NCUA board briefed on CLF, cybersecurity, issues risk appetite statement

October 20, 2022

The NCUA Board discussed the latest on cybersecurity and the Central Liquidity Facility at its Thursday meeting. It also approved the agency’s Enterprise Risk Appetite Statement, a management tool that provides guidance from agency leadership to managers and staff on the amount of risk the NCUA is willing to undertake in pursuit of its objectives.

The CLF briefing covered liquidity and contingency funding plans, liquidity sources and needs, as well as enhancements to the CLF’s processes and structures to ensure it can serve as an effective liquidity backstop for the credit union system should the need arise.

In the third quarter the CLF has:

  • $1.243 billion in total assets.
  • $1.1 million in year-to-date net income.
  • $40.5 million in retained earnings.
  • 2.24% dividend paid to members of the CLF in the third quarter.
  • Access from 3,991 corporate credit unions and consumer credit unions.
  • $29.1 billion in borrowing authority.

The cybersecurity briefing covered ransomware, cloud migration, and distributed denial-of-service attacks as contributing to a dynamic threat landscape creating creates evolving risks.

The briefing also outlined good cyber hygiene practices, summarized the NCUA’s proposed cyber incident reporting rule, and provided an update on the NCUA’s Information Security Examination (ISE) program.

ISE offers flexibility for credit unions of all asset sizes and complexity levels while providing examiners with standardized review steps to facilitate advanced data collection and analysis.

The NCUA’s Enterprise Risk Management Council developed its risk appetite statement through consideration and evaluation and focused on several goals.

  • Communicating guidelines about the levels of risk the NCUA is willing to accept in pursuit of its mission and goals.
  • Promoting consistency in understanding, measuring, and managing risk across the enterprise.
  • Informing agency responses to risks and decision-making to balance limited time and resources.
  • Driving a more risk-aware culture.

Additional analysis of the meeting can be found at CUNA’s Removing Barriers Blog and CompBlog, or NCUA’s Board Action Bulletin.