Newsroom
September 15, 2016
NCUA talks cyber, reaffirms FFIEC tool is voluntary
NCUA continues to educate and train its examiners in the area of cybersecurity, hopes to improve its tools and processes early in the third quarter of 2017 and plans to roll out updated processes by the following quarter, agency staff told the NCUA Board Thursday.
Thursday's open meeting included no regulatory action. The only two items up were the cybersecurity briefing and a quarterly report on the Temporary Corporate Credit Union Stabilization Fund.
During the cybersecurity briefing, Tim Segerson, deputy director of the Office of Examination and Insurance, and Wayne Trout, supervisor of the Division of Critical Infrastructure and Cybersecurity, provided an update on use of the Federal Financial Institutions Examination Council's cybersecurity tool. They noted the tool remains voluntary for credit unions. To be clear, they said they don't have any expectations that credit unions are using the tool to determine their cybersecurity positions.
"With the agency's recently adopted use of the [FFIEC] Cybersecurity Assessment Tool during credit union exams, we are gratified the agency has heeded our concerns and plans to keep the use of the tool voluntary for credit unions," said NAFCU Executive Vice President of Government Affairs and General Counsel Carrie Hunt.
Segerson and Trout explained that credit unions' cybersecurity exams will vary and might include a routine look at the cybersecurity assessment tool and a privacy and payment systems assessment. More specialized, risk-focused cyber reviews will dive deeper into these areas using structured NCUA or FFIEC tools.
The two also said examiners will scale their cyber reviews based on their understanding of credit unions' risk. Segerson and Trout said they plan to collect assessments on all institutions over a multiyear period to understand industry trends and adjust exam strategies.
Regarding the corporate stabilization fund, credit unions have paid a total of $4.8 billion in stabilization assessments. NCUA is looking at a potential rebate to credit unions after the fund winds down in June 2021 and the NCUA Guaranteed Notes program concludes.
NCUA has recovered more than $3.1 billion in litigation related to the sale of faulty securities sold to corporate credit unions.
Thursday's open meeting included no regulatory action. The only two items up were the cybersecurity briefing and a quarterly report on the Temporary Corporate Credit Union Stabilization Fund.
During the cybersecurity briefing, Tim Segerson, deputy director of the Office of Examination and Insurance, and Wayne Trout, supervisor of the Division of Critical Infrastructure and Cybersecurity, provided an update on use of the Federal Financial Institutions Examination Council's cybersecurity tool. They noted the tool remains voluntary for credit unions. To be clear, they said they don't have any expectations that credit unions are using the tool to determine their cybersecurity positions.
"With the agency's recently adopted use of the [FFIEC] Cybersecurity Assessment Tool during credit union exams, we are gratified the agency has heeded our concerns and plans to keep the use of the tool voluntary for credit unions," said NAFCU Executive Vice President of Government Affairs and General Counsel Carrie Hunt.
Segerson and Trout explained that credit unions' cybersecurity exams will vary and might include a routine look at the cybersecurity assessment tool and a privacy and payment systems assessment. More specialized, risk-focused cyber reviews will dive deeper into these areas using structured NCUA or FFIEC tools.
The two also said examiners will scale their cyber reviews based on their understanding of credit unions' risk. Segerson and Trout said they plan to collect assessments on all institutions over a multiyear period to understand industry trends and adjust exam strategies.
Regarding the corporate stabilization fund, credit unions have paid a total of $4.8 billion in stabilization assessments. NCUA is looking at a potential rebate to credit unions after the fund winds down in June 2021 and the NCUA Guaranteed Notes program concludes.
NCUA has recovered more than $3.1 billion in litigation related to the sale of faulty securities sold to corporate credit unions.
Share This
Related Resources
Data Privacy Issue Brief
Whitepapers
Data Privacy Issue Brief
Whitepapers
NAFCU Data Privacy Principles
Whitepapers
Compliance Monitor - August 2018
Newsletter
Get daily updates.
Subscribe to NAFCU today.