Reminder: The New York Credit Union Association and its Affiliates will be closed Monday, Feb. 20, in observance of Presidents Day. Enjoy the long weekend!

Straight to The Point

DFS finalizes cybersecurity rules

Update, 10:55 a.m.: This article has been updated with the correct link to the final regulation and DFS wesbite. An earlier version linked to the second cybersecuirty proposal issued by the DFS.

The state Department of Financial Services finalized its controversial cybersecurity rules yesterday, and the regulation takes effect March 1. The final regulation requires DFS-regulated institutions—including state-chartered credit unions—to establish and maintain a cybersecurity program designed to protect consumers’ private data.

The department first proposed rules establishing cybersecurity requirements in September. The New York Credit Union Association and CUNA penned a comment letter to the DFS that raised a number of concerns with that version of the proposal. Most notably, the organizations said the proposal took a one-size-fits-all approach that was too prescriptive, and it did not take into account the robust cybersecurity requirements that credit unions are already required to comply with.

In December, the DFS issued an updated proposal that appeared to contain some of the changes sought by the Association.

The final regulation also appears to contain some positive improvements over the initial proposal—including the expansion of exemptions for small financial institutions—but the Association is still in the process of analyzing it.

The regulation would extend to credit union affiliates, including the mortgage- and insurance- related credit union service organizations of federally chartered credit unions. There is also concern that the language of the regulation could extend other requirements to federal charters.

Ultimately, the Association disagrees with the concept of a state-by-state approach to cybersecurity, and instead advocates a strong national law that pre-empts state law and holds merchants that accept payment card data to the same standards as financial institutions.

The final regulation is available on the DFS website.

NCUA releases board meeting agenda
The NCUA board of directors will receive a quarterly update on the Share Insurance Fund and review the federal credit union loan interest rate ceiling during their Feb. 23 board meeting. The open meeting will begin at 10 a.m., and it will be streamed live on NCUA’s website.

More: NCUA board meeting agenda

CFPB explores impact of alternative data to gauge creditworthiness
The CFPB launched an inquiry into ways to expand credit access for consumers who are “credit invisible” or who lack enough history to obtain a credit score. The bureau is seeking information from stakeholders in an effort to gain insights into the benefits and risks of alternative data, as well as the techniques used to compile and analyze it.

More: CFPB seeking feedback on unconventional ways to extend credit

State and National News

CUToday: New York’s 2.7 percent foreclosure inventory rate was the second highest in the country at the end of 2016, behind only New Jersey which posted a 2.8 percent rate – More

CU Times: First mortgage loans past due after 60 days continued to trend down at credit unions, with a delinquency rate of under one percent for the fourth quarter of 2016 – More

Times Union: State Attorney General Eric Schneiderman opposes Gov. Cuomo’s bid to expand the civil law enforcement authority of the state Department of Financial Services – More

Washington Post: President Trump named former U.S. attorney Alexander Acosta as his next pick for labor secretary Thursday – More

American Banker: Although the entire financial services industry is a hot target for cybercriminals, online lenders appear to be particularly vulnerable – More

New York’s State of Mind

Allowing municipalities to deposit funds in credit unions is a simple measure that would save taxpayers money without decreasing local budgets – More