ALEXANDRIA, Va. (1/12/16)--The new Cybersecurity Assessment Tool from the Federal Financial Institutions Examination Council (FFIEC) will be incorporated into federal credit union examinations in the second half of 2016, the National Credit Union Administration (NCUA) announced Monday.
The agency published, via a letter to credit unions (16-CU-01), its list of supervisory priorities for this year.
“NCUA field staff will continue to use the streamlined small credit union exam program procedures for credit unions with assets up to $50 million and CAMEL ratings of 1, 2, or 3,” the letter reads. “For all other credit unions, field staff will conduct risk-focused examinations, which concentrate on the areas of highest risk, new products and services, and compliance with federal regulations.”
The assessment tool was released jointly by FFIEC member agencies in June 2015. It is designed to provide a structured methodology for credit unions to manage information security and protect member information more effectively.
The NCUA has previously encouraged credit unions to manage cybersecurity risks, but the second half of this year will mark the first time it is incorporated into examinations.
The agency also noted that examiners will be verifying that credit unions holding money-services businesses (MSB) accounts meet the agency’s minimum expectations as described in Bank Secrecy Act (BSA) regulations. The Credit Union National Association’s CompBlog looked into MSB expectations in an entry Monday.
Other priorities are: