NCUA board briefed on PCA rule, cybersecurity trends

April 22, 2021

NCUA’s Interim Final Rule published Monday is designed to ensure that federally insured credit unions remain operational and liquid during the COVID-19 pandemic, according to NCUA staff.

Staff briefed the NCUA board on the rule at its Thursday meeting.

Specifically, it makes two temporary changes to Prompt Corrective Action (PCA) requirements:

  • Temporarily enables the NCUA Board to issue an order applicable to all federally insured credit unions to waive the earnings-retention requirement for any federally insured credit union that is classified as adequately capitalized.
  • Modifies regulations regarding the specific documentation required for net worth restoration plans (NWRPs) for federally insured credit unions that become undercapitalized.

These temporary modifications will be in place until March 31, 2022.

CUNA and Leagues have engaged with NCUA over the past year to secure PCA flexibility, as detailed in CUNA’s Removing Barriers Blog.

The board also heard a briefing on credit union cybersecurity from agency staff. Per the briefing, top threats for credit unions are:

  • Historical threats such as:
    • Ransomware
    • Malware/Phishing
    • Identity Theft
    • Denial of Service
    • ATM Skimming
  • Pandemic Themed Attacks
  • Supply Chain Attacks

Top mitigation trends include:

  • Organizational awareness and training
  • Dynamic asset and access awareness
  • Effective security controls
  • Security product/service consolidation
  • Enhanced remote user security emphasis
  • Breach and attack simulation
  • Continuous monitoring (rapid detection and response)

Low-income credit unions can apply for $7,000 grants to strengthen cybersecurity defenses through NCUA’s 2021 Community Development Revolving Loan Fun from May 3 to June 26.