NCUA Updating Exams for Cybersecurity and MDI Preservation
The NCUA is updating exams related to both cybersecurity and Minority Depository Institutions, it was revealed at its April board meeting. Learn why.
Moves revealed and detailed in briefings at NCUA April board meeting.
The National Credit Union Administration (NCUA) is updating its examinations to address two high priorities—fostering Minority Depository Institutions (MDIs) and countering cybersecurity threats—officials told the NCUA board Thursday at its monthly open meeting.
The agency is adjusting metrics in its examinations to ensure MDIs are compared with other MDIs rather than non-minority institutions, explained Miguel Polanco, the NCUA’s director of the Office of Minority and Women Inclusion, in his briefing to the board.
And on cybersecurity, Ernest B. Chambers Jr., director of the Critical Infrastructure Division, said the agency is continuing to fine-tune its Information Security Examination to take into account current cybersecurity threats.
Supporting Minority Depository Institutions
Polanco said his office is developing ways to take into account the unique nature of MDIs and revealed the NCUA is currently conducting two studies: one to examine MDI supervision and examination, and a second to explore MDI preservation.
He also explained the agency has added an MDI choice to the credit union locator on its website.
NCUA Chairman Todd Harper noted other banking agencies do not use peer size metrics in assessing MDIs because those institutions have a different business model, which makes it difficult to compare them to credit unions of a similar size.
Polanco said the agency is developing specific measurements for MDIs.
Board member Rodney Hood suggested the agency explore ways to provide particular benefits to MDIs similar to those afforded Low-Income Designated Credit Unions.
Board Vice Chairman Kyle Hauptman said he is concerned the agency is concentrating too much on ensuring there is diversity among its own employees, while at the same time neglecting efforts to ensure there is sufficient diversity across the entire credit union industry.
“In order to maintain that diversity among credit unions, including more recent immigrant groups, I feel NCUA should also focus its [broader diversity, equity and inclusion] efforts on how our regulatory practices affect financial inclusion among America’s 130 million credit union members, and not mostly focus on NCUA’s 1,100 well-educated employees,” he stated.
Hauptman cited the specific example of a Minneapolis credit union that had recently been hindered in its effort to obtain a federal charter.
Preparing for Potential Russian Cyberattacks
Chambers told the board the cybersecurity environment is “as volatile as it ever has been,” noting that the government officials have seen preparations for possible cyberattacks from Russia.
He said his office has continued to refine its information security program in an effort to ensure credit unions have the ability to recognize, assess, monitor and manage technology-related risks.
Agency officials are also examining a rule adopted by other banking regulators that requires financial institutions to report to their regulator a cyber incident within 36 hours of it occurring.
Harper noted the agency is in the process of revising its cybersecurity examination protocols, including procedures to scale the exam according to the size and complexity of a credit union.