NAFCU writes to NCUA on proposed cyber incident reporting rule

September 27, 2022 by NAFCU Newsroom

NAFCU Senior Counsel for Research and Policy Andrew Morris wrote to the NCUA to offer recommendations on the agency’s proposed rule establishing a 72-hour period for credit unions to provide notice of a reportable cyber incident.

In the letter, Morris stated the proposed 72-hour timeframe to report a cyber incident to the NCUA would likely increase “administrative burden” for credit unions. To ease the burden of this rule, NAFCU gave nine recommendations:

recognize a compliance safe harbor for a credit union that makes good faith efforts to perform a reasonable assessment of a cyber incident;
clarify core terminology;
streamline communication with supervisory teams;
clarify the relationship between overlapping reporting standards;
avoid conflict with current and future cyber incident reporting requirements;

NAFCU writes to NCUA on proposed cyber incident reporting rule

Featured

Leadership is lonely—but you are not alone

Strategic planning vs. strategic thinking

Credit unions can play a role in preventing ‘supply chain’ cyber attacks

Order ahead, stay ahead: Exceeding member expectations

Stay connected to the credit union community with our free newsletter!

You have Successfully Subscribed!