Corporate Credit Union Stabilization Fund.
    There are more disclaimers than craters on the moon.If you you think the ultimate cost is going to be what NCUA is saying, READ THE KPMG LETTER. NCUA provides all the assumptions to the "independent" analysis provider.
    Our capital is down 100 bps or so since 2009. Our capital will continue to crater.

    ReplyDelete

 

The content is provided for educational purposes only, with the understanding that neither the authors, contributors, nor the publishers of this site are engaged in rendering legal, accounting or other expert or professional services. If legal or other expert assistance is required, the services of a competent professional should be sought.

Comments appearing in response to articles appearing on this site do not necessarily reflect the views of the ABA. ABA makes no representations regarding the truth or accuracy of commentary or opinions that may be posted in response to the articles that appear on this website.

The inclusion herein of any link to a website, either in the text of an article or in a comment, does not denote any approval, sponsorship, or endorsement by the ABA, and ABA is not responsible for the content or opinions expressed on those linked websites or related commentary. This content is not licensed to third parties sites and is not affiliated with any third party site. Any reference to the author or this content on any third party site on the Internet is not authorized by the ABA.

It is the policy of the American Bankers Association to comply fully with all antitrust laws. Certain discussions should be considered off-limits, including those that contain competitively sensitive data such as price and cost information, or statements that could be construed as reflecting an attempt or desire to control or influence a particular market or markets. Future pricing or other prospective competitive information should never be shared.