Press

NCUA Board Chairman Warns of Interest Rate Risk and Cybersecurity Threats

WASHINGTON, DC (February 24, 2014) — The credit union industry turned the corner in 2013, but interest rate risk and cybersecurity threats pose major challenges, National Credit Union Administration Board Chairman Debbie Matz said today in a keynote speech to the Credit Union National Association’s annual Governmental Affairs Conference.

“Working together, we will be ready,” Matz said. “Let’s recognize, together, the progress that has brought us to where we are, then let’s discuss how we can build on that progress. By preparing together for risks on the horizon, we can secure a brighter future beyond the horizon.

Chairman Matz spoke to more than 4,400 credit union industry representatives attending the conference. The full text of her speech is available here.

Matz described a stronger industry in the wake of the recent financial crisis and emphasized NCUA’s commitment to regulatory modernization and to providing flexibility. She urged continued open communications with industry stakeholders and promised the agency would continue listening.

Matz then warned about two significant challenges facing credit unions: interest rate risk and cybersecurity threats. Both, she said, are already affecting the industry.

Interest Rate Risk Already Hitting Credit Unions
A growing economy, Matz explained, is putting pressure on interest rates, which are causing paper losses that can become real losses to credit unions. She urged the industry to avoid chasing short-term yields and instead keep investment portfolios that mitigate long-term risk.

“It’s easy to fall into the trap of chasing near-term profits by concentrating your portfolio in long-term investments, but falling into this trap will imperil your credit union,” Matz said. “Credit unions cannot afford to ignore this; ignoring rising rates is like pitching a tent on the beach at low tide. That tide is shifting. This swing from unrealized gains to unrealized losses marks a dangerous warning of things to come. Make sure your credit union is in a safe position.”

Attacks on Cybersecurity Taking a Toll
Matz described the growing threat of high-tech thefts of information and money from financial and retail institutions. She warned that cyber-terrorism may be an even greater challenge. Cyber-terrorists differ from cyber-thieves in their objective: Terrorists want to cripple or destroy critical infrastructure here in the United States, while cyber-thieves want to steal money.

“Attacks, intended to create disruption, can crash networks but can also serve as a diversion for more damaging assaults,” Matz said. “Imagine cyber-terrorists stealing passwords from your credit union and using your credit union as an entry point to gain access to every payment system and every vendor with which you have a digital relationship. Think about the damage they could do. The worst-case scenario doesn’t just deny services; it destroys security and dismantles systems.”

Matz revealed a new NCUA webpage featuring a wealth of information on cyber-threats, tactics and preventive measures. She also pointed out that President Obama has made cybersecurity a national priority.

“When it comes to taking security measures to protect the industry, we are all in this together,” Matz said.

At NCUA, Matz said, stringent security measures are in place to protect members’ information. NCUA is also partnering with law enforcement and intelligence communities and with other regulators in a new working group on cyber-threats. This is part of a broader, forward-thinking commitment to the security, strength and soundness of the credit union system.

Matz urged officials to protect their credit unions by working collaboratively with their information technology (IT) staff, vendors, and other credit unions:

• Implement appropriate risk-mitigation controls to better protect, detect and recover from cyber-attacks. This includes vendor due diligence, strong password policies, proper patch management, employee training and network monitoring.
• Make sure IT staff and vendors are on top of emerging cyber-threats. Hire experts who can be counted on to answer the very tough question: “Is my credit union really protected?”
• Get educated. Share cyber-security best practices with each other at league meetings, chapter meetings and professional groups. Participate in national information-sharing forums.

“Keeping a house in order requires constant maintenance,” Matz concluded. “Yes, the worst of the storm is behind us. The sun is starting to peek out from the clouds. So now’s the time to fix the roof.”