Health Savings Accounts 

Health Savings Accounts (HSAs) were created by the Medicare Prescription Drug, Improvement and Modernization Act of 2003 (Public Law 108-173) which was signed into law on December 8, 2003. Federal credit unions are authorized by NCUA’s Rules and Regulations parts 721 and 724 to open HSAs.
HSAs are designed to help individuals save for future qualified medical and retiree health expenses on a tax-free basis. Individuals under the age of 65 are eligible to contribute to an HSA if they are covered by a “qualified health plan” (plans generally referred to as high-deductible health plans). As with IRAs, there are reporting obligations on any financial institution that holds HSAs.

Individuals may contribute up to 100% of the health plan deductible. For details on current contribution requirements and limitations visit IRS Tax Topic, Publication 969

Amounts contributed to an HSA belong to the account holder and are completely portable, that is to say an accountholder may move the account from one financial institution to another or from one employer to another. Contributions may be made by individuals, family members and employers. Employer contributions are made on a pre-tax basis and are not taxable to the employee. Employers are allowed to offer HSAs through a cafeteria plan. Funds in the account may grow tax-free through investment earnings, just like an IRA. Unlike amounts in Flexible Spending Arrangements that are forfeited if not used by end of year, unused funds remain available for use in later years. Upon death, HSA ownership may transfer to the spouse on a tax-free basis.

In order for a member to open an HSA, he or she must be an eligible individual. An eligible individual means an individual who:

  1. Is covered by a high deductible health plan (HDHP); and
  2. Is not also covered by any other health plan that is not an HDHP (with certain exceptions for plans providing certain types of limited coverage); and
  3. Is not enrolled in Medicare; and
  4. May not be claimed as a dependent on another person’s tax return.

A credit union:

  • Is responsible for opening the account for an individual only. However, contributions may be used for family purposes.
  • Is the guardian of the funds.
  • Must limit yearly deposits (contributions) to the highest cap allowable by the IRS.
  • Must report to the IRS evidence of contributions and distributions as custodian of the funds.

A credit union is not responsible for:

  • Verification of proper use of the funds.
  • Verification of a qualified health plan.

Click here to view the Health Savings Account topic.


Review the information today to help your credit union remain in compliance.


NEW: Revised RBC Rule Could be Unveiled in January, 2015

National Credit Union Administration Board Chair Debbie Matz announced that she will ask the board to consider a revised version of the risk-based capital proposal at its Jan. 15 open board meeting. Matz also said a 90-day public comment period would likely follow.

"During the six months since the comment period closed on the original proposed rule, we've taken the time to carefully review and methodically evaluate the many thoughtful comments received from stakeholders," Matz said. "We've also considered the input received during three Listening Sessions across the U.S. this summer. We're getting closer to issuing the revised proposed rule, which I now anticipate will be presented in January 2015--one year since the original proposed rule.

"To provide the public ample time to review this important safety and soundness rulemaking, I intend to support a 90-day comment period," she added.

The Credit Union National Association has strongly advocated for a reasonable comment period of at least 60 days, given the amount of structural changes that had been mentioned by NCUA, including longer implementation period and revised risk weights for mortgages, investments, member business loans, credit union service organizations and corporate credit unions.

More than 2,000 comments were received from credit unions, members of Congress and other stakeholders during the proposal's original comment period.

Source: CUNA News Now

What are the FFIEC Backups and Data Vaulting Requirements?

Keeping up with the multitude of options available for backups/data vaulting can be a challenging for even the most tech savvy credit union CIO. Not only are there different strategies (3-2-1, Full, Differential, Incremental, Mirroring, etc.) but other things like your existing infrastructure, location of storage options and RTO/RPO’s make this an especially difficult strategy to get right.

Sometimes the best place to start is at the beginning – determining what is required and building out from there with your specific credit union’s goals in mind. The FFIEC IT Handbook was developed to give financial institutions this type of leverage/knowledge to build solid IT foundations. Let’s look at what the FFIEC backup guidelines are and how you can use them to chart your way to DR success. (For reference, use the following link to access the FFIEC Handbook Appendix G.)

Backup Facilities

  • Recovery Site should be tested annually or when significant changes occur (as an IT Professional, it helps to read this as “MUST” and sometimes even “As a MINIMUM you must”).
  • Have greater protection (controls) than production facility
  • Should mirror operational functionality –essentially this means areas critical for operations that would need immediate activation at the back-up site
  • Should have geographic diversity – not on same power grid or within same strike zone

Backup and Storage Strategies

  • Should be based on your Business Impact Analysis (BIA) – criticality of the software and data files to the credit union’s operations.
  • Ranking of criticality should be based on risk assessment
    • The loss of these files would significantly impair the institution’s operations;
    • The files are being used to manage corporate assets or to make decisions regarding their use;
    • The files contain updated security and operating system configurations that would be necessary to resume operations in a secure manner;
    • The loss of the files would result in lost revenue; and
    • Any inaccuracy or data loss would result in significant impact on the institution (including reputation) or its customers.
  • Strategies such as electronic vaulting (data vaulting), journaling, replication, disk shadowing and mirroring are often employed to ensure the alternate site is operational at all times for immediate resumption of operations.

Data File Backup (Transactional Data Files)

  • Must be able to generate a recovery file that reflects all transactions up to the point of the service disruption.
  • The creations and rotation of core processing data backups should occur at least daily, more frequently if the volume of processing or online transaction activity warrants.

The FFIEC has much more to say on this critical topic and if you haven’t already done so, bookmark the FFIEC IT Handbook now to begin your review.



CUNA Seeks Input on NCUA’s Proposed Corporate Rule 

CUNA is asking credit unions to send us input on NCUA’s pending corporate credit union proposal. The proposed rule would make numerous changes to the definition section of part 704 and makes other more substantive changes to several sections. According to NCUA, it is meant to “streamline and clarify” the corporate credit union rule while adding a measure of regulatory relief. Click here for CUNA’s Regulatory Comment Call on the proposal; NCUA is accepting comments until January 5.


Regulatory Advocacy Report

The CUNA Regulatory Advocacy Report keeps you on top of the most important changes in Washington for credit unions--and what CUNA is doing to monitor, analyze, and influence government agencies and federal law. You can view the current report and past reports from the archive.

Compliance eNEWSLETTER

November 28, 2014
Vol. 8, Issue 46

Created in partnership with the

Credit Union National Association

Escrow Disclosures
As a part of the integrated mortgage requirements form the CFPB an Escrow Closing Disclosure must also be provided to members prior to their escrow account being closed. For a review of the disclosures and provision requirements please attend this CU Compliance Connection presentation.

Click here for the video.

November, 2014
  • November 27th, 2014: Thanksgiving Day - Federal Holiday
December, 2014 January, 2015


CUNA Enterprise Risk Management Certification Institute
December 8-11, 2014 • Las Vegas, NV

CUNA Webinars
CUNA offers hundreds of online training events that make it easy for you to learn right at your desk. Whether you are looking for a beginner course or want a comprehensive understanding on a specific topic, CUNA webinars, audio conferences and eSchools have what you need. Click here for updates on compliance, operations, lending topics and more!

Electronic Discovery in Litigation webinar 12-05-2014

IT Compliance and Enterprise Risk Management webinar 12-12-2014

Managing Credit Risk webinar (2014) 12-18-2014