The NCUA Board discussed the latest on cybersecurity and the Central Liquidity Facility at its Thursday meeting. It also approved the agency’s Enterprise Risk Appetite Statement, a management tool that provides guidance from agency leadership to managers and staff on the amount of risk the NCUA is willing to undertake in pursuit of its objectives.
The CLF briefing covered liquidity and contingency funding plans, liquidity sources and needs, as well as enhancements to the CLF’s processes and structures to ensure it can serve as an effective liquidity backstop for the credit union system should the need arise.
In the third quarter the CLF has:
The cybersecurity briefing covered ransomware, cloud migration, and distributed denial-of-service attacks as contributing to a dynamic threat landscape creating creates evolving risks.
The briefing also outlined good cyber hygiene practices, summarized the NCUA’s proposed cyber incident reporting rule, and provided an update on the NCUA’s Information Security Examination (ISE) program.
ISE offers flexibility for credit unions of all asset sizes and complexity levels while providing examiners with standardized review steps to facilitate advanced data collection and analysis.
The NCUA’s Enterprise Risk Management Council developed its risk appetite statement through consideration and evaluation and focused on several goals.