December 16, 2020

NAFCU, member CUs share industry perspective on cybersecurity with Treasury

treasurySeveral NAFCU-member credit unions and association staff met with officials from the Treasury Department Tuesday to share the credit union perspective on, as well as observations related to, cybersecurity.

NAFCU Director of Regulatory Affairs Ann Kossachev, Senior Regulatory Counsel Elizabeth LaBerge, Senior Regulatory Affairs Counsel Kaley Schafer, and Senior Counsel for Research and Policy Andrew Morris attended the teleconference meeting, alongside:

  • Tower Federal Credit Union Senior Vice President and Chief Information Officer James Burner;
  • ESL Federal Credit Union Manager - Information Security Matthew Davis;
  • Michigan State Federal Credit Union Chief Risk Officer Jim Hunsanger; and
  • Firstmark Credit Union CEO Nathanael Tarwasokono.

During the discussion, NAFCU and the credit unions highlighted insights from the association's 2020 NAFCU Report on Credit Unions, which found on average 7.2 percent of credit unions' current operating budgets is devoted to cybersecurity. This represents a 225 percent increase in average spending over 2015.

The report also found that over the next three years, 94 percent of credit unions who participated in the survey intend to further increase spending in information technology (IT) with 63 percent identifying IT and cyber risk as a significant risk management concern over the next three years.

Additionally, the group discussed technical resources available to credit unions and issues related to interagency coordination on rulemakings, including the CFPB's recent proposals to implement section 1033 of the Dodd-Frank Act.

NAFCU highlighted that the rulemaking could have significant data security ramifications for financial institutions and has previously urged the bureau to refrain from developing any rule that could potentially interfere with bilateral agreements that currently govern structured data sharing requests with third parties.

NAFCU is working to ensure credit unions have access to the resources they need to stay on top of cybersecurity issues. The association's complimentary, member-only network – the Cybersecurity & IT Network – aims to bring industry professionals together to connect on ways to better protect members' financial data and strengthen systems.

NAFCU and its member credit unions will remain engaged with administration officials, lawmakers, and regulators to advocate for additional regulatory relief. See the 12 issues NAFCU has urged policymakers to take immediate action on.