ARLINGTON, Va. (11/17/14)--An assessment conducted over the summer by the Federal Financial Institutions Examination Council (FFIEC) to evaluate financial institutions' preparedness to mitigate cybersecurity risks could have a bearing on future National Credit Union Administration examinations.
That is according to Tim Segerson, deputy director of the agency's Office of Examination and Insurance, who spoke at the inaugural Credit Union Cybersecurity Symposium about the approach the NCUA is taking when it comes to the increasing threat of cyberattacks.
|Tim Segerson, deputy director of the NCUA's Office of Examination and Insurance, speaks at the inaugural Credit Union Cybersecurity Symposium. (CUNA Photo)|
While the NCUA's current program remains policy, Segerson said that since cybersecurity is among the top priorities for the agency every year, it could have an increased role in how it looks at credit unions.
"Right now we are not making radical changes to our process. Our goal here is to be efficient and effective. And part of what we want to do is make sure that whatever we do is well-coordinated with our counterparts in the banking system," he said. "We are essentially working to align the changes we plan with our banking counterparts, and we're in the process evaluating what we worked on this summer, developing a game plan to go into 2015 and beyond based on that assessment."
The assessment included more than 500 financial institutions, and according to Segerson, credit unions made up more than half of those institutions.
"This summer was a test run. The purpose of the test run was to see how the tool fared, to get some initial information about how the industry looks and then to develop some plans," he said. "Part of this will include training and developing new exam procedures, and you can expect to see some guidance as well. Pretty much the only regulation we have this time dealing with cybersecurity is Part 748, and one of the things we'll be doing is make sure our examiners are focusing on that."
The NCUA prepares a list of areas it plans to focus on at the start of each year, and according to Segerson, cybersecurity was No. 2 for 2014.
"I expect cybersecurity will be a part of that list in 2015 as well," he said, adding that the agency is looking at moving toward a more comprehensive cyber review process.
The Credit Union Cybersecurity Symposium was held Thursday and Friday in Arlington, Va., by the National Association of State Credit Union Supervisors and the Credit Union National Association.