The League – Fostering Financial Wellbeing for All

NCUA letter addresses CU use of distributed ledger technologies (DLT)

News Compliance Courier

Written by

in

NEWS:  The NCUA issued a Letter to Credit Unions 22-CU-07 to clarify certain expectations for credit unions contemplating the use of new or emerging distributed ledger technologies (DLT). This letter applies to federally insured credit unions.  

Blockchain is a well-known example of a DLT. Investopedia says: “Underlying distributed ledgers is the same technology that is used by blockchain, which is the technology that is used by bitcoin. Blockchain is a type of distributed ledger used by bitcoin.”

The letter says that the NCUA does not prohibit credit unions from developing, procuring, or using DLT “if it is deployed for permissible activities and in compliance with all applicable laws and regulations, including applicable state laws or state supervisory authority requirements.” 

The NCUA expects credit unions to exercise judgment, apply sound risk-management practices, and conduct necessary due diligence when choosing to offer a new platform, product, or service, including where DLT is part of the underlying technology. These assessments include evaluating the permissibility of an activity and the opportunities and risks associated with any underlying technology.

To evaluate whether to use DLT, the letter specifies focus areas such as Governance, Oversight and Planning, and Risk and Risk-Mitigation strategies and ensuring that:

  • The credit union’s board of directors is notified of advancements in the underlying technology, the purposes of the technology, and how using DLT aligns with the credit union’s strategic planning objectives and approved risk tolerances.
  • Credit union staff and third parties using and managing the technology are complying with applicable laws and regulations and acting in a safe and sound manner.
  • Effective risk-management practices are followed to identify, assess, and mitigate risks associated with DLT and the specific activities for which it will be deployed.
  • Risk assessment and audit functions can validate and attest to the effectiveness of risk-mitigation practices in accordance with internal policy and industry leading practices.

The letter also covers:

  • Information and cybersecurity risk
  • Legal and compliance risk
  • Strategic and reputation risk
  • Liquidity risk
  • Third-party risk
The letter goes on to say that “examiners will evaluate the rigor with which credit unions exercised good judgement, applied sound risk management, and executed compliance and risk oversight of acquisition or development and deployment of new systems and technology. The NCUA supports innovations that are safe and sound, in compliance with all applicable laws and regulations, and fair to consumers. The NCUA also believes that DLT-related activities are rapidly evolving, and present questions and evolving risks not yet well understood. The NCUA reserves the right to issue future guidance, as appropriate.”

 

Bitcoin Webinar

The most common distributed ledger technology is Blockchain, which supports Bitcoin.   For credit unions interested in learning more about bitcoin, you can register for a Wolters Kluwer and NYDIG webinar on June 9, 2022 at 1:00 PM CT, Bitcoin for Credit Unions: Essential Regulatory Considerations for Adopting Cryptocurrency

More posts