What a CU Needs to Stay Compliant

While credit union compliance may have been under the radar just a decade ago, a recession, global pandemic, and going digital have all contributed to a multitude of new regulations and an emphasis on compliance. So let us look at what a CU needs to stay compliant because you need to keep your credit union compliant.

Utilizing a proactive mindset can prevent costly compliance litigation and fines. We have assembled a checklist to help you assess your CU’s compliance strengths and risks.


It’s important to stay diligent. Implementing a plan to stay compliant is necessary to fulfill CU strategies for growth and longevity.

Regulatory agencies such as NCUA, Federal Reserve, Federal Financial Institutions Examination Council (FFIEC), and Consumer Financial Protection Bureau provide updated information on laws and compliance.

1.Study past and current trends.

Use the facts you have and projected trends to create a plan of action.

2.Execute a plan.

Create detailed reports, update budgets, and keep staff trained and informed on any changes.

3.Audit yourself.

As regulations change, so should your products and processes. Continuously think about how you can improve and decrease any weaknesses.

Good Partners

Networking with other credit unions to talk about compliance is important not only for your branch but CUs as a whole. By finding out how others view compliance issues and how they have resolved those same issues can save you from future costly mistakes. What a CU needs to stay compliant sometimes is a good partner to watch their back.

Plus, if you place importance on forming a network of CU executives, you will have someone to call. Picking up the phone is much easier than taking a deep dive into compliance blogs or manuals that might not even fully answer your specific question.

Once you foster a friendship with several local or regional CUs, consider forming a committee that focuses on compliance. That way when any regulatory changes are introduced, you can talk about them as a committee and forward that information to everyone involved. This collaboration is a hallmark of the CU world, an advantage over most banks that prefer to keep a corporate distance.

For example, Washington State Employees Credit Union (WSECU) organized a consumer protection compliance committee back in 2014 in response to the Dodd-Frank mortgage rules and state examinations. As CUs need to conform to a growing list of regulations, the committee provides oversight and guidance to the CU’s management of compliance.


The Federal Financial Institutions Examination Council (FFIEC) provides three compliance resources that are worth adding to your toolbox. These free resources are a great addition to your current setup and can fill gaps when your budget is minimal for data compliance. What a CU needs to stay compliant is the proper tools.

FFIEC Information Technology Examination Handbook

The FFIEC IT Exam Handbook is the main guide used to assess compliance by auditors. Although it offers an outline for audits, it does not include everything. An auditor may suggest changes that aren’t included in the handbook.

FFIEC IT Exam Handbook includes information on the following topics:

  • • Allocating staff and technology to information technology
  • •Organizing an established information security culture within your CU
  • •Defining risk identification processes
  • • Risk monitoring and reporting
  • •Consistent security operations

FFIEC Cybersecurity Assessment Tool (CAT)

Credit unions have access to the Automated Cybersecurity Examination Tool (ACET) which is based on the CAT. The ACET provides easy-to-interpret results that are easy to implement. This is an improvement over a standard PDF.

CIS Controls® (CIS)

For cyber-attack prevention, this free tool is a great addition to credit union cybersecurity programs, whether you build your own or use a third-party solution.

Online Security

Members of credit unions switch from traditional banks to experience an increase in personalized customer service, security, and trust. Online security is a key component of trust as members continue to lean toward digital products and processes.

As part of maintaining compliance, security monitoring is key in protecting your members’ information. By consistently following these three steps you can prevent future cyber-attacks.

1. Find Your weaknesses

Consistently check for weaknesses in your CU’s security monitoring. It is impossible to efficiently monitor your credit union logs manually. Using a security operations center (SOC) can provide cybersecurity 24/7.

2. Create a Plan

Once you start using a SOC, single out your vulnerabilities to see which ones need attention.

3. Fix Vulnerabilities

IT teams can benefit from a patch management system to fix vulnerabilities and keep them from creating a larger issue. This system saves man-hours by removing the task of manually determining which issues need a patch.

The Cloud

Cloud security is used by 75% of credit unions. The protocol of cloud security compared with traditional methods is virtually the same.

Involve Your Members

Keeping your members educated about their overall cybersecurity can help decrease cyber-attacks and even fraud. Over 80% of hacking-related breaches are due to weak or stolen passwords.

Simply adding password requirements to member accounts like character length, a mixture of both lowercase and uppercase letters, numbers, and special characters will help protect sensitive member information. You can also add multi-factor authentication as an additional layer of online protection.


Website and mobile apps should be secure, and also follow the Americans with Disabilities Act (ADA) guidelines.

Choose a web developer or ADA agency to audit your site to ensure that you are compliant on all devices including desktops, tablets, and mobile phones. They can also check to see if your site is accessible through text readers and audio scanners.

Post-Coronavirus World

As credit unions have catered to their members during coronavirus in the form of pandemic-specific products and processes, this new way of doing business has opened up a whole new set of regulatory changes and compliance issues.

New trends, such as digital notary signings, have changed the way credit unions complete the loan process. CUs also had to put a priority on the government-issued SBA Paycheck Protection Program to fully serve its members struggling to fund their small businesses during the pandemic. With the increase in remote member transactions, it’s important to protect members against fraud not only during the coronavirus but post COVID-19 as well.

The silver lining from coronavirus is the opportunity to test remote work among credit union employees and digital products and services for CU members. As credit unions set future risks, goals, and marketing strategies, compliance is at the forefront of success. All of these changes required swift compliance action from training, to sensitive advertising content, as well as reforming loan processes.

As the global pandemic continues to shape member preferences toward digital, it’s a great time for CUs to re-think strategies regarding member engagement and how that affects their brick and mortar world.

Avoid excess anxiety about compliance by networking with other CUs, taking advantage of free resources, and investing in online tools that will keep your CU compliant and your members’ information secure.