Nutter Credit Union Report: March 2020

Nutter McClennen & Fish LLP
Contact

Headlines

1. Overview: Rising to the Challenges
2. Business Continuity Planning for a Pandemic Event
3. Board and Senior Management Responsibilities
4. Communication and Coordination with Third Parties, Including Critical Service Providers
5. Employee Protection Strategies
6. Emergency Branch Closing Procedures and Restricting Customer Access
7. Special Considerations for Borrowers Affected by a Pandemic
8. Cybersecurity Awareness
9. Annual Meeting Considerations

1. Overview: Rising to the Challenges

The COVID – 19 virus and efforts intended to slow or stop the spread of the virus have presented numerous challenges for credit unions – including, in many cases, first-time execution of business continuity plans; protecting members and employees; restricting member access including, if necessary, emergency branch and facility closings; coordinating with critical service providers; addressing distressed borrower situations; avoiding cyber traps and similar malicious online efforts to penetrate IT systems; and developing and implementing alternative plans for scheduled events including annual meetings.  This Nutter Credit Union Alert is intended to provide preliminary information on these and various related topics including recently-issued federal financial institution agency guidance.

2. Business Continuity Planning for a Pandemic Event

The Interagency Statement on Pandemic Planning (“Interagency Statement”) released by the FFIEC on March 6 indicates that federal financial institution regulators expect that, as part of normal business continuity planning, credit unions will have plans in place to operate in a pandemic environment and be ready to execute those plans as conditions demand.  While traditional business continuity planning requires management to follow a cyclical process of planning, preparing, responding, and recovering, pandemic planning requires additional actions to identify and prioritize essential functions, employees, and resources within the credit union, and critical service providers and suppliers.  As challenges arise from the spread of the COVID-19 virus, regulators expect credit unions to be prepared to continue to provide critical financial products and services to their members without endangering the health and safety of members, employees or property.

3. Board and Senior Management Responsibilities

Regulators expect pandemic planning to involve senior management from all functional, business and product areas, and recommend that pandemic risk assessment and risk management planning include a business impact analysis to incorporate the impact of pandemic risk into the BCP.  This business impact analysis should be reviewed with, and approved by, the credit union’s board.  The Interagency Statement advises that a credit union’s risk assessment process should include performing a “gap analysis” that compares existing business processes and procedures with the actions that are needed to mitigate the severity of potential business disruptions resulting from the pandemic.

4. Communication and Coordination with Third Parties, Including Critical Service Providers

The Interagency Statement recommends that credit unions coordinate information sharing efforts through business and community working groups and develop coalitions with others to provide support and maintenance for vital services during a pandemic.  Credit unions should also review contracts with critical service providers to determine whether a pandemic constitutes a force majeure event that excuses a service provider from performing altogether, or whether the contract nevertheless requires the service provider, at a minimum, to comply with its own business continuity and disaster recovery plans during a pandemic.

5. Employee Protection Strategies

The Interagency Statement recommends that credit unions communicate to employees social distancing techniques which minimize typical face-to-face contact through the use of teleconference calls, video conferencing, flexible work hours, telecommuting, and encouraging members to use online or telephone banking services, ATMs and drive-up windows.  The Interagency Statement also recommends that credit unions review and consider the use of other non-pharmaceutical interventions, such as encouraging sick employees to stay at home, and cleaning frequently touched surfaces and objects.  Pandemic planning should also address how the credit union will handle employee compensation, healthcare and other benefits questions.  OSHA recordkeeping regulations require covered employers, including credit unions, to record certain work-related injuries and illnesses on an OSHA 300 log.  While the regulations exempt common cold and flu from such recording requirements, COVID-19 is a recordable illness when an employee becomes infected in the workplace.

6. Emergency Branch Closing Procedures and Restricting Customer Access

Massachusetts law permits a Massachusetts-chartered credit union to close any office if the credit union’s officers determine that conditions exist which pose an existing or imminent threat to the safety or security of credit union personnel or property at the affected office.  A temporary branch closing does not have to be reported to or approved by the Division of Banks, but should be duly recorded in the records of the next meeting of the credit union’s board with the cause and time of such closing.  According to Division of Banks Regulatory Bulletin 2.1-105, Emergency Temporary Closing of Banking Offices, it is the policy of the Division of Banks that only the office(s) affected should be closed and that credit unions have an obligation to remain open during their normal hours of operation if at all possible without jeopardizing the health and safety of the staff and members.

7. Special Considerations for Borrowers Affected by a Pandemic

The federal agencies issued a separate joint statement on March 9 encouraging credit unions to meet the financial needs of members affected by COVID-19.  In that joint statement, the agencies committed to provide appropriate regulatory assistance to affected institutions.  Consistent with the guidance that the agencies typically issue to institutions recovering from a natural disaster, the agencies advised credit unions to work constructively with borrowers and other members affected by the pandemic.  According to the joint statement, loan modifications, refinancing options, and other efforts that are consistent with safe and sound banking practices would not be subject to examiner criticism.  The agencies will expedite requests to provide more convenient availability of services in affected communities where operational challenges persist.  The agencies also committed to work with affected credit unions to schedule examinations or inspections in a manner that minimizes disruption and burden.

8. Cybersecurity Awareness

There have been a number of reports that cyber attackers are leveraging fear about COVID-19 to spread malware or gain unauthorized access to computer networks, including credit unions’ information systems.  For example, websites purporting to map COVID-19 outbreaks have reportedly been used as so-called “watering holes” that, when visited, cause malicious computer code to be downloaded to the visitor’s computer.  Credit unions should remind employees to be wary of phishing attacks, disinformation campaigns and similar malicious activities.

9. Annual Meeting Considerations

As annual meeting season approaches for many credit unions, it might be prudent to consider some form of alternative plan for the annual meetings of members consistent with the CDC’s advice on social distancing.  The method employed to postpone an annual meeting or, if possible, conduct it by electronic means will depend on the particular provisions of a credit union’s by-laws and applicable law.  

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Nutter McClennen & Fish LLP | Attorney Advertising

Written by:

Nutter McClennen & Fish LLP
Contact
more
less

Nutter McClennen & Fish LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.