Friday, July 6, 2012

NCUA's Policy and Procedures on Protecting FSOC Information

The NCUA's Inspector General (IG) determined NCUA’s existing policies and procedures are not sufficiently comprehensive to help the agency protect confidential non-public Financial Stability Oversight Council (FSOC) information from unauthorized disclosure, according to a recently released audit report.

The audit was part of a larger audit that the Council of Inspectors General on Financial Oversight (CIGFO) initiated. (Read CIGFO report)

NCUA's IG decided to issue this separate report to help the agency in determining how to handle and control confidential non-public FSOC information and protect it from unauthorized disclosure.

The IG report identified specific areas where NCUA needs to improve or supplement its policies and procedures. The specific areas that need to be addressed are:

• Protecting oral communication of confidential non-public FSOC information;

• Inventorying or tracking FSOC information requests/responses;

• Controlling access to and authorizing release of confidential non-public information to FSOC, FSOC member agencies or other external parties (e.g., Congress);

• Placing appropriate markings on FSOC information to identify it as containing confidential information;

• A central person/group to coordinate all FSOC communications;

• Membership on FSOC committees, including authorized alternate representatives and corresponding duties and responsibilities of the NCUA representatives;

• Identifying, controlling and monitoring who within NCUA will have access to and who has accessed specific FSOC information and systems;

• Handling, controlling, and protecting FSOC information during teleconferences and telework sessions; and

• Consequences for the breach/unauthorized disclosure of FSOC information.

The IG recommended that NCUA should coordinate with FSOC and its member agencies to supplement or improve its policies, procedures, and practices regarding non-public FSOC information.

However, NCUA management believes its existing policies, procedures, and training are effective; but acknowledges that its policy and procedures could be more comprehensive.

Read the report.

1 comment:

  1. Grading the grader.
    NCUA grade on protecting information- F.
    NCUA grade on providing transparent, complete and informative information on the lossess in toxic Corporate bonds- F.

    If you are a credit union manager or director, you should read the KPMG June letter on the Temporary Corporate Credit Union Stabilization Fund.
    There are more disclaimers than craters on the moon.If you you think the ultimate cost is going to be what NCUA is saying, READ THE KPMG LETTER. NCUA provides all the assumptions to the "independent" analysis provider.
    Our capital is down 100 bps or so since 2009. Our capital will continue to crater.

    ReplyDelete