The NCUA board received a briefing on cybersecurity in the credit union system at Thursday’s board meeting, outlining many examination procedures that are in the process of being adopted by the agency. The examination tools that will be utilized by examiners are largely based on these efforts, and the new procedures will likely be rolled out during the 3rd and 4th quarter of 2017.
“We encourage NCUA to be as transparent as possible while finalizing the exam standards so that credit unions can have certainty with what to expect," said Elizabeth Eurgubian, CUNA’s deputy chief advocacy officer. “We’re pleased the NCUA continues to view the Federal Financial Institutions Examination Council’s (FFIEC) cybersecurity assessment tool as voluntary, and hope the agency continues working to reduce the examination burden on credit unions.”
While the FFIEC’s assessment tool is voluntary, NCUA staff said examiners will look at various principles used by the tool to ensure security issues are being adequately met by credit unions.
“While our examination procedures mirror the tool, it’s not the expectation of the NCUA that all credit unions use it,” said Tim Segerson, deputy director of the NCUA’s Office of Examination and Insurance. “We do expect credit unions’ risk management to be appropriate with the institution’s size, complexity and overall risk profile.”
Segerson added that the long-term goal for the NCUA is to perform periodic reviews using a structured cybersecurity assessment tool in all credit unions.
The board also received a quarterly update on the Temporary Corporate Credit Union Stabilization Fund. The report showed income of $8.4 million and net income of $425.7 million for the quarter ending June 30.
The balance sheet indicated total assets and liabilities of $2.045 billion with the fund balance with Treasury and Investments down to $138.9 million from the previous $274.6 million.