Board Action Bulletin
NCUA Developing Multi-Year Plan to Combat Cyberthreats
ALEXANDRIA, Va. (Oct. 24, 2019) – The National Credit Union Administration Board held its ninth open meeting of 2019 at the agency’s headquarters today and unanimously approved two items:
- A proposed rule amending the agency’s chartering and field-of-membership regulations in accordance with an August 2019 appellate court decision.
- A final rule allowing federally insured credit unions to accept a greater amount of public unit and nonmember shares.
The Office of Examination and Insurance and the special advisor to the Chairman for cybersecurity briefed the Board on cybersecurity challenges and opportunities.
NCUA Planning Major Training and Information Effort on Cybersecurity
The financial services industry, including credit unions, is a major target for hackers, thieves, and other threats, and the NCUA is developing a long-term plan to provide training and information to better prepare the agency and credit unions to meet those threats.
NCUA’s Office of Examination and Insurance and Chairman Rodney E. Hood’s special advisor on cybersecurity presented the Board with a briefing on cybersecurity issues (opens new window).
“Nearly every day, we see the growing sophistication of hackers, thieves, and terrorists,” Chairman Hood said. “We need to bring fresh thinking to our regulatory approach; it is essential we strike a balance between innovation and security. We at the NCUA are determined to be a leader in identifying and responding to cyberthreats. Credit unions are on the front line against any cybersecurity incident. Protecting the credit union system’s IT infrastructure requires a public-private partnership, and we want to work together with you to make sure that your credit unions and your members are protected.”
The NCUA has initiated a new examination program for cybersecurity, which is being continually enhanced. In developing their own cybersecurity plans, credit unions should pay particular attention to maintaining strong security controls and be prepared to respond to cyberattacks.
Cybersecurity has been an agency supervisory priority for many years, with a current emphasis on four areas:
- Advancing consistency, transparency and accountability within the cybersecurity examination program;
- Encouraging due diligence for supply chain and third-party service provider management at credit unions;
- Assisting institutions with resources to improve operational hygiene and resilience; and
- Ensuring NCUA’s systems and collected, controlled, unclassified information are secure.
The NCUA maintains a cybersecurity resources webpage to provide credit unions with important information, including regulations and guidance, about protecting themselves and their members from cyberthreats.
Proposed Rule Would Implement Appeals Court Field-of-Membership Decision
Credit unions seeking a federal charter or a charter change would benefit from a proposed rule the Board approved that amends the agency’s field-of-membership regulations.
These changes would implement an August 2019 opinion issued by the District of Columbia Circuit Court of Appeals. The proposed rule would provide greater access to financial services and more consumer choice.
Credit unions applying for a federal charter or charter change would be allowed to designate a combined statistical area or an individual contiguous portion of such an area, as a well-defined local community, provided the chosen area has a population of 2.5 million or less.
The proposed rule also provides further explanation and support for the agency’s decision to eliminate the requirement in its 2016 final rule (opens new window) that a field-of-membership serve a core-based statistical area.
Finally, the proposed rule would clarify existing requirements in the agency’s field-of-membership regulations and add an explicit provision to address concerns about potential discrimination in the field-of-membership selection process in combined statistical areas and core-based statistical areas.
Comments on the proposed rule (opens new window) must be received within 30 days after publication in the Federal Register.
Final Rule Allows Higher Public Unit and Nonmember Shares
Federally insured credit unions, especially smaller credit unions, will have greater flexibility in managing liquidity under a final rule approved by the Board.
The final rule (opens new window), part of the agency’s regulatory reform agenda, will become effective 90 days after publication in the Federal Register.
A federally insured credit union will be able to accept public unit and nonmember shares in an amount up to 50 percent of the credit union’s net amount of paid-in and unimpaired capital and surplus, less any public unit or nonmember shares, or $3 million, whichever is greater.
A federally insured credit union will be required to develop, maintain, and make available for examination a specific use plan if its public unit and nonmember shares, combined with its borrowings, exceeds 70 percent of paid-in and unimpaired capital and surplus.
The NCUA tweets all open Board meetings live. Follow @TheNCUA (opens new window) (You will be leaving NCUA.gov and accessing a non-NCUA website. We encourage you to read the NCUA's exit link policies. (opens new page).) on Twitter, and access Board Action Memorandums and NCUA rule changes at www.ncua.gov. The NCUA also live streams, archives and posts videos of open Board meetings online.