June 2025

The content was updated to improve readability and to clarify that Regulation E protections are generally not applicable to business purpose (corporate) accounts. 

•  4125.10 - Corporate Account Takeover (REDLINED).docx

May 2025

This update includes 9 policy updates and 1 new procedure. A few policy revisions are around Succession Planning as a result of the NCUA's Final Rule that becomes effective on January 1, 2026. Additional updates were made to the Enterprise Risk Management, Third-Party Vendor Due Diligence and Oversight, as well as Real Estate Appraisals Appendices policies. Changes were also made to comply with the FTC updates impacting the Children's Online Privacy Protection Act.

•  Overview of Changes - May 2025.docx
•  1240 - Enterprise Risk Management (REDLINED).docx
•  1520 - Succession Planning (REDLINED).docx
•  1520.10 - Succession Plan (REDLINED).docx
•  1520.20 - Associate Board Member (NEW).docx
•  2145 - Office of Foreign Assets Control (REDLINED).docx
•  2185 - Vendor Management (REDLINED).docx
•  2205 - Unlawful Internet Gambling (REDLINED).docx
•  2223 - COPPA (REDLINED).docx
•  7140 - Loan Add On Products (REDLINED).docx
•  7303 - Real Estate Appraisals Appendices (REDLINED).docx

February 2025

This brief update includes revisions to the OFAC Policy (2145) and the Security Record Retention table (10010) for certain OFAC blocked property records from five years to 10 years based on a regulatory change effective on March 12, 2025.

•  CU PolicyPro Update Overview February 2025.docx
•  2145 Office of Foreign Assets Control (REDLINED).docx
•  10010 Record Retention - Security Records (REDLINED).docx

December 2024

This update contains 12 policy updates, many in response to annual threshold changes including updates to Regulation Z, consumer leasing, HSA contribution limits, HMDA asset size exemption, reserve requirements, residential real estate loans and appraisals, ability to repay, and the Home Ownership and Equity Protection Act.

•  December Overview 2024.docx
•  2210.14 - Health Savings Accounts (REDLINED).docx
•  2400 - Reg CC - Funds Availability (REDLINED).docx
•  2615.11 - Real Time Payments Risk and Controls (NEW).docx
•  4120 - Information Security (REDLINED).docx
•  4125 - Incident Response (REDLINED).docx
•  7302 - Real Estate Appraisals (REDLINED).docx
•  7330 - Residential Real Estate Loans (REDLINED).docx
•  7350 - Ability to Repay (REDLINED).docx
•  7351 - Small Creditor Ability to Repay (REDLINED).docx
•  7370 - HOEPA Rule (REDLINED).docx
•  9200 - Regulation C Home Mortgage Disclosure Act (REDLINED).docx
•  9220 - Home Ownership and Equity Protection Act (REDLINED).docx
•  9420 - Regulation D (REDLINED).docx

January 2025

The NCUA has new cyber incident reporting requirements and an updated webform to make these reports. Sections 1640 and 1654 were updated in response to the availability of the new webform.

•  January 2025 Overview RecoveryPro.docx
•  1640 - Cyber Incident Contacts (REDLINE).docx
•  1654 - Cyber Incident Reporting (REDLINE).docx

November 2024

Several sections of the Cyber Incident Response content had minor updates due to recent examiner feedback. One new section (1663: NCUA Guidance – SAR Reporting in a Cyber Incident) was added to the Model BCP.

•  November 2024 Overview RecoveryPro.docx
•  1600 - Introduction (REDLINED).docx
•  1640 - Cyber Incident Contacts (REDLINED).docx
•  1663 - NCUA Guidance - SAR Reporting in a Cyber Incident (NEW CONTENT).docx
•  1671 - Cyber Incident Scenario Examples (RECLINED).docx
•  1673 - Full Cyber Incident Life Cycle (REDLINED).docx