Skip to main content
United States flag An official website of the United States government
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Financial Services Industry a Prime Target for Cyberattacks

October 2019
Financial Services Industry a Prime Target for Cyberattacks

Board Action Bulletin

NCUA Developing Multi-Year Plan to Combat Cyberthreats

ALEXANDRIA, Va. (Oct. 24, 2019) – The National Credit Union Administration Board held its ninth open meeting of 2019 at the agency’s headquarters today and unanimously approved two items:

  • A proposed rule amending the agency’s chartering and field-of-membership regulations in accordance with an August 2019 appellate court decision.
  • A final rule allowing federally insured credit unions to accept a greater amount of public unit and nonmember shares.

The Office of Examination and Insurance and the special advisor to the Chairman for cybersecurity briefed the Board on cybersecurity challenges and opportunities.

NCUA Planning Major Training and Information Effort on Cybersecurity

The financial services industry, including credit unions, is a major target for hackers, thieves, and other threats, and the NCUA is developing a long-term plan to provide training and information to better prepare the agency and credit unions to meet those threats.

NCUA’s Office of Examination and Insurance and Chairman Rodney E. Hood’s special advisor on cybersecurity presented the Board with a briefing on cybersecurity issues.

“Nearly every day, we see the growing sophistication of hackers, thieves, and terrorists,” Chairman Hood said. “We need to bring fresh thinking to our regulatory approach; it is essential we strike a balance between innovation and security. We at the NCUA are determined to be a leader in identifying and responding to cyberthreats. Credit unions are on the front line against any cybersecurity incident. Protecting the credit union system’s IT infrastructure requires a public-private partnership, and we want to work together with you to make sure that your credit unions and your members are protected.”

The NCUA has initiated a new examination program for cybersecurity, which is being continually enhanced. In developing their own cybersecurity plans, credit unions should pay particular attention to maintaining strong security controls and be prepared to respond to cyberattacks.

Cybersecurity has been an agency supervisory priority for many years, with a current emphasis on four areas:

  • Advancing consistency, transparency and accountability within the cybersecurity examination program;
  • Encouraging due diligence for supply chain and third-party service provider management at credit unions;
  • Assisting institutions with resources to improve operational hygiene and resilience; and
  • Ensuring NCUA’s systems and collected, controlled, unclassified information are secure.

The NCUA maintains a cybersecurity resources webpage to provide credit unions with important information, including regulations and guidance, about protecting themselves and their members from cyberthreats.

Proposed Rule Would Implement Appeals Court Field-of-Membership Decision

Credit unions seeking a federal charter or a charter change would benefit from a proposed rule the Board approved that amends the agency’s field-of-membership regulations.

These changes would implement an August 2019 opinion issued by the District of Columbia Circuit Court of Appeals. The proposed rule would provide greater access to financial services and more consumer choice.

Credit unions applying for a federal charter or charter change would be allowed to designate a combined statistical area or an individual contiguous portion of such an area, as a well-defined local community, provided the chosen area has a population of 2.5 million or less.

The proposed rule also provides further explanation and support for the agency’s decision to eliminate the requirement in its 2016 final rule that a field-of-membership serve a core-based statistical area.

Finally, the proposed rule would clarify existing requirements in the agency’s field-of-membership regulations and add an explicit provision to address concerns about potential discrimination in the field-of-membership selection process in combined statistical areas and core-based statistical areas.

Comments on the proposed rule must be received within 30 days after publication in the Federal Register.

Final Rule Allows Higher Public Unit and Nonmember Shares

Federally insured credit unions, especially smaller credit unions, will have greater flexibility in managing liquidity under a final rule approved by the Board.

The final rule, part of the agency’s regulatory reform agenda, will become effective 90 days after publication in the Federal Register.

A federally insured credit union will be able to accept public unit and nonmember shares in an amount up to 50 percent of the credit union’s net amount of paid-in and unimpaired capital and surplus, less any public unit or nonmember shares, or $3 million, whichever is greater.

A federally insured credit union will be required to develop, maintain, and make available for examination a specific use plan if its public unit and nonmember shares, combined with its borrowings, exceeds 70 percent of paid-in and unimpaired capital and surplus.

The NCUA tweets all open Board meetings live. Follow @TheNCUA on Twitter, and access Board Action Memorandums and NCUA rule changes at The NCUA also live streams, archives and posts videos of open Board meetings online.

Last modified on