NEW: Cybersecurity, CUSO registration top 2016 NCUA exam priorities

January 11, 2016

ALEXANDRIA, Va. (1/11/16, UPDATED 1:45 p.m. ET)--The new Cybersecurity Assessment Tool from the Federal Financial Institutions Examination Council (FFIEC) will  be incorporated into federal credit union examinations in the second half of 2016, the National Credit Union Administration (NCUA) announced this morning. The agency published, via a letter to credit unions (16-CU-01), its list of supervisory priorities for this year.

The assessment tool was released jointly by FFIEC member agencies in June 2015, and it is designed to provide a structured methodology for credit unions to manage information security and protect member information more effectively.

The NCUA has previously encouraged credit unions to manage cybersecurity risks, but the second half of this year will mark the first time it is incorporated into examinations.

Other priorities are:

  • Reviewing credit unions’ incident response programs in the event of unauthorized access to member information as part of the institution’s information security program;
  • Bank Secrecy Act compliance. NCUA field staff are required to review BSA compliance and complete the questionnaire at every examination;
  • Interest rate risk, particularly for credit unions holding high concentrations of long-term assets funded with short-term liabilities;
  • Compliance with the Truth in Lending Act-Real Estate Settlement Procedures Act integrated disclosure rule, which applies to real estate loans originated on or after Oct. 3, 2015; and
  • Credit union service organization (CUSO) reporting, which includes registering with the NCUA. Once the deadline to register has passed, examiners will check to ensure any CUSO a credit union has loaned to or invested in has registered with the NCUA.