"Absolutely. Of course, I don't expect to hear from them, 'thank you.' I don't see this rule as something that most credit unions would welcome, not because they're going to be adversely affected, because the vast majority of credit unions won't be, but I think it's just the fear of a new regulation that they're not familiar with," Matz said. "I think once they have to deal with it, I think they will realize that there really wasn't much to be concerned about because the vast majority of credit unions won't be immediately impacted by it."

NCUA Board Member Rick Metsger said no one should be surprised by the content of the revised risk-based capital proposal.

"No one who has followed this issue when the proposal is issued will see anything that is surprising to them. It will be issues that they have commented on over and over again, and they will certainly see the results of some of the thoughtful comments, which will embedded in the proposal," Metsger said.

The proposal will be fair and equitable and provide a more accurate evaluation of the risks of individual credit unions, he noted.

"[And] that will be to the benefit of all the credit unions who, at the end of the day, pay the tabs when someone moves outside the lines of proper safety and soundness," Metsger said.

The NCUA is also planning to finalize the fixed assets rule in 2015, which would require credit unions to put together a fixed-asset management plan instead of going through the existing waiver process.

Matz also said she would like the agency to propose a rule dealing with the member business lending waiver process.

"My intent in modernizing our member business lending regulation is to essentially remove all limits on MBLs except for those limits that are imposed by statute," she said.

The proposal would eliminate the need for loan-by-loan waivers and blanket waivers on issues such as personal guarantees, loan-to-value ratios and other underwriting criteria.

"So, decisions on whether to require personal guarantees or minimum collateral on each MBL would be based on policies of each credit union," Matz said. "These policies would be evaluated during the examination process, rather than restricted by regulation. These changes would be consistent with feedback I've received during my listening sessions and many other meetings with credit union officials around the country."

Based on comments from credit union leaders in the Dakotas, Matz said she would propose to end unnecessary restrictions on construction and development loans.

NCUA Board Member J. Mark McWatters said "liberalizing" the MBL waiver process is one of his top priorities in 2015.

"NCUA should undertake a progressive review of its MBL regulations so as to afford the credit union community a greater opportunity to extend job-creating small business loans," he said.

Read more: McWatters pushes for cost-benefit accountability …

McWatters also said he would like the NCUA to adopt a set of best practices for cost-benefit analysis.

"NCUA should undertake an analysis of the methodology employed by the other banking agencies in conducting their cost benefit analysis and establish a system of best practices by which to implement NCUA's program in a transparent and fully accountable manner," he said.

The NCUA is also considering raising the definition of small credit unions to above $50 million, which would exempt more credit unions from risk-based capital, interest rate risk and the liquidity rule, Matz said.

"I'm not sure where we'll wind up but as credit unions become more complex and larger, it gives us more of an opportunity to raise the threshold of what constitutes a small credit union," she explained.

In addition, the NCUA is going to consider supplemental capital and field of membership changes depending on the recommendations from the agency's working groups. Metsger said FOM issues are one of his top priorities in 2015.

"Chartering and expanding the field of membership of a credit union has become too complex and bureaucratic," he said. "There are increasing inequities between state and federal charters and also between what is permitted as a result of a merger versus regulatory chartering and expansion. So, we need to bring greater consistency to the field of membership decisions and to simplify the process for credit unions."

While the agency does not have the authority to change requirements that are set in statue, Metsger said the NCUA could simplify its own recommendations and encourage Congress to pass legislation that would remove unwanted barriers to credit union membership.

"I believe all consumers should have the ability to choose a not-for-profit cooperative, credit unions, as a financial services provider," he said.

In the area of cybersecurity, the NCUA is contemplating proposing a rule that would require credit unions to encrypt the data provided to examiners in response to the examiner who lost a flash drive with members' personal information, Matz said.

The incident occurred during an examination of the $13 million Palm Springs Federal Credit Union in Palm Springs, Calif.

"We are contemplating a rule, which would require encryption, but we're not at the point where I can say we're going in that direction yet but it's clearly something we're thinking about. Short of requiring it, we're really struggling trying to figure out how to prevent data breaches. That's a very fundamental thing to do, to make sure that if the data is lost or stolen that members' confidential information is protected," Matz said.

The NCUA does not like putting out more regulations than necessary, she added, but the agency is struggling to determine if there's another way to address the issue.

"Of course, we're always willing to hear suggestions from the credit union community about how to proceed," Matz said.

Meanwhile, the agency would decide the best way to proceed after the conclusion of the NCUA Inspector General's investigation.

When asked if the NCUA should have alerted the public as soon as the flash drive was lost, Matz said the agency very carefully followed the U.S. Office of Management and Budget guidance, "Recommendations for Identity Theft Related Data Breach Notification."

"There's nothing to be gained from publicizing this type of low-level breach because one, it could encourage criminals to approach these individuals and to try to sell them breach protection or other things or try to get information from them," Matz said. "I mean, it really does encourage criminal behavior, and there's really not a benefit to be gained by publicizing it widely."

Matz said the NCUA followed protocol after the flash drive was lost.

"It was an unfortunate situation. We do not know what happened to that thumb drive. We don't know if it was accidently discarded or if it is still sitting in somebody's pocket somewhere," she said.

The NCUA has agreed to bear any costs of providing data protection to the affected members but there has been no sign of unauthorized use of the data, according to Matz.

She was asked for an estimate of the total cost the agency would have to pay as a result of the incident.

"It's very low actually. There are 1,600 members who might have been affected by this and whatever the cost of the protection is, I'm guessing $30 or $40 a year per person so we're not talking about a lot of money, we're talking about probably $15,000-$20,000 at most," Matz estimated. "It's a relatively small amount but whatever it is, we've agreed to cover it."