Members entrust your credit union with their financial and personal data. It’s critically important to protect that data against unauthorized access, which could lead to substantial harm or serious inconvenience to members.
NCUA Rules and Regulations (Part 748) require each federally insured credit union to have a security program in place. The program must include policies and procedures for the security and confidentiality of member records.
Are staff workstations at your credit union "clean"? Are you doing everything you can to ensure the safety and confidentiality of members’ information?
Here are recommended safeguards for:
● Computer monitors. Install privacy screens on monitors viewable by the general public. Use password-protected screensavers in areas where needed.
● Signature cards. Restrict access to signature cards and keep them locked in file drawers whenever possible. Store them only in nonpublic areas of the credit union.
● Computer reports. Keep daily reports containing member information away from areas viewable or accessible by the general public. Lock reports that are no longer needed for the day (but are retained until destroyed) in a locked vault, shred bin, or fireproof cabinet.
● Safe deposit box cards. Lock members’ safe deposit box information in a fireproof cabinet or vault.
● Wire transfer information. Store wire transfer authorizations and the wire transfer log book in a location restricted to credit union employees only during business hours. Lock them in a vault or fireproof cabinet at the end of the day.
● Shred bins. Lock the bins and allow access only to limited personnel.
● Internal reports and confidential documents. Lock both in desk drawers or file cabinets, and dispose in shred bins when they’re no longer needed.
● Returned mail. Store returned mail in locked file cabinets where possible, until addresses can be corrected.
● Loan files and documents. Keep this information out of member sight during the day and stored in locking file cabinets or a locked file room after hours. Clear desks and workstations of sensitive materials at the end of the day.
● Physical access by unauthorized persons. Make sure keys to doors and vault combinations are assigned to individual employees. Establish dual control (more than one employee) for vaults and night drops. Sign out keys to individuals based on need.
Your credit union likely has its own set of security policies and procedures to protect member data. Make sure you and your staff are clear on both.
CHRIS COLLVER is senior regulatory and legislative analyst for the California and Nevada Credit Union Leagues. Contact him at 800-472-1702, ext. 6053.
This article first appeared in Front Line newsletter.