NCUA adjusts ONES supervision threshold, issues cyber incident proposal

The NCUA board approved its final asset threshold supervision rule and issued a proposal on cyber incident reporting at its meeting Thursday. The board also heard a briefing on the 2022 mid-session budget.

The asset threshold rule increases the threshold for supervision by NCUA’s Office of National Examinations and Supervision (ONES) $15 billion in total assets (up from $10 billion). Credit unions with between $10 billion and less than $15 billion will be supervised by their regional office.

According to agency staff, the number of credit unions supervised by ONES would almost double in 2023 if this rule was not finalized.

CUNA largely supported NCUA’s asset threshold rule as proposed.

The cyber incident proposal would require federally insured credit unions to notify NCUA as soon as possible—but no later than 72 hours—after they reasonably believe a reportable cyber incident has occurred.

This requirement provides an early alert to the NCUA and does not require credit unions to provide a full incident assessment to the NCUA within the 72-hour timeframe.

Comments on the proposal will be due within 60 days of its publication in the Federal Register.

The budget briefing showed:

• The estimated Operating Budget surplus for 2022 is projected to be around $18 million.
• The Capital Budget is 65% obligated thru May with no reported surplus/shortages.
• The Share Insurance Fund Admin budget projected to have small surplus of about $0.6 million.

Much of the surplus came from pay and benefits ($9 million), travel ($9.3 million).

NCUA staff did not recommend a board action to adjust the approved 2022 budgets.