news.cuna.org/articles/106672-compliance-a-deeper-dive-into-cybersecurity-assessment-tool

Compliance: A deeper dive into cybersecurity assessment tool

July 8, 2015

WASHINGTON (7/8/15)--CUNA compliance staff met with National Credit Union Administration staff this week to discuss the details of the new Cybersecurity Assessment Tool issued by the Federal Financial Institutions Examination Council (FFIEC).

The tool was released nationally last week, after a pilot program that included credit unions took place last summer.

CUNA Chief Compliance Officer Jared Ihrig--along with CUNA compliance and advocacy experts Valerie Moss, Nancy DeGrandi and Lance Noggle--met with Tim Segerson, deputy director for the NCUA’s Office of Examination and Insurance.

Credit unions are not required to use the assessment; however NCUA examiners will receive training on the tool in the coming months, and required use of the tool could follow.

The NCUA encourages credit unions to familiarize themselves with the new tool, which can be used to perform a self-assessment and evaluate risk management strategies.

CUNA’s CompBlog provides a deeper look into the new assessment tool, which consists of two parts:

  • Inherent risk profile: Identifies the institution’s inherent risk before implementing controls; and
     
  • Cybersecurity maturity: Designed to help management measure the credit union’s level of risk and corresponding controls.

CompBlog has also released its monthly CompBlog Wrap-Up, featuring the top information from June. The Wrap-Up includes:

  • A breakdown of the NCUA’s recently proposed member business lending rule, flood insurance regulations, diversity standards and more;
     
  • A look at the Consumer Financial Protection Bureau’s reverse mortgage study, consumer complaint database, private student loans report and more;
     
  • CUNA compliance staff Q-and-As on the upcoming Truth in Lending Act-Real Estate Settlement Procedures Act integrated disclosures rule; and
     
  • A breakdown of a recent $4.5 million Bank Secrecy Act violation penalty.